California age verification bill backed by Google, Meta, OpenAI heads to Newsom
51 comments
·September 14, 2025LorenPechtel
kristopolous
My favorite is Montana where you have to provide more identification to view a naughty jpeg then buy a firearm.
nicce
Porn sites have been there almost 20 years. Why it is problem right now? Is there extensive recent research about it? Or now we just have the capability?
null
nick__m
I remember pop-up porn adds started to appears around 1995 or so and 1995 is 30 years away...
privatelypublic
I ember them showing up and then being limited to super shady sites PDQ.
Which makes sense- since exposing minors to pornography was a crime, and got even more illegal somewhere in that time frame, along with the web becoming "professional" (whitehouse top level domain mixup stories anyone?), the honest pornography sites all started self-regulating and asking if somebody is an adult before anything naughty gets shown.
zelse
In practice, 100%. In theory we could likely design "good enough" anonymous systems that work like buying alcohol or tobacco in most countries (buy a scratch token in cash at a corner store after showing ID, picked at random from a box of them - contains a number, possession of which is theoretical proof that you had your ID verified at purchase)...but of course, the real purpose of age-gating is exerting a chilling effect, so we'll never hear about privacy-preserving methods.
(NB: I am firmly opposed to any of this. The solution for parents concerned about their kids is parenting and parental controls, not giving authoritarians of all stripes the means to snoop and ban whatever they decide is obscene or troubling.)
jart
No one ever explains why it's so important that everyone always conceal their identity on the web, as though it were some global red light district. The most successful tech platforms all succeeded by getting people to be trusting enough to say who they are, like Twitter, Facebook, etc. It's worth billions of dollars to create any online space that isn't anonymous.
filchermcurr
It's important to conceal your identity because the internet is forever. Your comments, opinions, beliefs, embarrassing moments... all recorded (essentially) for life. This happens through administration changes, different jobs, life changes, belief shifts, different friends and partners, etc. Without anonymity, anybody can comb through your entire history to make any point they want. To justify any accusation about you they want using 'evidence' from years past. To stalk or harass. To fire you for daring have an opinion about something. Depending on your government, to arrest you for what you've said in the past.
A huge issue with the modern web is that everything is seen as a profit motive. I don't care how many billions of dollars tracking everything we do and tying it to our person is worth. I don't want it.
jart
That's a good thing since it means we have the opportunity to be remembered for eternity. Information is permanent. Also don't think that just because the system doesn't reveal who you are to other users today that your identity and life activities won't be decloaked later on should culture or policies ever change. If you're open, trusting, and use your real name today, you'll at least get the benefits and glory of eternal fame while you're alive.
serf
OK.
Here's an easy explanation.
Someone you don't like somehow gets voted into power and begins trying to enact changes towards a social group you belong to.
Building anonymous systems is one way to avoid Bad Actor X from having Big List Y, leading to Atrocity Z.
Having a really successful social network isn't a goal post, it's just a result.
Great -- it made a zillion dollars, meanwhile we've built the biggest leakiest information trove on individuals, for individuals to be exploited, ever imagined.
jart
Already happened with USG. You know who doesn't discriminate against my group? Big tech companies. If they can step up and take on more responsibility for identity verification in our society, then my social group will be less oppressed. The California Republic must lead the way.
_heimdall
You may be combining or missing a few factors.
Tech platforms are valued at billions of dollars because they found ways of convincing their users to give up anonymity. That has nothing to do with whether the anonymity was important.
corytheboyd
> No one ever explains why it's so important that everyone always conceal their identity on the web.
I live next to idiots with gigabit and guns, that’s why.
no_wizard
Reddit stands out against this wave. I reckon that Reddit is worth at least a billion
readams
Big tech has generally not loved this because they know that adding friction like id checks massively reduces attach rates. This is watered down enough that it's likely seen as a lesser evil.
BoredPositron
A new account on Facebook, Instagram or Google/YouTube will usually instantly get restricted and triggers either ID or Phone verification anyways.
fortran77
I think they love it to because it will be another barrier for a little small start up from entering the market. You'll need to spend so much on regulatory issues and compliance that only the biggest, established companies can have a business.
doctorpangloss
Google doesn’t need to identify you… you use Gmail.
