Haiku actually does have accounts, but the “setup process” happens in a text editor.
The same can be said of all the *nix operating systems post-install: they usually have a useradd or adduser command, but you don’t have to use it to create an account; you can just edit the files directly.
The only sensible way to read the law is that (as the plain text of the law says) the operating system is required to provide (but not to require) a mechanism for the account creator to specify an age of the user.
(And, again, that only applies to operating systems that are based in or dependent upon a presence in California, since otherwise California law has no jurisdiction over that operating system. I Am Not A Lawyer, but that that part seems obvious.)
Frankly, that the EFF isn’t all over this demanding injunctions against is the most depressing thing about it.
A reasonable way (if we need to comply with that law) would be to ask this in FirstBootPrompt, at the same time where you pick a language and keyboard layout. Just a popup menu with a list of age brackets to pick from and an extra option “not a resident of California”. Then we can write this to some setting file and document it for applications to access if they need to.
It is meant as a kind of parental control measure. You can create an account for your children and set a flag that says “this is a kid account”. Then apps and websites could check that and prevent the kid from accessing adult content. That’s all. It’s in fact a quite simple and non-intrusive solution. No ID checks, no webcam face scan to try to determine your age from your look.
But if the kid account has restricted privileges and cannot change the setting by itself, it does provide some safety. Sure, there are ways around it, and that means the kids will have to learn some computer hacking skills.
Overall, this seems a pretty reasonable way to do it, compared to actual age verification systems which would intrude much more on privacy.
The law explicitly says that the operating system is not supposed to do any verification of the actual user age, and cannot be blamed if the setting is wrongly configured, or if someone let a kid use a computer with an account declared as “over 18 years old”.
Streaming services with 18 rated content (so, all of them, really); Discord with groups marked as potentially having 18 rated content; websites that could potentially have 18 rated content. All asked for ID or for easily fakable video call age guessing stuff.
When I used my SIM card that routed data back through my EU ISP, I could get in again.
The mechanism has to be present even if they admit that it can’t work reliably and none has to use it…
How long did they take to issue such thing? I suggest a law to replace politicians by IA, they are an even bigger waste of resources and at least we would know why things are going wrong. LOL
This is the way that this kind of things are introduced: Like the boiling frog story, this laws are incrementally introduced. Now is just a “self attestation”, but tomorrow they will require another thing, and then, when you realize it, they will ask you for an ID and face scan to be able to login in your computer.
The same approach was used for web pages in the past: at the beginning, they only asked "If you are an adult”. Now, in some countries like Spain an UK, they ask you to validate your identity.
My custom CPU design is looking like it will use a large, custom instruction cracker instead of a kernel or boot firmware. FPGA based for maintainability, single instruction set architecture for warm boot, cold boot and shutdown procedures. It’ll be like not having an OS in some cases, nor needing one. C64 BASIC is not an OS. A bytecode compiler is not an OS, unstable instruction sets are not trackably consistent.
The year is 2027. @chaplintokyo logs in to a favourite website from his Linux / BSD /Haiku box:
“We regret that we cannot display this page as we were unable to retrieve compulsory age-related information. Please log in again from a commercial operating system”.
I don’t like that it is de facto rejecting responsibilities on the os and on parents when the problem is existence of those websites and their inability to put in place an age verification that works in decades.
Social networks, IA and porn sites are run by such poor companies…
I think that if the OS is acting as an escrow at the edge of the network, vouching for the age bracket of the user without divulging any privacy sensitive information, it will be preferable to giving access to the user’s ID to the social networking and other random online services whose security ethos and practices we have no way of knowing.
That’s the problem. It can’t replace real age verification on websites. Otherwise, the excuse will be the same as it always has been. “It’s not my fault if they lied on their age.”
