The unfortunate need for an "age verification" API for legal compliance
5 hours ago
- #legal-compliance
- #privacy
- #open-source
- New California law requires OS vendors to provide user age info via an API for app stores, effective January 1, 2027.
- Colorado is considering a similar law, prompting OS vendors to seek compliant yet privacy-conscious solutions.
- The law defines four age brackets: <13, 13-15, 16-17, and ≥18, requiring minimal info disclosure.
- Proposal for a D-Bus interface `org.freedesktop.AgeVerification1` to standardize age verification across distributions.
- Implementation challenges include handling CLI-only installs, VMs, and ensuring privacy by storing age data securely.
- AccountsService and xdg-desktop-portal considered for implementation, but backporting issues and info disclosure concerns exist.
- Hybrid approach suggested: new D-Bus standard allowing flexibility for distros to implement as needed.
- Privacy considerations include allowing users to lie about age and not storing more info than necessary.