A State Government Tried to Regulate Linux; It Went Exactly How You'd Expect.

So California is trying to regulate Linux

and let that sink in for just

a second, guys, a state government, the

same state that can't seem to figure

out how to keep the lights on

or you know, is on fire.

Every couple of months has passed

a law that legally requires open

source operating system developers,

including hobbyists, to build in age

verification systems into that software

or face fines per child. And

if you're thinking well, it only

effects. California residents. No, it it

doesn't, sadly. Sit down and buckle up

because this one has some real teeth to

it and we're not going to pull on

every single one of them. But I am

going to break down exactly what this law

says, why it is technically absurd. Why?

The privacy implications are genuinely

alarming, and what's already happening in

response? Because one BSD project already

told California to go # sand.

Stay with me, guys, because this

is getting wild. OK, so the

law in question. Is California Assembly

Bill 1043 officially called the Digital

Age Assurance Act. You can read

the full text for yourself. I'll

link it in the description. And

Governor Gavin, inner Governor Gavin

Newsom signed this into law on

October 13th. 2025 it takes effect

January 1st, 2027, which for those

of you keeping track, is less

than a year away. These data

goal, as always, is to protect

children from harmful content online,

which sounds noble. Right. We all want

to protect the kids. Great. We love that

for us. But there's a problem because

there's always a problem when you are

pushing these types of laws under the

guise of protecting children. And it's

the mechanism they choose to achieve that

goal. Call requires, and I'm

going to be quoting directly from the

bill here that an operating system

provider shall, shall, not, should,

shall, OK, provide, quote, unaccessible

interface at account setup that requires

an account holder or indicate the birth

date. Age or both of the user

of that device for the purpose of

providing a signal regarding the user's

age bracket to applications available in

a covered application store. A lot of

words there, but basically what they're

saying is you set up your OS and

then you are immediately asked. For

your age and then the OS

is required to maintain a real

time API live standardized interface that

broadcast your age bracket to every

app that asks for it. This

is convoluted and complicated and I

missed the days. When you didn't need

your e-mail address to set up windows,

like it wasn't even that long ago, you

had that little option in the bottom that

says proceed without a Microsoft account

and that seems to be gone now. So there

are four age brackets that they are

requiring under the age of 13. 13 to

1516 to 17 and 18 plus. And according

to the law, every app in a covered

App Store can query the OS for which

bucket you're in and without you

explicitly consenting to each individual

app doing so. Check on your age. Let's

talk about who operating system

providers. Actually includes so when most

people hear operating system they think

Microsoft, maybe Apple and yeah, Windows

already just nags you for your date of

birth during account setup and wants to

eat your first born a child. Not even

just, you know, have your first born

child and then Apple's ecosystem. It's

like just this walled Garden City

and these are both comply right

that that's fine. But the build

language doesn't say Microsoft and Apple.

It says all operating system providers,

which means Windows, Mac OS, Linux,

Free BSD, Steamos. In any open

source OS, this is insane. This

is genuinely stupid. Leave Linux alone.

Linux is not a company. There

is no Linux Inc headquarters in

Sacramento that you can serve this

ridiculous subpoena to. The Linux

kernel is developed by thousands

of amazing contributors across the

planet. Individual distributions or

distros like Ubuntu, Fedora, Arch

or Mint are maintained by

communities, nonprofits, and in some

cases just. People, sometimes one

person even, and it's just sometimes.

This is a guy in his

garage who really likes terminal

emulators. And now California is telling

that poor guy you need to

build age verification into your OS

installer. And have it like an

always online little pinging server for

this or you'll be fine. What?

Leave Linux alone. It's our last

bastion of freedom if we want

to untether ourselves from these

extremely egregious and and corrosive.

Operating systems. If I could do what

what I'm doing now on my Windows machine

on a Linux distro, which is super, super

close, I I'd be out of Windows. A lot

of my other systems are not using

Windows. If we're getting there, guys,

we're getting there. But this, this might

kill my dream, OK. Fornia might

be killing my dream because

these fines straight from the

bill. Here are the fines

$2500 per affected child for

each negligent violation and $7500

per affected child for each

intentional violation. How they're going

to decide between the two? I guess

Gavin Gavin's going to choose, but I

mean per child, just for example.

