California has adopted a bill that requires operating systems to ask for a user's age or date of birth during setup. The bill, which will become enforced legislation from January 1, 2027, says an OS should use this to determine the availability of applications in a storefront and share this information with any developer that requests it in real-time. All of which sounds incompatible with many of today's open source software, including Linux—so what are they to do?
Jef Spaleta, project leader for popular Linux distribution, Fedora, has said they are still trying to get to grips with the legislation and what it requires. However, in their measured response, they have noted that age information may need to be tied to account creation and that information stored in a file somewhere easily accessible to applications.
"No telemetry… just a way for applications to query the OS… a local API… sounds a lot like a dbus service to me," Spaleta says.
There is another valid response: simply reject users from California. Or, at least, nominally do as such. That's what the developers of the MidnightBSD OS have suggested they'll be doing, by excluding residents of California from using the OS from January 1, 2027—the same day the bill becomes active in the state.
Ironic, really, as the 'BSD' in MidnightBSD stands for Berkeley Software Distribution, for the University of California, Berkeley. This is where one of the earliest Unix forks was created, and it remains the basis for many today, including FreeBSD. FreeBSD is part of the foundation of another California-based institution's product, Apple's macOS.
It's not a petty means of targeting Californian citizens, however. It means the job of checking whether people have installed its OS falls onto Californian authorities to deal with. How might they go about that? Again, seems practically impossible, and boggles the mind to even suggest such a thing could occur.
Until we have a better plan, we modified our license to exclude residents of California from using MidnightBSD for desktop use, effective January 1, 2027. This is due to https://t.co/jvo7ZBLqyC?February 26, 2026
Though MidnightBSD has since drafted what an alternative (a better plan) might look like. It suggests writing a user's age to a file readable by root only. Though in the Google Doc for the potential change, it is noted:
"Would it be legal to ask if you want to turn this feature off and skip this crap outside the US?"
As an exercise, we've attempted to come up with a plan to implement the age verification law. This is a draft of that plan. There are a few issues with this plan.https://t.co/3rFWvLnvwRMarch 1, 2026
It's not just California that's rolling out age verification methods affecting operating systems. A bill is under consideration in Colorado, SB26-051, that would require a similar thing, but only if it passes into law. The Colorado bill would take effect from January 1, 2028.
The pair of bills (derogatory) are the subject of fierce resistance from an unlikely source: the creators of an open source calculator. DB48X is a project to rebuild and improve upon the "legendary" HP48 family of calculators and RPL programming language, and for modding newer calculators to utilise it.
The legal-notice file for the project now reads:
"As a consequence of recent legislative activity in [California][cal]
and [Colororado][col]:
* California residents may no longer use DB48x after Jan 1st, 2027.
* Colorado residents may no longer use DB48x after Jan 1st, 2028.
DB48x is probably an operating system under these laws. However, it does not, cannot and will not implement age verification."
You know you've messed up when you've angered the math lot.
It's worth noting that both bills, California's and Colorado's, set out a proviso that an operating system must not collect or share information beyond the scope of the bill. That's either age or date of birth, nothing else. Though it seems to me that it's touched a nerve for the assumed overreach it represents, rather than what it actually means in practice or implementation.
There are a few obvious problems with the legislation, too. The sort of problems that make you wonder whether it's being rolled to do something effectively or look like something is being done.
The first being that neither bill, as far as I can tell, specifies what level of verification is required of a user's age. All they require is a user's age or date of birth. A simple dropdown interface may suffice. So, beyond being a headache for open source developers to figure out how to implement it in distros that often collect little to no personal information, the effectiveness of such a system appears to be based on an honour system.
Then there's enforcement, which appears shaky at best. Both Californian and Coloradan bills set out civil fines of $2,500 for unintentional breaches and $7,500 for intentional breaches, but how would the majority of breaches be discovered in the first place?
It's all a bit wishy-washy. Moreover, it is coming at a time when age verification is being rolled out more widely across the globe and facing stern criticism, such as an open letter from scientists and researchers that notes the many pitfalls of ill-thought-out verification methods, including for privacy and security, and their overall effectiveness.
1. Best overall:
HP Omen 35L
2. Best budget:
Lenovo Legion Tower 5i
3. Best high-end:
Corsair Vengeance A7500
4. Best compact:
Velocity Micro Raptor ES40
5. Alienware:
Alienware Area-51
6. Best mini PC:
Minisforum AtomMan G7 PT
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
