California Law Demands Age Verification in All OSes, Including Linux
Why is this OperatingSystems meme funny?
Level 1: Carding the Sandbox
Imagine a new town rule that says every sandcastle must check the builder's ID before being built. Sandcastles made by companies with offices in town? Fine, they'll hire an ID-checker. But most sandcastles are built by anyone, anywhere, with free sand from a communal pile — some are even built by robots that make thousands of castles a minute. Who checks the robot's ID? The picture shows a politician proudly announcing this rule while everyone who's ever touched sand laughs, because the rule imagines a guard at a gate... for a beach that has no gate, no fence, and mostly no people.
Level 2: Why Devs Are Laughing
- Linux isn't one product. It's an open-source kernel that anyone can package into a distro (Ubuntu, Debian, Arch, Alpine...). Nobody "owns" it the way Microsoft owns Windows, so there's no single party a law can compel.
- Account setup on Linux is just a command (
useradd/adduser) or a config file. Servers create accounts automatically with no human present — a cloud machine (like an AWS EC2 instance) can be born, create users, do its job, and be destroyed in minutes. - Age verification mandates usually target platforms (social media, adult sites). Extending it to operating systems means verifying the age of... whoever runs an installer? The 4,000 containers your CI spins up nightly?
- Compliance burden: when laws don't match technical reality, companies implement symbolic checkboxes while actual enforcement is impossible — pure cost, zero protection.
The first time you boot a Linux server and realize there's no "sign-up" — just you, root, and a text file — is the moment this headline becomes funny forever.
Level 3: Compliance Theater Meets useradd
The screenshot is a verified PC Gamer tweet reporting, deadpan:
A new California law says all operating systems, including Linux, need to have some form of age verification at account setup
— over a link card of Governor Gavin Newsom, navy blazer, microphone in one hand, fist raised mid-gesture like he's personally about to enforce a PAM module. The comedy isn't manufactured; it's a real headline colliding with how computers actually work, and developers can hear the collision from orbit.
The core absurdity: Linux has no account setup authority. "An operating system" in legislative imagination is a product — Windows, with a Microsoft account funnel and an OOBE wizard a vendor can be ordered to modify. Linux is the opposite of that in every dimension that matters for enforcement. It's a kernel plus thousands of independently assembled distros, maintained by everyone from corporations to one Estonian volunteer, downloadable as an ISO with no vendor, no storefront, and no telemetry. "Account setup" is useradd alice — a one-line syscall wrapper any process with root can invoke, including a shell script, a Dockerfile, or cloud-init at instance boot. The channel author's caption lands the killing blow: "imagine age check for each new instance eg ec2 you spin up" — because in modern infrastructure, "accounts" are created programmatically millions of times a day by machines for machines. Is the autoscaler eighteen? Does a Kubernetes service account need a driver's license?
This is the recurring tragedy the meme taps: tech legislation written against a mental model fifteen years stale. Lawmakers regulate the artifact they can picture (a family PC at setup) and accidentally describe an unbounded set of things they can't (containers, VMs, embedded devices, your router, the seventeen Linux instances inside your car). Open source makes it worse for them: there's no legal entity to fine when the "vendor" of your OS is a Git repository and a mailing list. The realistic outcome — and every compliance engineer reading this already knows it — is not enforcement but selective theater: big commercial vendors bolt on a checkbox, the law is technically unenforceable against everyone else, and a thousand-comment orange-website thread argues about whether FROM ubuntu:24.04 now constitutes child endangerment.
The deeper irony: the gaming press covering it signals who actually feels the splash zone — age-verification laws aimed at content keep ricocheting into infrastructure, because legislators keep mistaking layers for products.
