I think I'd give this more credit if both the article about it and the distro's official website weren't all complete and utter AI slop. It's pretty cool idea generally, though.
IDK about the distro official website, but Abishek has been hand-writing "It's FOSS" since before the term "AI slop" even existed, so IDK where you got that idea, but that's real-human slop there.
Honestly, the actual Ageless website looks pretty human-centric, too.
What makes you think "AI slop" (besides the sheer ubiquity of it these days)?
I couldn't tell you. Not the guy you're replying too, but AI generated websites have... a smell to them. You learn to spot the patterns, even if I couldn't really name them. The Ageless Linux website absolutely does not pass that sniff test, and frankly only some of the text on the page does.
Having the age thing be at the OS level seems WAY safer than any kind of "send us your ID" crap, and on linux it should be as easy as just setting a birthday to 1/1/1970 in the installer if you aren't concerned about parental controls or whatever.
The way the law is written means the OS vendor is liable if the police discover <18s have been lying about their age, which means they're incentivised to actually verify your age.
From the ageless Linux page (admittedly I switched from AG to the police):
The enforcement mechanism is the point. AB 1043 does not need to result in a single fine to achieve its purpose. The mere existence of potential liability — $7,500 per affected child, enforced at the sole discretion of the Attorney General — creates legal risk for anyone distributing an operating system without the resources to build an age verification infrastructure.
Unless the law makes the distinction between knowingly and unknowingly incorrect data, then wouldn't the distributor would be liable if the age is wrong for any reason? Happy to be wrong about this.
No, that's not what the bill says. There's no responsibility for OS provider to verify the age of their users. They only need to ask the user at account setup what their ages are. If the user lies, they lie. The OS provider doesn't have any liability for that.
The liability comes in if the OS provider allows users to create accounts without asking them their age.
New Linux distro just dropped ... literally "Debian without OS-level age verification".
Even better and more interesting (also linked in the parent article) is their website, working to document the position of all major Linux distros on this issue, as well as getting ready to provide explicit tutorial documentation on how to rip OS-level age verification out of your distro of choice.
No word yet on Microsoft's position on the subject.
I find this really interesting. Fundamentally, I agree that age verification should not be within the purview of an OS, but at the same time given we're already in a world where websites are being forced to, perhaps OS level age verification is the lesser evil? It centralises the vulnerability and opportunity for data leak, so only one entity is doing the age verification instead of every website/identity provider
I don't think websites should be in the business of age verification either, exactly for the risk of data leaks. The safest way to store data is to never obtain it to begin with.
And if you want to protect the kids from bad websites, that's what parental controls are for. If you don't want your kid to see something and talking to them isn't working, push for better parental controls rather than this arbitrary surveillance.
For example the owner of a device could activate "child mode" on an account (without age verification) which changes the user agent on the device to have a child flag, and when you try to access websites and apps the vendor checks for the presence of the flag and disallows access. Then you have a law requiring vendors to check for the flag with strict penalties for non-compliance, pushing the burden onto the companies. I'm sure there are issues with this too, but my point is there are other ways to police access anonymously.
This feels like shooting the messenger to me, there's no burden or punishment for the providers of harmful content with this law.
Isn't that basically what we're doing here? The API the bill requires doesn't send the age to the website. It's in fact legally prohibited from sending the age to the website. It sends whether the user is in one of four age brackets, because there are different legal requirements per age bracket.
Having the OS report a pass/fail signal to a querying app or site is much better than uploading your biometrics and government IDs to eleventybillion different sites.
So long as that OS doesn't then also snitch on what sites you've been visiting to some other third party, keep a log of them or otherwise do anything nefarious with the data. Ideally it wouldn't keep it at all.
Once that's implemented though, the next logical step instead of self determined age, is to have the OS collect and process more robust identification data, so that it can do identity verification, as well as age verification.
I mean, we were fine with the first part right? That would only be a little more. And then, we could have ...
In an attempt to head off slippery slope arguments, I'd point out that the default position is /currently/ to upload government ID and biometrics. So arguing that that position is the mid game of OS level age attestation is not slippery, but rather based on evidence of current practice.
On the topic of ageless distros, NixOS is an interesting example, because it's not a distribution, but a configuration which you use to locally build your operating system.
kallisti | 5 hours ago
I think I'd give this more credit if both the article about it and the distro's official website weren't all complete and utter AI slop. It's pretty cool idea generally, though.
