Archr

@Archr@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨GrapheneOS refuses to comply with new age verification laws for operating systems — group says it will never require personal information⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
That only bans the use of anthropic for government use. So no government entities or contractors could use it. We already do this for some other companies. BOD 17-01
⁨Comment⁩ on ⁨Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
But. That’s the point. If no one breath tests then the car does not start. Hence it being an ignition interlock device. The whole point of the device is to stop drunk people from driving. If there is a sober person then obviously the drunk person should not do the test since that would lock the car.
⁨Comment⁩ on ⁨GrapheneOS refuses to comply with new age verification laws for operating systems — group says it will never require personal information⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
“lawyers” can’t bring charges for this law. Only the AG. If people don’t like what the AG is doing then they can just start a recall election.
⁨Comment⁩ on ⁨Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I am not sure on what interval they do but from what I have read online and from talking with someone I know who has one. They constantly phone home. Even when parked and turned off. This means that it will drain your battery and if you don’t drive for long enough (from what they said a week or two) then you can end up with a dead battery. Additionally, when driving, the device requires the driver to re-blow every 45-60 minutes. So the driver needs to pull over and test again otherwise their alarm will go off.

As far as what tampering prevention mechanisms they have I have no idea. I would assume they keep that as secret as possible.
⁨Comment⁩ on ⁨Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
The device doesn’t just phone home while driving. It does it constantly. It’s likely that any tampering would alert the vendor and by proxy the court.
⁨Comment⁩ on ⁨Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Not sure that I would really agree that these are backdoor. Since disabling the vehicle remotely is kinda the express intention of this device. Just a consequence of how they designed them to not be circumvented by the operator.
⁨Comment⁩ on ⁨Did we win?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Fuck Verizon for this exact reason. Never buy from them direct if you can help it.
⁨Comment⁩ on ⁨Intel Demos Chip To Compute With Encrypted Data⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
FIPS updates/approvals always take a long time.
⁨Comment⁩ on ⁨System76 tries to talk Colorado down over OS age checks⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Just to clarify the law does not allow your os to transmit your dob. Only your age bracket.
⁨Comment⁩ on ⁨System76 tries to talk Colorado down over OS age checks⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
But that is effectively what this bill does, just rather than a check box it is a date entry. There is no verification requirement. Only indication (attestation).
⁨Comment⁩ on ⁨MidnightBSD Bans Users in Brazil and California, Warns More Regions Could Follow⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
You are right. I have no additional response to this that would not make me sound like an asshole.
⁨Comment⁩ on ⁨MidnightBSD Bans Users in Brazil and California, Warns More Regions Could Follow⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
I’m sorry I am really not seeing what you are referencing from your link. This appears to be a link to the state administration manual which deals with how departments in the state of California operate.

This does not appear to be a law especially when you look at the procedure for revising the SAM.

Responsibility for updating SAM content is assigned to authoring state departments

Ie. Not assembly members.
⁨Comment⁩ on ⁨MidnightBSD Bans Users in Brazil and California, Warns More Regions Could Follow⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
exasperated sigh I don’t want to get too deep in it with people again. Here is a link to the California law and some clarifications. (I cannot speak for the Brazilian law as I am not from Brazil)

…legislature.ca.gov/…/billTextClient.xhtml?bill_i…
- The law does not require ID verifications it only required that a parent indicate the age of their child when setting up their account.
- The law’s definition for operating system provider includes “general purpose computing device” so no, your toaster, microwave, and fridge are not included. (please remember that legal definitions do not always match how we would use the term in everyday conversation)
- An “accessible interface” is not well defined here. But it could be as simple as a system call rather than a REST API call. Similar to open file or malloc. (this means no centralized government server storing the data)
I have said this in other posts, but the linux community sticking their heads in the sand and pretending these states don’t exist just leave MS, Google, and Apple to decide how this is implemented. I am glad some distro maintainers are taking this seriously and looking at what is the minimum they would need to implement to comply with the law.

To be clear I do not support this law. The definitions are written so loosely that it leaves much of it up to interpretation. It is clear that they did not meet with anyone in the industry before voting.
⁨Comment⁩ on ⁨System76 tries to talk Colorado down over OS age checks⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
The intentions for the law?

AB 1043 offers a scalable, privacy-first approach that helps keep kids safe while holding tech companies accountable. -Assemblymember Wicks

This ia a quote directly from the author of the bill link for reference.

Now of course the obvious question many people might ask is “are they being truthful?” But that is a question that people will have to answer for themselves.
⁨Comment⁩ on ⁨System76 tries to talk Colorado down over OS age checks⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Just want to clarify something about your comment since it feels like you have not had a chance to read the law yet.

(this is in reference to the Cali law but I am told the Colorado one is basically identical). The Cali law does not, in any way, require ID verification, it only requires that a parent attest to the age of their child when setting up an account for them.

This is not my argument for this exact law or any of these laws. I just want to make sure we all understand what we are talking about before going for the pitchforks.
⁨Comment⁩ on ⁨System76 tries to talk Colorado down over OS age checks⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
While I can’t comment on any case law surrounding compelled speech. I don’t thing that this would qualify as compelled speech.