And anyway, they created a library (https://blog.google/technology/safety-security/opening-up-ze...) to make age verification not useful for identification but still real.
So… I’m sure you meant fingerprinting but presumably porn sites already do that?
ranger_danger
The text of this bill would be satisfied by a website simply having a "Yes, I'm over 18" button on the front.
polyomino
The MPAA's argument against this bill is a complete joke:
>MPA urged state lawmakers to reject Wicks’ bill this week in a letter, obtained by POLITICO, claiming device-based age checks may sow confusion; for example, if parents and kids had separate Netflix profiles under one account that’s logged in on multiple devices.
To the point where I'm asking if someone needs some token opposition to frame this obvious bill a political win?
_heimdall
There are legitimate arguments that can be made against this bill...that is not one of them.
avarun
This bill is a strictly better version of the age gating initiatives that have been passed in other states and countries like the UK and Australia. If age gating is inevitable, and it seems as though it is, this is the least bad way to do it — enforcing the onus on device manufacturers, who can do verification one time and then throw away the information.
_heimdall
> If age gating is inevitable
What could possibly make it inevitable? We are either okay with those with authority forcing us to ID ourselves in some form or we aren't.
userbinator
and it seems as though it is
Only with that attitude will it be.
g-b-r
It would easily mean that you're required to have an unmodified device, running a locked down system, to be able to access any service that uses age verification.
Although, a much more sensible alternative, would be to have parents (that do want the control) give their sons devices that send the "minor alert" signal, and have the services detect that.
g-b-r
Of course all these measures risk making identifying minors trivial for any website and app, which is... not really ideal
g-b-r
And this specific proposal seems to let anyone know if your kid is:
(A) Under five years of age.
(B) At least 5 years of age and under 10 years of age.
(C) At least 10 years of age and under 13 years of age.
(D) At least 13 years of age and under 16 years of age.
It seems a menu, I wonder what could go wrong....
GeneralMayhem
Bill text: https://legiscan.com/CA/text/AB1043/id/3193837
This seems... not terrible? The typical counter-argument to any "think of the children!" hand-wringing is that parents should instead install parental controls or generally monitor what their own kids are up to. Having a standardized way to actually do that, without getting into the weirdness of third-party content controls (which are themselves a privacy/security nightmare), is not an awful idea. It's also limited to installed applications, so doesn't break the web.
This is basically just going to require all smartphones to have a "don't let this device download rated-M apps" mode. There's no actual data being provided - and the bill explicitly says so; it just wants a box to enter a birth date or age, not link it to an actual ID. I'm not clear on how you stop the kid from just flipping the switch back to the other mode; maybe the big manufacturers would have a lock such that changing the user's birthdate when they're a minor requires approval from a parent's linked account?
That said, on things like this I'm never certain whether to consider it a win that a reasonable step was taken instead of an extreme step, or to be worried that it's the first toe in the door that will lead to insanity.
ndriscoll
The language suggests to me that GitHub would be a covered app store and a FOSS Linux distribution without an age gate API would be illegal in California (along with all programs that don't check the age API, e.g. `grep`), so it seems quite a bit worse in terms of killing free speech and culture than requiring adult sites to check id to me.
Notably, a "covered app store" doesn't seem to need to be... a store. Any website or application that allows users to download software is covered. There's no exemption for non-commercial activity. So every FOSS repo and programs like apt are covered? The requirement is also that developers will request the signal. No scoping to developers that have a reason to care? So vim is covered? Sort? Uniq?
Honestly I can't believe big tech would go along with it. Most of their infrastructure seems like it would clearly be illegal under this bill. Either there's something extremely obvious I'm missing or every lawyer looking at this bill is completely asleep at the wheel.
derbOac
This is what worries me a bit, that this will be used as an excuse for walled gardens and so forth.
"We can't allow side loading because that would be illegal in terms of age verification".
