Hacker News

IF it were for the kids - but I don't think it is.

> Making it slightly harder to access the internet fixes nothing.

This assumes it is about the children. But if you do not think so then it opens up new alternatives suddenly, be it from tracking people, to targeted ads or any other information that could be gathered and eventually either monetized or put in tandem with other information. We'd get age graphs that way too.

Before that we could speculate to some extent, but with mandatory age sniffing and id-showing at all times, those who track people and benefit from it, benefit now even more.

well, and this bill literally only makes you prove age to ... set up the device.

how are we in 2026 and phones dont have guest mode or "i handed it to my kid mode"

apple's guided access is a terrible 1% solution to the problem. in one click i should be able to put my phone into some kind of locked down mode that exposes only what is allowed, starting with nothing unless whitelisted, with multiple profiles.

in the same sense, all the streaming services having their own separate kids profiles, instead of the streaming device having a single kids mode that exposes only the kids mode content from each app makes kids mode useless when a kid can just change the app, or gets stick into a single provider and i have to go help them switch.

> Politicians will do any draconian measure to help kids except try and improve the lives of their parents so that they can actually dedicate time to parenting.

Because in their eyes your children are not your children. You are simply a custodian of their future work force asset. If you educate your children too much into individualism, they (today’s politicians) may see a diminished return of whatever they want to achieve.

And if you don’t agree with me on an emotional level, well, just remember the words of Elon Musk (paraphrasing): we need people to have children because we need to have workforce in the future. Translation: we need people to have children because who will work for us and makes tons of money.

If you have it too good, you aren’t dependent on them, you have all the carrots. They have no stick. They want to have the stick.

> Politicians will do any draconian measure to help kids except [...]

They are covering for and not prosecuting perpetrators in the biggest child trafficking and abuse scandal in recent memory -- the Epstein case. Let us do away with even a surface-level pretense that they care about kids at all.

I would rather them write a bill that says all kids are provided lunches at schools ("free lunch" if you will).

I believe that would help kids out much more than this shit bill would.

We can abolish prison right after criminals abolish crime. Also, most of the people in prison aren’t great role models.

[flagged]

This. We need to stop calling this “age verification.” You are uploading your full ID. Not your age.

Brazil just passed the exact same law, nearly unanimously. Even the wording and definitions are exactly the same. This is scary as hell.

This is horribly vague.

>a computer, mobile device, or any other general purpose computing device.

It leaves open to interpretation if it applies to all computers, or just general purpose ones.

Does a car count as a mobile device?

BIOS or now UEFI support basic functions of computers... Does that mean those should as well have On-Device age checks?

Thank you for the laugh in these dreadful times. :D

yeah there is no "one" provider in that example

[flagged]

It is literally just Meta. https://www.gadgetreview.com/reddit-user-uncovers-who-is-beh... https://old.reddit.com/r/linux/comments/1rshc1f/i_traced_2_b... https://tboteproject.com/

> is this one of these things where Meta doesn't want the responsibility for this

Very likely, given the legal liability they are already facing from the "addictive" court cases that are turning against them. Moving the liability for "age verification" away means they will not also be facing a huge number of court cases accusing them of showing an underage person adult age content provided they followed the law's proscribed "ask the OS for the user's age" requirements.

Also, note that only a few months ago Zuckerberg was in court testifying that the single best place to perform "age verification" was in the operating system of a device. Now, like mushrooms after a long rain, at roughly the same time up pop bills in nearly every statehouse, Congress, even Brazil, that all read nearly identically and that all are so broad as to require "the OS in anything with a CPU do age verification". The nearly identical text in each highly implies a single lobbying entity is behind all of them (it would be quite the coincidence that 50 state houses, plus Congress and Brazil, all write nearly identical bills independently). And the connection back to Zuck's court testimony of "age verification is best done in the OS" highly implies that the single lobbying entity is Meta, or funded by Meta to obtain this outcome.

Facebook. There's a wave of child endangerment lawsuits incoming and they want to head that off at the pass by having governments shift all that liability over to the OS vendors.

Detailed here: https://agelesslinux.org/lobbyists.html

Meta. Specifically to undercut Apple.

It must be OS responsibility because that’s the only place that allows the next step.

Everyone is so concerned with kids pretending to be adults, what about adults pretending to be kids? Any service that has any kind of private chat or picture sharing option will be a playground for “verified” kids.

