As of today, about half of all U.S. states have some form of age verification law around. Nine of those were passed in 2025 alone, covering everything from adult content sites to social media platforms to app stores.
Right now, California’s Digital Age Assurance Act (AB 1043) is all the rage right now, which targets not only websites and apps but also operating systems. Come January 1, 2027, every OS provider must collect a user’s age at account setup and provide that data to app developers via a real-time API.
Colorado is also working on a near-identical bill, which we covered earlier.
The EFF’s year-end review put it more bluntly: 2025 was “the year states chose surveillance over safety.” The foundation’s concern, which I concur with, is, where does this stop? Self-reported birthday today, government ID tomorrow? There appears to be no limit to these laws’ overreach.
Bet Microsoft is behind this.
Actually, when being grilled by congress, Mark Zuckerberg proposed exactly this solution: OS level age verification.
It’s actually being pushed by social media companies to take the heat and responsibility off of them.
this is the pipeline to fully
trustedrestricted computing.Linux couldn’t possibly comply properly with these new restrictions? Consumer grade prebuilts and laptops now only run “certified” operating systems, just like most mobile devices.
Surveillance and censorship are the ends, “age” (identity) verification is the means.
The very day I hear that my os is asking people their age is the day I find a different one.
Told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you so told you-
The problem with Linux for the government is that it has a unique ability for being easily modified by users. You sure can force some very popular distros to follow these laws but you cannot force less popular distros made by enthusiasts to comply. Especially if those enthusiasts live not in your country.
Unfortunately, it falls right into the whole authoritarian taking control, surveillance, and manipulation push that became not only pretty open in activities but also pretty transparent through published findings and contextualized previously published materials. Seems likely that it’s all connected.
Age verification today. What other BS surveillance info tmr?
The most practical solution is probably to “not sell Linux in California anymore”. I guess distributions could geofence the iso download page for plausible deniability and then that’s that, right?
Who the hell is “selling” Linux?
Red Hat.
The other distros? No idea.
I knew someone was going to come back with Red Hat. I just didn’t expect it to be you!
Hey even I use Linux daily.
Actually, I’m not really sure why “even I” should be shocking. I write code for a living. Surely I should be using Linux once in a while.
Anyway RHEL is probably the only Linux distro I can think of that costs money and comes with support. The major cloud providers sometimes have their own Linux distros they use as well (looking at you, Amazon) and you can argue they are selling Linux, but not as directly as RHEL does.
I’d like to go back to KDE Neon, but it doesn’t play nice with thermals on my Surface.
(and I totally expect you to be a Linux user … why haven’t you bragged about using Arch yet?)
why haven’t you bragged about using Arch yet?
Well Manjaro is Arch-based, but it feels like cheating to say that. Anyway, I used Manjaro, btw.
The offical linux shop, obviously – though your local PC sales/repair shop can probably order you a copy. I understand that Linyos Torovoltos grew up under communism and originally couldn’t legally sell Lunix, but the Soviets lost the cold war decades ago.
I’d rather spend a few bucks for a legitimate copy than risk installing some virus infested illegal version off some sketchy website.
I went to your second link and I think it gave me a virus. I keep having these verbal tics now.
Oh no, that’s the first phase.
You need to get your computer to an A+ certified tech and have your OS reinstalled ASAP. If you delay you’re looking at a lifetime of buying old Thinkpads off the Internet.
That security guard has a tiny head.
Age Verification Laws
The most misleading title ever. They are surveillance laws
No, they are censorship laws aimed at preventing young people from accessing certain types of information that specific groups don’t want young people learning about, such as their sexuality, concepts like atheism, and safety information regarding drugs.
No. History taught me one thing only: if they say they want to protect kids, it’s never about the kids. It’s a slogan that helps to sell unpopular laws
If you think blocking access to knowledge about sexuality, atheism, or drugs is actually protecting children and not about a controlling and unpopular law I don’t know what to tell you. Because it’s clearly not actually intended to protect children as much as it is to block inconvenient information to help indoctrinate children to be compliant and unquestioning.
Yeah, I think you’re arguing with clouds. This person isn’t saying these aren’t effects or even objectives of the age verification effort, but it’s a little silly to say, “No, this isn’t about surveillance, it’s about stifling LGBTQ and atheist progression.” It’s just so tunnel-visioned.
You could’ve even said it’s about centralizing education as a whole and that would’ve been better encompassing. I agree, that’s a bad thing. But it’s absolutely not the full picture.