Description
A screenshot of a PC Gamer (@pcgamer) tweet on X.com with the headline: 'A new California law says all operating systems, including Linux, need to have some form of age verification at account setup'. The embedded link card from pcgamer.com shows California Governor Gavin Newsom in a navy blazer holding a microphone and gesturing with a raised fist, with the same headline overlaid at the bottom. The humor for developers lies in the regulatory absurdity of mandating age verification in Linux - a decentralized, open-source ecosystem with thousands of distros and no central 'account setup' authority - highlighting how legislators write tech laws without understanding how the tech works
Comments
63Comment deleted
Can't wait for `sudo useradd --verify-age` - enforcement handled by an unmaintained PAM module compiled from an AUR package
It just requires either the birthdate or age to be set for an account along with an API to access the age range (not the age/birthdate) Comment deleted
Wouldn't be difficult to add support even on headless systems, though I doubt it even applies there Comment deleted
Another instance of a politician, that doesn't know what he is talking about Comment deleted
Did you ever read the proposed law? Comment deleted
Not yet Comment deleted
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043 Comment deleted
So, what is the purpose, and how are they going to verify the age? Comment deleted
they aren't really verifying age, just providing a age signal that apps and sites are expected to trust Comment deleted
I have been reading the law from your link. As I understand it, the law is way more reasonable that the text in the post suggests. The bill is titled "Age verification signal", but in the text they don't ask for formal verification. They ask to have a field when you setup your account on the OS where you can put either a birthdate or an age bracket. Then the OS should provide an API to query the age bracket of the user (under 13, 13-16, 16-18, 18 or more). App dev should query the info and provide/restrict feature according to that age bracket. The law asks that app don't forward that info to 3rd party. Comment deleted
yup Comment deleted
It doesn't matter that it looks more reasonable, it will not effectively be reasonable. Even the thought of that law is unreasonable and it's cost is absurd and retarded, like almost everything the government does Comment deleted
What do you mean by "it will not effectively be reasonable" ? What I wanted to say by "more reasonable that the post suggest" is that when we have "some form of age verification" written, we think of ID verification or facial recognition. But the law just ask for self reported age, like on the Steam store page. So I think the post is at least deceptive, if not misinformation. I'm not for or against that law, I just don't like misinformation. Would you rather give your birthday date to telegram and every other platform that requires it to use their services ? Or enter it once on your OS and it would just tell the telegram app: "yes this user is above 18" ? As for the cost for app dev, its easier to program an API call to an OS than making the UI that ask for your age, then store it securely etc..., even if both are not hard to do. Comment deleted
I'd rather not provide any personal information, as it isn't necessary. Also, laws like these are a slippery slope. They start with something "simple and agreeable," and then later evolve into draconian measures of control - which is exactly what will happen in this case. Comment deleted
Yes sure I also would prefer not to share anything, but private companies love to ask for data to use their free services, unless there is a law to prevent that like GDPR, it's their right. As for the slipery slope argument that a logical fallacy so I cannot really argue with that. Comment deleted
Being a logical fallacy doesn't mean it's wrong, as it's been proven time and time again with these kind of laws. Also, the problem isn't private companies asking for data, it's the government. You're not obligated to give your data to private entities. Comment deleted
And between governments and privates - privates are smh more trustworthy to me. Comment deleted
The problem with these sorts of laws is they open the gate to add the actual verification in the future. There is parent control software you can install as a parent if you are worried about your children, you can set up website whitelisting for your children's accounts. Putting age restrictions in the domain of what the government does or in the domain of what the software devs are responsible for is a mistake. Look at the UK, that is the end of this path and it starts with these kinds of laws. Comment deleted
I agree that it should be the parents responsibility to active parental control on devices. Then the dev should query that API and display content accordingly. Comment deleted
Maybe they should, but the laws usually dictate what you must do. That is not the governments place to tell companies how they must implement age control, especially in terms of a blanket rule and not specifically in regards to nsfw content like gambling Comment deleted
But at the very least, why is this compulsory even in cases where there are no and maybe will not ever be any apps for the OS that are age-restricted and talk to the Internet? Like firmware for calculators, as I have seen people talking about Comment deleted
As I understand it when I read it, the law only applies to OS with accounts. So it would not apply to OS that runs on embedded systems. As for OS with admin account, like for router, servers, etc... I don't know. This should have been better defined in the law in my opinion. Comment deleted
Of course there is no guarantees that an 8 year old won't encounter gore IRL, but is that possibility alone a reason to give up on preventing exposure through a display ? I remember being a bit disturbed by some killings in movies that were rated above my age when I was a kid already. I'm glad I did not find war footage or worse. But at the end of the day I would say, the reasons to prevent some contents are to try avoiding potential trauma or addictions that could affect kids way more than adults. Other stuff like: believes, ideology, etc.. are not restricted and I don't think this is seriously considered by lawmakers, at least not in EU/US. (you can maybe find some exception of course like everywhere). Comment deleted