Next step, “we must go further with the verifications until everyone is verified everywhere”. This is where the OS part comes in. Wish it was sarcasm.

Apple, Google, Meta and Microsoft. Maybe with a push from 3 letter agencies, because it makes their life easier.

Come join us on what I will call the “scatternet”, the globally distributed, offline-first, async network full of all the things that made the old Internet great.

Save a few ISOs of still-free OSes and hoard a few extra cheap computers. (You might also want to get a 10Mhz capable radio.)

Perhaps we could leave the crappy public internet and build better things behind Tor/darkweb.

I always felt this moment would come eventually. The trend is centralisation of power and control. It's depressing. It's been a long time coming at a slow but consistent cadence.

This is not the bill you're hoping for:

1. The text implies software should get access to your date of birth, rather than talking about age groups. If it becomes the case that websites can get your precise date of birth, this will be the ultimate fingerprinting vector that will put the fight for online privacy dead in the water.

2. The text talks about "verifying" dates of birth. This can only imply the involvement of face scanning or ID checking and third parties.

3. The text itself is very vague about details such as verifying, because it leaves many details entirely to the FTC, which recently announced they will stop enforcing privacy protections under COPPA for companies violating it to perform age verification of children[0]. So you can fully expect that if we are putting computing entirely in the hands of the current commission we will be probably screwed.

The text itself is less than 4 pages. I recommend reading it for yourself[1].

[0] https://www.ftc.gov/news-events/news/press-releases/2026/02/...

[1] https://www.congress.gov/bill/119th-congress/house-bill/8250...

No, this technical implementation is straightforwardly bad. The information flow and point of decision making are completely backwards as the bill was written by Facebook/Meta purely to absolve themselves of liability and foist it into others, including onto parents themselves!

The right way to facilitate parental controls with legislation is to put a requirement on service providers [over a certain number of users] to publish well-known tags stating the age suitability of their site/app/pages. Then put a requirement on mass-market device manufacturers [over a certain size] to include parental control software that can filter based on these tags. When parental controls are enabled on a device, any site/app without tags "fails closed" and doesn't display - meaning the open web and open devices continue to coexist with the tag system.

The key parts 1. the information signals flow the correct way, from the company with a well-known identity to the end-users' device where it can be acted upon per the device owner's desires 2. the legal liability lands in the right place - tags signify legal representations of the suitability of content and 3. the long tail of small-scale websites and devices are completely unaffected

This would also leave the makers of parental control software (bundled with device or third-party aftermarket) free to implement additional features that parents desire (eg block social media, even if the site says it's fine for <18), rather than leaving those decisions entirely in the hands of corporate lawyers (as this bill does, because once again it was written by Facebook/Meta).

> Trying to tell Bob Hacker writing an OS in his basement what features his code has to include feels a little too authoritarian for my tastes.

This is the one thing that risks getting the law struck down by a court.

It's always the same pattern. There is no way to protect the children while also preserving freedom. The rationale behind it is irrelevant. For this to work everything would have to be locked down right?

This is not in the interest of the people nor any children.

> Based on the few snippets quoted in the article, I think as written this bill gets closer to a good, privacy-preserving, non-authoritarian version of "age verification" than any of the attempts so far.

I think you are mixing up the bill this article is covering and the bill that California passed.

The California law requires:

• When setting up an account for a child who is the primary user of a device the OS lets the parent specify the child's age or birthday.

• The OS to provide an API that apps can use to find out if the current user is a child and if so their age range (under 13, 13 but under 16, 16 but under 18, 18 or older).

The bill in Congress requires setting age information for all users. It does not specify how that age information is to be obtained, leaving such details to regulations that the FTC will write.

So it's just an OS-level "I am over 18" checkbox. Essentially useless, except for removing liability from social media companies. As far as they know, every single device accessing their site legally testified they are over 18.

Agreed. Weirdly many people are against. This really seems like the best possible option. Actually helps parents as without this there is no way to enforce kid age. So instead of having it all per account and everything linked in most privacy invading way, just your OS tells the apps/browser whatever was set in there by the parent. I want this now!

> when will we put somebody in congress with a CS background who can literally just chime in and say "use Zero Knowledge Proofs for this, people might actually buy that you're not just building a surveillance state."

Well that would be counter-productive to actually building a surveillance state.