Multiply that across even a small user

base in California, a solo developer,

poor garage guy maintaining a Linux

distro could be looking at. Financial

ruin for simply not adding code they have

no idea how to add, or no desire to

add or can't have the stupid server

interface that's always online. Like it's

not as simple as just adding like this

little age thing that you could just

store somewhere in the computer. They

need it to be pinged. Now

you need server infrastructure, and like

Linux, software was never really designed

to work this way. Let's just set

aside the enforcement absurdity for a

second here and talk about what this

law actually creates from, I don't know,

a privacy standpoint. The OS level age

signal isn't just a one time check during

setup. The law requires A reasonably

consistent real time application

programming interface, meaning this age

bracket becomes a persistent queryable

data point baked into your operating

system. Every app that wants to know your

age. Rocket can ask, your OS will tell

them. And now the law doesn't require at

least currently face scans or government

ID because like, I could just lie about

my birthday, right? But the law does

carve out some liability protections for

operators making good faith efforts for

now. And here's the thing, it creates

the architecture for something much

bigger. Because once that API exists,

once the plumbing is in place, expanding

what it transmits is just a software

update away in the minds of these

idiotic lawmakers. The loom. Journal

pointed out exactly this. The vague

wording of AB1043 is a blueprint, not

a ceiling. And we've seen this playbook

before. You build the pipe and then

you fill it. Now think about what

discords age verification in the UK it

looked like. Security researchers found

that the verification provider they were

using, Persona, was running 269

individual verification checks on user

data, including checks tied to terrorism

watch lists and espionage records. For an

age check. An age check, guys, we

all know. But this is doing under

the guise of protecting children. And

California, for its part, passed this

bill unanimously. Both parties 0 dissent.

Which tells you one of two things.

Either every single legislator in

Sacramento fully understood this law and

thought it was fine, or. Nobody,

actually. I'll let you guess which

one based on your level of

faith in our current government system.

But there is a little bit

of a beautiful side to this

whole asinine situation in California.

The Linux community's immediate reaction.

Was basically cool law we're not doing

that Linux be still my heart over on

the Linux Mint subreddit for example user

Cato domain. I love usernames they're fun

to try to pronounce it put it plainly

saying even if Mint added age

verification to comply with California.

To quote, there's no reason anyone would

choose that version. Which yeah, that's

kind of the thing about open source and

why I love open source. You can't force

a fork right? Like if Linux Mint ships

a California compliant ISO, someone will

just ship a non compliant. ISO the next

day, like the law has no mechanism to

stop that. Or you know, maybe some of us

tech savvy people are able to code around

it even when we have it installed. I

mean, the what? What are you going to do

about that? It's my own computer. Am I

going to get fine?There's no kids in

this house. Like whatever. Come on,

Gavin. But the best response I think

comes from Midnight BSD. Midnight BSD is

a BSD based operating system, and their

response to this law was to modify

their license to explicitly exclude

California residents. From using midnight

BSD for desktop use effective guess when

January 1st, 2027. The exact quote saying

until we have a better plan, we

modified our license to exclude residents

of California from using midnight BSD for

desktop use effective January 1st, 2027.

Boom. That state just got banned from an

operating system. California got elected.

Like, I don't know what's funny or

terrifying or both. Probably both. Now,

my heart does hurt for the people of

California who want the freedom of using

their own operating system, but I mean,

this is peak FAFO here. You know Efron

find out and for you know all these big

businesses and governments loving their

ELA's like yeah get yelled California is

not obviously it's not all of California

whatever OK now here's where this stops

being in California only problem because

that's only a temporary solution to be

real because. First, California's market

size is the largest state economy in the

United States and one of the largest in

the world. So when California mandates

something, companies frequently comply

nationally. It's just not cost effective

to ship different versions of your

software for different states. So what?

California demands everyone often. End up

getting and that's not hypothetical, it's

actually documented in tech policy

history. So I'll put some links in the

description if you want to read more

about that. But second, Colorado is right

behind them because of course they are

hard. Colorado has a Senate bill 26. Dash

051 titled Age attestation on computing

devices, which would require exactly the

same thing. OS level age verification,

similar fine structure for the entire

state. It hasn't passed yet, but it's

in motion and I hate it. And

Colorado matters because. Like

California, a ton of tech and software

developers have offices or legal presence

there to both states pass and enforce

similar laws, and indie developer

maintaining an open source OS could be

catching firings from 2 directions

simultaneously. Louis Rossman, the right

to repair advocate. Weighed in on this

too, and he flagged something important.