[OP] Eric_the_Cerise | an hour ago
IDK about the distro official website, but Abishek has been hand-writing "It's FOSS" since before the term "AI slop" even existed, so IDK where you got that idea, but that's real-human slop there.
Honestly, the actual Ageless website looks pretty human-centric, too.
What makes you think "AI slop" (besides the sheer ubiquity of it these days)?
delphi | an hour ago
I couldn't tell you. Not the guy you're replying too, but AI generated websites have... a smell to them. You learn to spot the patterns, even if I couldn't really name them. The Ageless Linux website absolutely does not pass that sniff test, and frankly only some of the text on the page does.
DeaconBlue | 4 hours ago
I feel like I am missing the core problem here.
Having the age thing be at the OS level seems WAY safer than any kind of "send us your ID" crap, and on linux it should be as easy as just setting a birthday to 1/1/1970 in the installer if you aren't concerned about parental controls or whatever.
infpossibilityspace | 3 hours ago
It's the "verification" part.
The way the law is written means the OS vendor is liable if the police discover <18s have been lying about their age, which means they're incentivised to actually verify your age.
tibpoe | an hour ago
That's not true at all.
infpossibilityspace | an hour ago
From the ageless Linux page (admittedly I switched from AG to the police):
Unless the law makes the distinction between knowingly and unknowingly incorrect data, then wouldn't the distributor would be liable if the age is wrong for any reason? Happy to be wrong about this.
papasquat | 37 minutes ago
No, that's not what the bill says. There's no responsibility for OS provider to verify the age of their users. They only need to ask the user at account setup what their ages are. If the user lies, they lie. The OS provider doesn't have any liability for that.
The liability comes in if the OS provider allows users to create accounts without asking them their age.
[OP] Eric_the_Cerise | 5 hours ago
New Linux distro just dropped ... literally "Debian without OS-level age verification".
Even better and more interesting (also linked in the parent article) is their website, working to document the position of all major Linux distros on this issue, as well as getting ready to provide explicit tutorial documentation on how to rip OS-level age verification out of your distro of choice.
No word yet on Microsoft's position on the subject.
rich_27 | 5 hours ago
I find this really interesting. Fundamentally, I agree that age verification should not be within the purview of an OS, but at the same time given we're already in a world where websites are being forced to, perhaps OS level age verification is the lesser evil? It centralises the vulnerability and opportunity for data leak, so only one entity is doing the age verification instead of every website/identity provider
infpossibilityspace | 4 hours ago
I don't think websites should be in the business of age verification either, exactly for the risk of data leaks. The safest way to store data is to never obtain it to begin with.
And if you want to protect the kids from bad websites, that's what parental controls are for. If you don't want your kid to see something and talking to them isn't working, push for better parental controls rather than this arbitrary surveillance.
For example the owner of a device could activate "child mode" on an account (without age verification) which changes the user agent on the device to have a child flag, and when you try to access websites and apps the vendor checks for the presence of the flag and disallows access. Then you have a law requiring vendors to check for the flag with strict penalties for non-compliance, pushing the burden onto the companies. I'm sure there are issues with this too, but my point is there are other ways to police access anonymously.
This feels like shooting the messenger to me, there's no burden or punishment for the providers of harmful content with this law.
papasquat | 33 minutes ago
Isn't that basically what we're doing here? The API the bill requires doesn't send the age to the website. It's in fact legally prohibited from sending the age to the website. It sends whether the user is in one of four age brackets, because there are different legal requirements per age bracket.
trim | 4 hours ago
Having the OS report a pass/fail signal to a querying app or site is much better than uploading your biometrics and government IDs to eleventybillion different sites.
So long as that OS doesn't then also snitch on what sites you've been visiting to some other third party, keep a log of them or otherwise do anything nefarious with the data. Ideally it wouldn't keep it at all.
Once that's implemented though, the next logical step instead of self determined age, is to have the OS collect and process more robust identification data, so that it can do identity verification, as well as age verification.
I mean, we were fine with the first part right? That would only be a little more. And then, we could have ...
In an attempt to head off slippery slope arguments, I'd point out that the default position is /currently/ to upload government ID and biometrics. So arguing that that position is the mid game of OS level age attestation is not slippery, but rather based on evidence of current practice.
pete_the_paper_boat | 4 hours ago
On the topic of ageless distros, NixOS is an interesting example, because it's not a distribution, but a configuration which you use to locally build your operating system.