They want to bind your id with the device you use and restricting queer kids from discovering that they’re queer is the best thing you have in mind?
Exactly, they have all this already established laws to protect kids, but everyone seem pretty chill about pedofiles
Yeah. Surveillance is covered already.
Time to get a permanently offline machine.
Overkill. Just find the illegal no-age-collection ISO. Installing with your middle finger raised is optional, but recommended.
Presumably even if Linux must provide a means of reporting an age, you can always modify that distro to always report the oldest age?
Yes
The California law is just "put this column in your DB and make a getAge() call.
sysctl user.legal_bullshit.pretend_age_quote_verification_unquote=99Watch that land on distros everywhere.
Wait, so instead of me telling every website I’m 90, I’ll tell my OS I’m 90 and the sites will query that, and this somehow works better? I’m not 90 btw, so all I’m doing is just changing who I’m lying to from zyn.com to Fedora? Great plan.
They know people will do this. It’s only stage 1. After this system is integrated, they will complain that people are misusing the feature and it needs to be upgraded to ID or biometrics. Boiling the frog.
The thing about doing age verification at the OS level is the user could just install a crack that rewrites the necessary code. It’ll take some heavy DRM type stuff to block that. Possibly hardware support, like a specialised TPM.
No way can that be standardised and then rolled out quickly. If they rush it then it’ll be some proprietary power grab.
The alternative is each website and app does it separately which will be spotty and provide endless security breaches.
It’ll be a shitshow either way.
The thing is, this shouldn’t really be a problem.
I am still against where all this age verification crap is coming from, and I’m against what specifically “age verification” entails; but here’s the thing: We keep saying, “It should be the parent’s responsibility to secure their kids”—and while that’s true, you can do all the talking and educating you want, but the fact is, the internet is now nigh-fully integrated with our lives, and unless you are surveilling your kid at every moment they are on the internet (don’t recommend), not every parent has the time, resources, or know-how to keep their children safe on the internet without help.
So to play naive for a moment and ignore the well-understood reality that “child safety” is an atom-thick veil for mass surveillance: Why did we give up so fast on device parental controls? The info being stored on the OS / user settings actually isn’t so bad of an idea if the implementation valued both safety and privacy. Upon setting up the device or account, it is the parent’s responsibility to create a password or biometric or whatever to activate/deactivate the safety mode. No personal information required. It should be pretty easy. Are there technically ways for the kid to get around this? Yes, but that’d be breaking the trust. In the same way you’d deal with your kid sneaking out of the house, you deal with that separately. The existence of websites that don’t perform the check is inevitable no matter what you do.
And if you don’t believe your kid needs a safety lock on the internet, then that’s your prerogative.
It’s apparent that many parents need a more convenient tool available to them, but privacy doesn’t need to be compromised in order to achieve a safer internet. I got lazy while writing this, and I’m sure that’s clear in some spots, but I’m just gonna post it. There’s possibly something huge that I’m overlooking, so I’ll just let someone else point it out.
It’s a bit crazy to think about how things have changed. When I was a kid, the only computer in the house that was online was in the office/living room, so my parents could walk past at any time and see what I was up to. This was in the MSN beta days, and I was usually in teen chat, which, given the beta, meant that we were all teens whose parents had gotten prerelease Win95 discs (actually, in my case, it was the head of my high school math department who “loaned” me his CD).
As a result, it was pretty chill. Having your phone at all hours and no oversight seems an absurd situation.
You’re not overlooking anything. You hit the nail on the head, these laws are about surveillance and censorship and that’s why they’re being implemented in the worst and least privacy respecting way possible. The next step is to make sure it’s impossible to circumvent by enforcing locked bootloaders and secure boot. Phones are 90% of the way there already and it probably wouldn’t be too hard for them to fuck up the desktop/laptop side of things either.
The issue still remains that with a check like this, who is to say what content need be age-restricted now lies with the state. They could (and will) restrict content and information that I think my kid should have access to, and it will be a bit all-or-nothing.
Provided the above, I’d say the centralizing of information is the chief concern @[email protected].
I don’t know what a satisfying and achievable solution looks like here with that considered.
My Linux is not ever going to have any age verification.
I’m not living in those backwards contry and if that push ever comes to shove, there will always be way around it. It’s the beauty of open source, no entity is liable to comply. And we’re in the brink of ad-hoc internet which would render that stupid centralized and overgoverned shit to zero.