ZKP doesn't solve the problem of issuers colluding (or being forced to cooperate) with verifiers

https://www.eff.org/deeplinks/2025/07/zero-knowledge-proofs-...

https://nophonehome.com/

ZK is detrimental to the true cause of these bills: mass surveillance.

there is a significant population in management, court and law enforcement that does support state-mandated registration using full profile ID for using public infrastructure. It was on the railroad system in the USA, and was part of the profound shift to individual cars.

And there obviously gonna be market for "verified" devices. Not like there is anything at all that could stop people of any ages looking at porn.

Identify devices, not people.

Distinguishing between child-locked and unlocked devices is something any website should be able to do easily. Adult-only should be a config setting.

Vendors shouldn't sell unlocked devices to kids.

Then it's up to parents take sure their kids only have locked devices. (Or not, if they're okay with it.)

Sounds like a problem. Luckily it turns out my phone has two cameras and a laser dot projector pointed at my face right now. Not hard to imagine a future solution to this issue were we to pass this legislation, sadly…

Very plausible that they would outlaw this if these bills pass and consolidate. Would be seen as a loophole.

Reading the actual text of the bill, it seems like a first-boot date of birth prompt and everything else you’ve described is exactly what the bill is asking for actually.

If they are smart about it, they probably wont make older systems illegal but will merely let other parts of tech advance to the point that old systems become practically useless online. Like running a PowerPC mac online today, yeah you can just barely do it but very few do.

Short answer: No. Apple already caved in advance.

Longer answer: In the UK, Apple already implements age "verification" at the OS level, starting with IOS/IPadOS 26.4. If Apple had not implemented this, it would still be in compliance with UK law. Apple is anticipatorily obedient.

A company like Apple has visibility of the legislative pipeline in its markets. Looks like the UK was a test bed.

Lots of OECD countries, all at the same time, are pushing for online age verification or OS-level age verification, both equally intrusive and implemented in privacy-violating ways by conflating identity verification and age verification.

The end result is not protecttion of minors, but abolishing anonymity on the Internet. Social media companies claim to want the former, but in reality just want to shift liability to OS and device vendors. Governments happily accept the "side effect" of being able to find and root out dissidents.

I am continuously amazed by HN's ability to engage in apple pedestalism and ignoring everything else that goes against it.

They've already been pushing age verification out in several countries.

With the dawn of this bill I am finally building out my airgapped network.

I’ll be passing messages to and from the former internet using NNCP bundles. I’m planning to work on some interesting solutions for async communications over Nostr, with some alternate paths through radio for emergencies. Finally looking into steganography as well.

Hope to see you all there.

The federal one was introduced by Democrat Josh Gottheimer (D-NJ) and cosponsored by Republican Elise Stefanik (R-NY). This push is extremely bipartisan.

> Republicans may not like porn, but they put the onus where it belongs, on the operator, not on the OS.

While that might be true, I can't agree with the implication that this is better in any way. Having the onus on the operator forces you to have to send some form of verification out to all such operators you want to visit and they have repeatedly shown they are NOT capable of securely and privately handling that information.

Oh geez, wish I had vote for Republicans then :/

The difference isn't really in the politicians, it's in the base, and how they will react to acts like this. Democrat voters will shame them, endlessly. They may not have alternatives to vote for, but they won't change their opinion to match whatever dweeb they were forced to vote for. Republican voters will always be on board with whatever they're told to be on board with.

> Republicans may not like porn

I am certain they love it, given what kinds of businesses see a spike when the RNC comes to town.

More accurately, restricting it is a useful policy platform that helps them win elections.

I can list as many reasons as you'd like to vote against Democrats, but this just isn't one of them.

If anything, the GOP is worse on this issue.

> A bill introduced by Representative Josh Gottheimer in the House on April 13

Josh Gottheimer is indeed a Democrat.

Is that an option? Tell me more.

Yes, I am looking to sue to stop this insanity. If you're a lawyer reading this, please reach out.

Obviously it does not make sense to age verify root stuff. Also as root you can set whatever age you want to your accounts.

Just make your OS say you are 99.

This is all fine until they put some Id verification in. Then anything open is cooked.

The site "reclaimthenet" calls it age "verification", but it's not a "verification" at all. There's your mystery.

All the bill wants is that you can set up an iPhone for kids, an children account on Ubuntu (YOU decide whether it's a children's account) and then, presumably, the browser vendors implement an AgeAPI that allows website operators to query the user age.

Your device tells us you're 10 years old. Access to Instagram denied. Your device tells us you're 16. You're not allowed to visit gambling-porn-and-industrial-accidents.org

It's, of course, exactly the opposite of the "identity-tied age verification government-control, ID-document-leak" dystopia that the scare crowds here are peddling. But you'll never hear a word of acknowledgement from them.

