California recently passed a law that requires age verification for operating system accounts.

No doubt, the lawmakers who penned this dubious piece of legislation were thinking of the typical Microsoft Windows setup experience.  If you get a new Windows laptop, you sign up with your Microsoft account.  In California’s mind, this should require age verification so some child can’t create an account.

The reasoning is likely the desire to have that age verification flow on to various application or service gateways.  So in theory, if you create an account as a 7-year-old, that account status (“this is a child”) will be available to sites that publish adult content so they say that account can’t access our material.

As posted on the ubuntu-devel list:

At its core, the law seems to require that an “operating system” (I’m guessing this would correspond to a Linux distribution, not an OS kernel or userland) request the user’s age or date of birth at “account setup”. The OS is also expected to allow users to set the user’s age if they didn’t already provide it (because the OS was installed before the law went into effect), and it needs to provide an API somewhere so that app stores and application distribution websites can ask the OS “what age bracket does this user fall into?” Four age brackets are defined, “< 13”, “>= 13 and < 16”, “>= 16 and < 18”, and “>= 18”. It looks like the API also needs to not provide more information than just the age bracket data. A bunch of stuff is left unclear (how to handle servers and other CLI-only installs, how to handle VMs, whether the law is even applicable if the primary user is over 18 since the law ridiculously defines a user as “a child” while also defining “a child” as anyone under the age of 18, etc.), but that’s what we’re given to deal with.

Yes, this really is as ridiculous as it sounds.

So what happens if, for example, OpenBSD ships a version without this new age verification scheme?  Because I guarantee they’re going to.  What if I create Raindog Linux, don’t implement this, and put the ISO on for download?  Is California going to send agents to my home to arrest me?

The whole idea is absurd.  But then, cloud-mandated OS accounts (like the typical Microsoft login) are also absurd.  When I login to my PC, I login to my PC.  If I want to also login to Google, Microsoft, whatever, that’s fine, but why are those steps unified?  No one asked for that.

This will be unpleasant.

raindog308

Raindog308 is a longtime LowEndTalk community administrator, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.

As an avid user of LowEndBox providers, Raindog runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.

Beyond the command line, Raindog is a lover of German Shepherds, high-quality knives, target shooting, theology, tabletop RPGs, and hiking in deep, quiet forests.

His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.

You can find him daily in the forums at LowEndTalk under the handle @raindog308.