This gives even more ways of power on a child and the legitimacy to use it to the IRL parents and can increase the risks of that Comment deleted
Sorry, maybe I misunderstood, when you say "the legitimacy to use it to the IRL parents and can increase the risks of that", what is "it" and "that" in "the risks of that" ? Comment deleted
I wanted to say, this gives even more means of power on a child and the legitimacy to use this power to the IRL parents and can thus increase the risks of encounter gore IRL (as children are more isolated and deprived of rights and maintained in control by their parents in the country, that what such laws signify) Comment deleted
I'm sure root comes preverified Comment deleted
Can't wait to see Persona being integrated into Linux kernel Comment deleted
Why parents and government can classify people into four age groups to impose restrictions on access to information and communication, why is this fine at all? Comment deleted
Information isn't just an inanimate toy. A grown up with a strong stomach and broad worldview can probably take anything without much effort, but when you expose children they may develop trauma or erroneous beliefs Comment deleted
and how does one develop a broad worldview? Comment deleted
live long enough to see the real world Comment deleted
How can you see the real world then, and not only a small part of it that surrounds you that can be arbitrarily horrible? Comment deleted
But that’s the point! Access to information available on the Internet and a possibility to talk to people online and collaborate with them can allow some children to discover more diversified ideas than that of their biggoted parents, develop a better worldview than one imposed by the dictatorship they live in, and to socialize and participate in shared activities with people when it is impossible to do so with ones comprising their violent surroundings Comment deleted
Do you even know what you are talking about? There are people who spread extremistic or suicidal ideas exatly to the children. It may affect only one or two at most through internet. But what happens after it does affect someone? The kid goes and shows it to his friend which also gets interested. Others become curious too, but later it may spread uncontrollably because of peer pressure Comment deleted
How is it possible that all the authority pressure of the society, parents, teachers, classmates, textbooks not be stronger in the peer ground than some craze some child read somewhere? Comment deleted
because authority is not persuasive Comment deleted
Access to free, uncensored information is a human right. Doesn't matter how old you are Comment deleted
No, it's not, wtf? Is it my human right to see your full uncensored medical history? There is absolutely information that is restricted for a good reason Comment deleted
Any human may know how to do anything - just because. Any argumentation against it is the same as "why do you need to decide for yourself? Just do as told" (knowledge is prerequisite to freedom, and censorship is already borderline on slavery) Comment deleted
Any human can know anything, that doesn't mean anyone should easily get any public info Comment deleted
No, it absolutely means. Or scrap info from public space if you don't want it accessible. But then info isn't public. Note: debate on what should be public info is separate Comment deleted
Removing public info from the public domain is called censorship Comment deleted
Fair. Then absolutely don't allow leakages) afterall, pipe bomb recipes have leaked years ago, many drug syntheses also have. Take care of the private details such as crypto keys, passwords, sensitive document IDs, etc. Ppl already do this. Comment deleted
Sure, my original point is that there is no human basic right to uncensored information Comment deleted
But you literally cannot access uncensored information, if you can access it - it's by definition public. Like having a right doesn't imply having an ability. But reverse holds. Comment deleted
Having a human right to unrestricted uncensored information implies that censorship is against human rights, I am saying that it's not Comment deleted
Even though they're incredibly easy to make. Just stick any explosive in a pipe and cap it, pipe bomb Comment deleted
kids are free to access that, nobody is gonna arrest them for watching some nsfw by accident It's just will not be flashing all over the screen if they accidentally search something similar Comment deleted
That is a good question actually. I think there are thing that are more or less obvious to me like gambling or graphic/gore footage when you are 8 year old, but for the rest I would agree with you. Comment deleted
The thing is, in the society there are no effective guarantees that a 8 year olds (which are in almost complete control of their powerful parents) will not see this “gore” closer to them than on a device screen… Comment deleted
it implies telling them what to avoid exactly Comment deleted
Well parents may actually just not notice Comment deleted
that happens now and will happen in the future, and it's a cost that has to be beared Comment deleted
Well maybe it's better to focus on educating parents on how to better teach their children how to use the internet then invest in a fucking surveillance state? Comment deleted
Of course it is, yes, there is a whole separate discussion about this in the actual chat Comment deleted
Is this sarcasm? Comment deleted
Ah, but in this last message I talked about IRL experiences too Comment deleted
The parents do not necessary have this know-how themselves Comment deleted
Suddenly all people in California stopped using electronics Comment deleted
When the grid collapses due to all the EVs, they will. Comment deleted
Me (seeing age verification): January 1st, 1900 looks like a good year... Default age, here I come! Comment deleted
Go back to Windows 3.1, without accounts... Comment deleted