According to an opinion piece at The Register, California's is vague and nobody knows, including the law's proponents: https://news.ycombinator.com/item?id=47398798

In the original article there are some blue underlined words. “California” is one of them. If you click it, you will get a nifty video answer to your question.

Depends on the law. Some of them say that the age range must be provided to all applications through an API, and all apps and “app stores” must filter content based on this value. Others say that this isn’t enough and you actually have to verify the age based on some commercial scheme like CC or ID verification. Some say you have to send the age to websites. Many of these laws seem to be in direct conflict about what is allowed and not allowed.

In all cases, at least in the US, these laws violate the first amendment (as code is a form of speech), and freedom respecting users and devs need to resist them until they can be defeated in court.

Honestly the laws don’t consider open source operating systems at all. They’re meant for the overwhelming majority who are using commercial operating systems. They imagine something like android or iOS or windows where yeah they ask the question during user creation and then handle the age gating in their app stores, anything outside that model isn’t something they’re going to spend any time thinking about, because why would they?

I believe the California law (which has passed) requires operating systems to collect the DoB or Age of the user when setting up a user account, and then expose an API that shares the users age range (not their actual age or birthdate) when requested by an application.

It does not require the OS to actually verify the age, collect government IDs, or any other data.

The intention, I think, is to put the responsibility for communicating the users age on the OS, instead of having each application or service do their own age verification (by scanning IDs, requesting user data, etc). Since it’s set on the machine, a parent can set it once for their kid when setting up the device.

The short answer is that a lot of states now require KYC by service providers under the guise of adult content prohibition, "protecting the children", or mass surveillance. So the service providers like Facebook are trying to foist off the responsibility to the operating system. The pesky details of storing and managing PII becomes Somebody Else's Problem, and if the operating system implements an easily bypassed KYC e.g. a simple check box and then the kid get radicalized or get exposed to problematic content, the service provider can just shrug and point the finger at the OS. In other words it shifts the responsibility to the lowest level instead of the platform companies.

Here is the exact text of the california law, make your own opinion.

https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml...

What I got out of it was that an os has to provide an interface to applications so that if they make an age request(note that the law says nothing about when or what applications will make a age request) the os can provide something. and it has to provide an interface for the user to enter the information.

So when we map this requirement onto the mechanism of how the os provides information to applications. and how users set up the system. I have come to the conclusion that compliance on a unix-like platforms is as simple as

echo ${AGE_CATEGORY} > ~/.config/ca_ab_1043

Then the program can get the age category anytime it wants to. the user is able to put this information in at account setup just like the law asks using an accessible interface, the same interface everything else on a unix-like platform uses, the shell.

That is already in the works, atleast the base for it.

https://news.ycombinator.com/item?id=47436240

Systemd seems to have only implemented a place to store a birthdate. I doubt they will do anything else.

Wait, are there reasons to use omarchy beyond being a DHH fan?

Setting your age 8-12 probably bans you from using Gmail and other online services

8-12 will be used to argue that age verification isn't enough. They are pushing this stuff to track everyone, especially children.

Not enough, the user may get someone else to wear the strap for them. The only solution is Neuralink(tm) with a built in secure element and DRM to ensure that content is delivered directly from the source to the age verified user’s brain, without any so called “analog hole” through which minors or non-paying users could view the content.