Notices by Sarah Jamie Lewis (sarahjamielewis@mastodon.social)

It is not enough to not comply in advance.

We must be building our systems - both technological and social - such that they actively reject these kinds of intrusions.

Boiling it down, every single request stemming from "age assurance" / "age verification" / "identity verification" is part of the slow but persistent fight against general purpose computing (itself but one front in the never ending struggle for human freedom)

The idea that you should be able to do anything without seeking permission from someone else is so abhorrent to some people they demand reality twist itself into absurdities to satisfy their need for authority.

I was aware that reason and competence had long left the halls of UK governance but "We need the software to prevent camera operators taking nude images" is remarkable in its ridiculous dystopia.

Researching the history of <thing>, find a blog post by a standards body ostensibly authoritative about history of <thing>

Blog post references <book> published in <year> by <people> - it's even linked, amazing!

Click on link, get taken to library of congress archives, to a page about not <book>...a mislink maybe?

Nope, after many minutes of searching, I come to understand such a book never existed, neither did <people>.

Not really sure what I should be taking away from this story.

I think I'm coming to accept that there exists a significant portion of humanity for whom words are merely decoration with no underlying purpose or meaning.

Also please enjoy this capture of a sat flying past.

Camera telescope testing last night, wasn't the best seeing, but I always love a taking a nice photo of Jupiter + moons.

Woo my first time resolving Jupiter's bands!

Testing out a new telescope camera, chance encountered a bird catching a ride on a thermal.

My takeaway on the current state in Canada is:

- An OS can mandate age collection (as long as it stays on device)

- Mandating such collection will face issues.

- Deployment of an OS that mandates age collection could be an issue

- Any attempt to use that collected data will face issues (especially if developers are required to be deemed to have collected it)

- some draft legislation floating around is fairly conservative in application (e.g. requiring explicit collection opt-outs) likely because of the above consideration

- consent of collection/use/distribution also kind of interesting, much of the guidance around data consent explicitly treats persons older than 13 differently when it comes to consent to collect/use/process information i.e. parental/guardian consent may not be sufficient for many applications (including computing access)

Fun conversations attempting to game out the question "to what extent is [an OS mandating data collection] / [mandating OS data collection] related to age legal in Canada?"

- Big difference between the acceptability of applying collection at the point of service of a restricted activity v.s. mandating general collection, even if it stays on device.

- Charter FoE rights likely come into play when it comes to mandating the existence of parental controls, optional or otherwise.

Something I really really want to emphasize here:

The "age verification" bit doesn't really matter. Even as far as mandating the existence of parental controls is debatable in many contexts.

The "developer liability to know personal information" bit is an existential threat to free software. And the bit that deserves defending from every possible angle (freedom of speech, expression, and privacy law to name a few)

https://mastodon.social/@sarahjamielewis/116178334950236964

IMO the most concerning part of these laws is still the obligations imposed on developers rather than the OS side.

But I didn't anticipate the speed to which system developers would move to implement and accept these awful proposals.

https://mastodon.social/@sarahjamielewis/116212470386958367

The extent to which core linux projects are laying the groundwork for age verification is very concerning.

I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.

But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.

Again to really hit the nail on the head since I am getting some replies about "how will they enforce this"

The age verification part is no enforceable, just enter 1/1/1970 as a birthdate.

The requirements on operating systems and developers to implement and use the functionality is very much enforceable against any developers/maintainers who reside in impacted states, and any projects who have significant ties to entities in those states (think: grants/funds/donors/conferences/offices)

@dalias soliciting donations/ accepting funding/sponsorship / hosting conferences is also commercial activity.

@dalias Distros that are large enough to have a meaningful answer to the question "does there exist in a reasonable nexus under which we must assume liability under Californian or Coloradan state law (/however many other jurisdiction this legislation eventually pollutes into)"

Where I think this will end up:

Most commercial providers has been to slowly merge their mobile & desktop operating systems.

Android / ChromeOS are blending together
Mac / iOS are blending together

Both are very app store focused.

I suspect that eventually both platforms will at some point make the age bracket API call a global mandatory requirement.

Windows and Linux distros will likely trend towards a restricted mode for under-18 users, where such an API is available but not required.

The way I expect this to go down is that Android/iOS/etc. will roll out an age bracket API call in the near future and tie that API call to some set of foundational permissions (e.g. internet access / file access / etc) - they have done this in the past, notably for API deprecation.

A minimally invasive implementation of this will likely only restrict apps running if the OS itself is being run in a kids-mode .

(But that isn't what the laws actually require)