These people act as if those "I'm 13 or older, i can create an Instagram account and waste my life" or "I'm 18 or older, let me watch porn and strangle my girlfriend" buttons are the peak of civilization.

They have dropped all the decision making for the details in the lap of the politically controlled FTC. Which also means that future FTCs could change the rules based on political goals.

I find it somewhat easier to read here: https://www.congress.gov/bill/119th-congress/house-bill/8250...

I appreciate the brevity of the bill, but it delegates a lot of discretion to the FTC to regulate things like "How an operating system provider can verify the date of birth of a parent or legal guardian", so it's up to the discretion of someone in the executive branch as to whether GNU and/or Linux will have to scan your driver's license and upload that scan to some government contractor's servers, say.

> interesting to see how the Linux hacker community reacts

We already saw that: some eagerly implemented this stuff, some rejected.

I mainly post in Usenet and IRC, and download PD movies (seriously) and books. I don't pirate any more because even current pirated media it's somehow a free advertisement for these people.

From Gutenberg, PD comics from the golden era -and pulp scifi-, noir movies, old weird science/fantasy series in B/W and whatnot, I'm pretty much covered. Ironically most current scifi media can be traced to...Bradbury novels, PKD's paranoia and some Weird Science comics.

Once 1984 gets into PD, that's it. It is in Canada, but you can read it online as long as you don't download or share it:

https://gutenbergcanada.ca/ebooks/ebooks/orwellg-nineteeneig...

That's pretty much the California law.

I wish there were a way to fire lobbyists. There is no feedback loop, they can be as bad as they want and never suffer a minute for taking away peoples rights.

We still have to provide a way for people that don’t have (smart) phones, but I would absolutely implement asking the phone instead of a 3rd party when available.

We don’t gain anything from asking a 3rd party. In fact it costs money per request.

Those were all almost completely useless because they were before the text of the bill was released.

Yes, it's a recurring pattern also seen in European politics.

> Much of the USA accepts "gun deaths" as an unfortunate but acceptable price that must be paid for the widespread freedom to own guns.

Much of the USA recognizes that "gun deaths" are caused by criminals who aren't going to follow any gun laws in the first place.

Have you thought about what replaces the US once they're irrelevant? Because it's probably something much worse.

As a parent this is perfect. I am baffled why this is not a standard yet. So setting an account age in Netflix works but the child can access anything. Make new accounts even. So I have to block half the internet. Somehow. On a shared computer. And all companies would have to get your ID and track that. It's crazy.

This compromises 0 privacy until it requires an ID. EU solution actually does and only supports specific devices.

Some people really need shit spelled out to them. This does a great job of doing that in a small package.

> they can come up with Thanos' idea of wiping out 50% of the population and politicians would do it as long as Zuckerberg or anyone else in the techno bubble asked for it.

Stay tuned. With mass unemployment/underemployment there’s gonna a be a lot of “extra” people.

In short: you seem to want the Internet to parent your child. I have kids and do not want any of this for them, because all of it is a slippery slope to falling deeper into the surveillance state.

As a parent: do your job and take responsibility for your kids. While it's not trivial this also isn't overly complicated anymore.

The problem is with government mandates.

Apple and Google already ship OSes with comprehensive APIs and parental controls. There's not even any porn on the iOS App Store by policy.

Creating liability for random OS and app developers is absurd, and foreign porn websites aren't going to comply with this anyway.

I can understand the "baby mode" desire, but as the other reply pointed out, this does not need to be legislated. The big OS companies can easily offer this feature for those that want it.

I'm curious though about all this porn that apparently hides behind a rock on the device and leaps out to corrupt tiny minds when they least suspect it.

Shock websites aside, pornography generally doesn't ambush you. Unless you're a republican giving a presentation and have no idea how that porn got in there.

And, AB1043 specifically exempts websites, so it doesn't protect anyone from the goatse's of the world anyway.

These bills will not do what they purport to do, but they will do a whole lot of bad stuff.

There's already like 17 different parental control solutions out there for every device platform. You can and should use one and don't let your kid go to any website or use any specific app without your approval first.

> "there's a baby driving"

Why does your baby need internet?

> We do want a way to signal there's a kid driving a device.

