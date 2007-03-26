[...] Recently, a new law was passed in California that requires OS vendors to provide some limited info about a user's age via an API that application distribution websites and application stores can use. [1] Colorado seems to be working on a similar law. [2] The law will go into effect January 1, 2027, it is no longer a draft. I do quite a bit of work with an OS vendor (working with the Kicksecure [3] and Whonix [4] projects), and we aren't particularly interested in blocking everyone in California and Colorado from using our OSes, so we're currently looking into how to implement an API that will comply with the laws while also not being a privacy disaster. Given that other distributions are also investigating what to do with this, and the law requires us to make a "good faith effort to comply with [the] title, taking into consideration available technology", I figured it would be a good idea to bring the issue here.

At its core, the law seems to require that an "operating system" (I'm guessing this would correspond to a Linux distribution, not an OS kernel or userland) request the user's age or date of birth at "account setup". The OS is also expected to allow users to set the user's age if they didn't already provide it (because the OS was installed before the law went into effect), and it needs to provide an API somewhere so that app stores and application distribution websites can ask the OS "what age bracket does this user fall into?" Four age brackets are defined, "= 13 and = 16 and = 18". It looks like the API also needs to not provide more information than just the age bracket data. A bunch of stuff is left unclear (how to handle servers and other CLI-only installs, how to handle VMs, whether the law is even applicable if the primary user is over 18 since the law ridiculously defines a user as "a child" while also defining "a child" as anyone under the age of 18, etc.), but that's what we're given to deal with.

The most intuitive place to put this functionality would be, IMO, AccountsService. The main issue with that is that stable-release distributions, and distributions based upon them, would be faced with the issue of how to get an updated version of AccountsService integrated into their software repositories, or how to backport the appropriate code. The law goes into effect on January 1, 2027, Debian Bookworm is going to be supported by ELTS until July 30, 2033, and we don't yet know if Debian will care enough about California's laws to want to backport a new feature in AccountsService into Debian Bookworm (or even Trixie). Distributions based on Debian (such as Kicksecure and Whonix) may still want to comply with the law though, so something using AccountsService-specific APIs would be frustrating. Requiring a whole separate daemon for the foreseeable future just for an age verification API would also be annoying.

Another place the functionality could go is xdg-desktop-portal. This one is a bit non-ideal for a couple of reasons; for one, the easiest place to put the call would be in the Account portal, which returns more information than the account's age bracket. This could potentially be considered non-compliant with the law, as it states that the operating system shall "[s]end only the minimum amount of information necessary to comply with this title". This also comes with the backporting disadvantages of an AccountsService-based implementation.

For this reason, I'd like to propose a "hybrid" approach; introduce a new standard D-Bus interface, `org.freedesktop.AgeVerification1`, that can be implemented by arbitrary applications as a distro sees fit. AccountsService could implement this API so that newer versions of distros will get the relevant features for free, while distros with an AccountsService too old to contain the feature can implement it themselves as a stop-gap solution.