I was curious at what the actual legislation says so thought I’d post some relevant snippets that I found interesting and some of my own thoughts as someone who contribute[s,d] to NixOS.
Here are the links:
Colorado legislation: SB26-051 Age Attestation on Computing Devices
California legislation: AB-1043 Age verification signals: software applications and online services
The Colorado legislation is mostly the same as CA from what I’ve read so I’m just going to highlight the points for CA.
“Operating system provider” means a person or entity that develops, licenses, or controls the operating system software on a computer, mobile device, or any other general purpose computing device.
So, I think anyone who forks nixpkgs could potentially fall under the category of “operating system developer”. Clearly this bill did not have open source operating systems/development pipelines in mind. As implied by other users in this thread, I suspect the only real point of enforcement will be hardware vendors and their out-of-the-box operating systems.
“Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications
So, in my view, nixpkgs probably falls into this “covered application store” category – but again, anyone can fork it, modify it, etc. – there’s no reasonable way to enforce this as literally anybody could fork nixpkgs, redistribute, modify, etc.
Ages they care about:
(1) Whether a user is under 13 years of age.
(2) Whether the user is at least 13 years of age and under 16 years of age.
(3) Whether the user is at least 16 years of age and under 18 years of age.
(4) Whether the user is at least 18 years of age.
These are my summaries of the assertions they make for operating system providers:
- Provide a way for a user to indicate their age bracket in the operating system
- Provide a way for a developer to consume the age of the user (see above for the ages)
- The operating system/app store must enforce restrictions around apps and age limits (I’m assuming not allowing users to install apps that are not appropriate relative to their age)
They have a list of constraints for developers of applications but I don’t think they’re very relevant to NixOS so feel free to read those if that is interesting to you.
People – I’m guessing operating system developers – in violation of the title shall be subject to a fine:
not more than two thousand five hundred dollars ($2,500) per affected child for each negligent violation or not more than seven thousand five hundred dollars ($7,500) per affected child for each intentional violation
Due date in CA:
This title shall become operative on January 1, 2027.
I suspect that significant applications like Chrome will be updated with standards around consuming this data and present it to web applications, if there isn’t already work around this.
Regarding the point on System76, I also wanted to add that System76 is based in Colorado and probably must comply to keep persisting.
Note: As a US citizen, self-identifying Linux and privacy enthusiast, and a human being I am very against all of this and also don’t want to see this in my preferred operating system but wanted to be educated on the bill 