The law assumes most software

distribution happens through app stores,

but there's a huge ecosystem of software

that doesn't use app stores. The law

doesn't cleanly account for that. And of

course a minor can just type. The

big birthday. There's no verification of

the verification at the moment. It's

performative compliance, not actual

protection. Even Governor Newsom himself

acknowledged in his signing message that

the law may need further refinement and

ask the legislature to address some of

the. Framework issues. In 2026, he signed

a law he admitted wasn't finished. If

that isn't just peak California, I don't

know what else is. But look, I'm

not going to sit here and say

protecting kids online is stupid. It's

not. Kids shouldn't be stumbling into.

Content designed for adults. There's a

real argument that maybe the adults in

the room should parent their children

better. But like, I do get why

legislators want to address some of these

problems, but this law doesn't actually

solve that problem. In fact, so far,

I don't really see any law claiming

to solve this problem as solving this

problem because what it's actually doing

is creating a surveillance infrastructure

and calling it child safety. Because

here's why. One, there's no identity

verification you type. In a birthday,

just any birthday, and the OS accepts it.

And a curious 11 year old who wants to

lie about their age is just going to lie

about their age. Duh. This has been true

of every age gate ever built on the

Internet, and it will continue to be true

here. To the real vector for

harmful content. Reaching kids isn't the

OAS setup screen. It's social media,

it's app content, it's recommendation

algorithms, it's lack of parental

parenting. I get the world is

busy but. It's the lack of

parents being involved here and this law

doesn't touch any of this in any

meaningful way. It slaps a you must be

this tall to ride sign on the OS

installer and calls it a day and then

three of the burden falls on the wrong

people at 15%. Nonprofit maintaining a

Linux distro shouldn't be on the hook for

fines that could bankrupt them while the

actual platform serving harmful content

to children continue to operate at scale.

Looking at you, Roblox. This is, to put

it charitably, a law that was written by

people. Who don't understand the

technology that they're regulating. And I

don't mean to say that entirely

as an insult. I mostly say

it because of the consequences with

that gap are real and they

land on the open source community.

Heard this, but I don't wanna be, I don't

know, insulted. That's fine too. So at

the end of the day, where does this lie?

And us? It could be California. Bill here

is real. It's law. It goes into effect in

less than a year, and it requires every

operating system, Linux included, to

implement age verification. APIs at

account set up with financial penalties

and non compliance that could genuinely

destroy small developers, open source

maintainers and poor guy in his garage.

Leave poor guy in his garage alone.

The community is already pushing back and

midnight BSD just literally even banned.

California from using their operating

system, other distros are watching and

Colorado is doing Colorado things and

looking at doubling down. The broader

pattern. Here is exactly what we talked

about on this channel. well-intentioned

corporate and government overreach that

shouldn't. It doesn't actually protect

people, but it does create new

surveillance architecture, new compliance

burdens, and new pressure on the open

ecosystems that give people actual choice

over their technology. And let's be real,

maybe that's why they're actually doing

it. Keep an eye out. Have a Palantir

video coming out soon, but in the

meantime, if you're a developer or a dish

or maintainer who's watching this go

down, this is a mess and it landed in

your lap at no fault of your own. But

go ahead and drop your thoughts in the

comments, I genuinely want to know. What

the Linux community is planning here If

you have a favorite Linux distro, that

would be fun to find out. Let's create a

little community in the comments of your

favorite dish through. I personally do

use Ubuntu and hey, I'm open to try other

distros. It just let me know below and if

you are. Maintainer of the distro, I

want to hear from you as well.

But anyway go ahead and like and

subscribe if this kind of tech

accountability and talking about like AI

and gaming and all that seems to

jive with you if you do not.

Subscribe, though I might be forced to

banish you to the shadow realm. Anyway,

that's all I've got for

guys today. Thank you so much for

watching this video. I hope you have a

fantastic rest of your day and peace out.