I would love to be wrong about this though.
g-b-r
It's beyond obvious that it will, and it's why Google and Apple support it
syntaxing
This bill seems reasonable according to the article? It allows the device to state the user is underage and the site must act accordingly rather than gating users to a site and must prove their age. But then again “the road to hell is paved with good intentions" so no clue how it’ll play out in reality.
yepitwas
This is almost an amazing thing. Some common top-level way to set parental controls across systems would be a godsend. That’s all a giant pile of time-wasting shit right now.
However, any system that just uses age is useless. They’re always excessively cautious, so you may as well just not provide access at all for kids between the ages of 6 and 12 or so, if that’s all you have.
No, block all + allow lists are still where it’s at. Please make those work better.
(If anyone knows the magic to make Minecraft [java] work with macOS allowlist-only network access, I’d love to know what it is. The fucking launcher wants to talk to a half-dozen bare IP addresses to work, and the addresses change seemingly every single launch, from a pool of what must be many hundreds, at least, it’s completely unusable)
akersten
How does the government mandating the way an operating system works seem reasonable?
theossuary
It seems very reasonable to require a feature in an OS, like requiring seatbelts in a car. Of course, it depends on the feature though.
nicce
I could also mean that if you don’t have TPM on your computer and the OS is not in the ”allowed” list, you can’t access anything. I hope that this is not the path we will see.
nicce
How to verify that device is not faking the age? I bet here comes the remote attestation…
ranger_danger
The bill doesn’t actually require any real age verification... it just asks people to provide a (any) birthdate for the purposes of categorizing their access by age bracket. It doesn’t say anything about the information having to be accurate, and gives no penalties if you lie.
I'm still against age verification in general, but I don't think this particular bill warrants the massive outrage similarly being made lately about more serious age verification laws, as it does not require any facilities for actually verifying, well, anything.
https://trackbill.com/bill/california-assembly-bill-1043-age...
sigmar
>to provide a developer, as defined, who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface regarding whether a user is in any of several age brackets, as prescribed.
Summary reads to me as this bill requiring calls to an API to verify the user's age.
ranger_danger
> requiring calls to an API to verify the user's age
By simply asking for their age. There's nothing about requiring that the age is actually attempted to be verified as accurate at all. And the "age bracket" is specifically defined as nonpersonally identifiable information.
And it still gives no consequences for wrong/fake information.
Interestingly, they also define a "developer" simply as "a person that owns, maintains, or controls an application".
Wouldn't that inherently include all users of a computer in general?
nl
> There's nothing about requiring that the age is actually attempted to be verified as accurate at all.
To quote: requires a business that provides an online service, product, or feature likely to be accessed by children to do certain things, including estimate the age of child users with a reasonable level of certainty appropriate to the risks
"Reasonable level of certainty" requires some kind of attempt at verification. In Australia for example they allow facial estimation software (which I agree is not good, but it provides some kind of estimate the government is happy with)
> And it still gives no consequences for wrong/fake information.
Where are you seeing that?
To quote the bill:
> This bill would punish noncompliance with a civil penalty to be enforced by the Attorney General, as prescribed.
And:
line 17 A person that violates this title shall be subject
line 18 to an injunction and liable for a civil penalty of not more than two
line 19 thousand five hundred dollars ($2,500) per affected child for each
line 20 negligent violation or not more than seven thousand five hundred
line 21 dollars ($7,500) per affected child for each intentional violation,
line 22 which shall be assessed and recovered only in a civil action brought
line 23 in the name of the people of the State of California by the Attorney
line 24 General.null
anenefan
The bill is a bad idea. Of course big tech likes it, more id equals higher value data they can scrape. When (if?) it arrives it'll be two seconds before some places on the web will need more to be sure the person who set up the entire phone or app is actually not under age, thus the person setting it up will have to provide id ... the bill is a anonyphobes wet dream come true.
klysm
It’s also regulatory capture. Harder for competitors to meet regulatory barriers
null
vpShane
[dead]
mouse_
Regulatory monopolists.
Age gate means identification of the individual. Of course big tech loves that.
You can have age gating or you can have privacy. Same as you can have porn filtering or you can have privacy.