Just based off a quick web search it seems that compelled speech is more about the government telling news organizations to report what they tell them.
⁨Comment⁩ on ⁨System76 tries to talk Colorado down over OS age checks⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Can you provide any sources for these? Maybe a california legislator saying they plan to do this? Or a proposed law? Otherwise it is just the slippery slope fallacy. While that doesn’t disprove what you said it does not provide a valid argument for it either.
⁨Comment⁩ on ⁨System76 tries to talk Colorado down over OS age checks⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
How I understood it would be that the api could be implemented as an API contained within your os. So it would be more equivalent to comparing it to a system call like open file or allocate memory than a REST API.
⁨Comment⁩ on ⁨System76 tries to talk Colorado down over OS age checks⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
This is just the slippery slope argument.

The California law does not require verification. Only attestation.
⁨Comment⁩ on ⁨System76 tries to talk Colorado down over OS age checks⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
The California law does not require age verification. Only attestation. From what I have heard the Colorado one is basically identical.

The NY one I have heard is more stringent. But I have not read that or the Colorado one.
⁨Comment⁩ on ⁨California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I fully agree, the definition of application is too broad and should be revised. But how do we revise it without also introducing loopholes that companies can exploit.

All the law requires developers to do is receive the signal and treat that as the primary indicator of the user’s age and to comply with applicable laws (ie. things you should have been doing already anyways).

For applications like ls (which let me be clear that I do not believe this app should be covered by this law) it could be as easy as requesting the signal from the OS, deciding that the user’s age bracket does not matter for your execution, and just performing as usual.

They should really limit the definition of application to just social media apps. (which would likely include things like irc apps).
⁨Comment⁩ on ⁨California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Yea they have to ask for your age bracket. That’s not the same as an ID.

I agree, the definition of an application is much too broad. And should be revised. But the difficulty is how do you restrict it without also creating a multitude of loopholes for businesses to exploit. At the very least we should restrict it to applications whose primary purpose is to interact with the internet.

And before you say it, yes I am aware that that still leaves many apps like curl, wget, ssh being covered. But it could be a start.

Or maybe just restrict it to social media applications. I am not a lawyer, I definitely don’t have a great grasp of how to create the type of language that is appropriate for laws.
⁨Comment⁩ on ⁨California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
It prevents apps from asking for additional ID verification. I’d rather my os ask me for a number I am able to lie about that to have to send my ID to 30 different apps and data aggregators.

Many people say that we should put more responsibility on the parents for what their kids are allowed to do online. This law does that.
⁨Comment⁩ on ⁨California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Sorry it is really hard to understand what you are arguing here.

If you don’t want your info (whether you are an adult a teen or a child) to be shared with “owners of apps that are on the Epstein list”, then don’t install those apps. There is nothing in this law requiring you to download any particular app.

If an app were sending this data to a third party, like palantir, then they would be in direct violation of this law.

If you were expecting to be able to leave decisions about your personal privacy and security to any governing body then you are in for a sore awakening. You should be well aware of how privacy and security are things that we have to take personal responsibility for.
⁨Comment⁩ on ⁨California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I agree until this law there was no reason for my os to know my age. This law creates that reason.

Any law can be bad if we take into account the imagined future possibilities. Should we outlaw electricity because it might be used in some way to make nukes?

If lawmakers try to issue further requirements for ID or facial scans then we can fight that. But until then there is nothing in this law that affects me outside of needing to enter a number less than 2005 when I setup my OS.

If you don’t have any kids then you literally can’t be fined under this law.
⁨Comment⁩ on ⁨California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
No… The law literally says that if you make a good faith effort then you are not liable.

An operating system provider or a covered application store that makes a good faith effort to comply with this title, taking into consideration available technology and any reasonable technical limitations or outages, shall not be liable for an erroneous signal indicating a user’s age range or any conduct by a developer that receives a signal indicating a user’s age range.

Also the 2500$ is only for negligent violations.

Look, I don’t want linux to leave Cali. I have primarily used linux for the past 8 years and have no desire to use windows anymore than I have to. But, as you said, the linux community throwing their hands up and deciding to exit Cali and Colorado is just playing right into Microsoft’s desires.
⁨Comment⁩ on ⁨California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
The law actually has a specific provision preventing both os providers and developers from sending your information to whoever they want.

And the OS is only allowed to send the minimum information that is required. Ie. your age bracket.

Send only the minimum amount of information necessary to comply with this title and shall not share the digital signal information with a third party for a purpose not required by this title.
⁨Comment⁩ on ⁨California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
I mean yea. If you don’t make a good faith effort to implement this age attestation page and api to allow apps to pull from it. Then yes. You would be liable.

You could of course decide to not provide to residents of California and Colorado. No one is forcing you to provide for either of these states.
⁨Comment⁩ on ⁨California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
There is not requirement in the bill to prevent users in specific age brackets from accessing certain content or applications.

It simply defines that a method for age attestation (not verification) must exist and that the age bracket data be made available to apps and appstores.

The people who decide what age brackets can access would be the appstores and the developers.

I will concede that using the word “controls” for the OS provider could be misunderstood. What I would assume is that they are meaning control as in the person/entity that provides updates for the system. Ie, MS, Apple, Linux Foundation, Canonical, etc.
⁨Comment⁩ on ⁨California introduces age verification law for all operating systems, including Linux and SteamOS — user age verified during OS account setup⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
… That is literally what this law does.

When a parent creates the account for their child they specify the age. If the parent decides to lie or circumvent the system and it affects their child then they would be fined.

Just to be clear the law itself says absolutely nothing about actually verifying the age.