Which is extremely irresponsible. It creates a false sense of security and abandons your child to the whims of strangers. This seems akin to putting a "please don't hurt me" sticker on your child and then letting them roam around downtown unsupervised.

> But if we can just have a way to put bright orange vests on devices that require special treatment

There is software you can already use which will lock the device down and only allow it to go to pre-approved sites. I'm unwilling to give up any of my civil rights for your level of convenience above this.

I have a kid. Actually two kids. They have their usage controlled by google family. I review weekly their internet usage, screen time is limited to 2 hours/day. They dont have social media. School research and etc, they do at home, in the "main computer" in our dinning room. Youtube too. In the end is our responsibility to educate and protect our kids. I truly dont see a need for such extra controls if the parents aren't interested in enforcing it.

You wouldn’t drop a toddler in the cbd and expect them to be fine, why would you expect a device to be any different?

You need to be a parent and stop expecting the people around you to do it for you.

Edit: and there are already device level parental controls.

Or just don't give your child unfettered access to screens. There is zero reason your child needs x unmonitored hours with YouTube or Netflix or a browser or anything else.

You put your child in the driver’s seat and expect others to make sure it doesn’t make a wrong turn? Did you really have to give it the keys to this hypothetical car instead of, say, LEGO?

I think you should just give your away children in servitude to neo-feudal overloards. You're halfway there. You clearly don't want to be a parent.

Like the authors of these bills, you appear not to understand the technology.

Consider AB1043. It mandates that applications check the age of the user each time the application is launched.

Think about what that means when you run `make` in a source directory. How many times is the compiler application launched?

https://en.wikipedia.org/wiki/Anticipatory_obedience

This needs to be simply fought because it's a measure that is supposed to fight the reluctance of the society, not actual problem. For the actual problem it's ineffective. This will be met by surprise once it's fully implemented and new, worse measures will be proposed. Hence, it needs to be cut off as early as possible to spare everyone the trouble.

This bill requires actual verification and leaves it up to the politically controlled FTC to determine how this should happen. It’s a disaster.

> The Parents Decide Act solves the self-reported-birthday problem by demanding something verifiable, which in practice means a government ID, a credit card, a biometric scan, or some combination.

> However, Gottheimer has not specified which. The bill does not either. It’s up to the FTC to decide.

No, derangement is declaring "The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end." without fighting it at all and just mindlessly accepting it because you were told it was going to happen.

It should be really easy to get your bank account information then. You're just going to give it to me, right? What is this? You're fighting me tooth and nail instead of celebrating giving me your banking info?

Well, perhaps your mental model of the actual objections to it are incomplete. There are a few problems and I'm curious what you have to say about them. First, "The benefit of this is that it can short-circuit support for more onerous age verification". Do you think that it "can" or that it "will"? Big difference. It could also go the other way, right? Opening the door to a more onerous version? Why do you think that isn't worth considering? Secondly, "This is probably the least bad out of all possible ways to implement age checking". What about parental controls that exist already? Someone seriously tried to tell me last time that parental controls "suck", but that's irrelevant, they don't have to suck, and in fact anything can suck. That's just happenstance. So, assuming parental controls were correctly implemented, why do you think this is "least bad" including parental controls? Thirdly, this "age verification" doesn't actually verify anything, because underage people can just choose "adult" anyway. What do you have to say to that? In that case, parental controls actually give you more power, and make this new age check completely obsolete. Thoughts? Lastly, maybe you're not from the USA, but we have a concept of "free speech" which includes the idea that people cannot be "compelled" to certain speech. If people were required to add a "sign here to confirm you're an adult" in every romance novel, that would be fine right? It's also a nothingburger, right? But then, you've compelled people to put something in every published book. Actually, that's a bad analogy. We should say that ALL BOOKS require this signature field on the first page. After all, we don't know what kinds of expletives and horrible things people might have written in the margins of the book (assuming it's being sold second-hand). That would be okay with you, right? Nothingburger? But it compels people to write something, and that's a door most legal scholars know not to open.

> The writing has been on the wall for some time now: the era of completely unrestricted internet is coming to an end.

And books..? And the newspaper? What if a child reads about a horrible murder in the newspaper that keeps them up at night? What if the government outlaws books and newspapers because they can contain bad things? We'd better add a "adult/ not adult" checkbox to the first page to "short-circuit support for more onerous age verification".

You are probably mixing up this bill with the California law, which its title kind of suggests it would be similar to but it isn't really.

least bad way to implement age checking is just asking user

[flagged]