How to Track Your Users Online (Fast) (California DLC)

California residents after January 1st of 2027 will not be allowed to read this or any other blog posts on skids.fail.

California Assembly bill 1043 (Mandatory age verification implemented at OS level) Passed unanimously (76-0 and 38-0) in 2025 with zero technical debate on how a "self-reporting" signal stops a child from simply clicking "I am 18.". The law appears to have been done without any expert consultation and with little to no understanding of how operating systems actually function.

How is it planned to function?

According to the legislation, the intended plan is:

1. The OS Developer (More on this later) - Must build an "Age-Signal" into the computer's setup process.
2. The app store - Must ensure they only give apps to people whose "Age-Signal" matches.
3. The app developers - Must "request and respect" the signal when the app launches.

The logic already collapses in the first phase: the OS Developer. How is an OS Developer defined? Is Tiny 11 considered to be developed by NTDev or by Microsoft? Is an Arch Linux fork like SteamOS developed by the original Arch contributors or by Valve? In open-source projects, are the maintainers liable?

The failure deepens at the App Store level. What if an operating system simply lacks an app store? Are users unable to use their devices by downloading local executables? Are antivirus programs downloaded outside the Microsoft Store also under scrutiny?

The app developers - Again, what defines an App Developer? If I make an app and share the source code with no compiled binaries on Github, am I liable if it is under the MIT license? Where's the line between just contributing to open source and being an 'App Developer'?

The Linux paradox

Linux is - by it's very ideology - an open source Kernel. A Kernel - as most people reading might guess - is certainly not an entire operating system, it's just... a kernel, very much like in popcorn.

The question arises: Who would be mandated to implement the age verification? The Kernel developer, or any person building a distribution on top of it. Furthermore, as it is open source, what stops anyone from just searching for the function and removing the related code? What about current already flashed ISO's?

The California bill AB1043 answers exactly zero of these questions.

No clear definition of "Operating System"

Rather an anecdote than an actual paragraph, but what about calculators? They do run an operating system after all. If I build a calculator for sale on the consumer market, am I required to implement age verification? Where does 'operating system' start? What about smart fridges? They after all have web browsers, app stores and even run a whole operating system, usually Android - which is ironically - a fork of Linux.

And after researching a little, a calculator OS will be considered, in fact a General Purpose Operating system

DB48X is probably an operating system under these laws. However, it does not, cannot and will not implement age verification.
- C3D, DB48X's github repository

The solution against the fine?

From what I have seen, the most agreed-on solution appears to be geo-fencing California. You cannot be fined if you knowingly do not allow people from the affected region to access your service. Ergo you are not criminally liable.

Residents of any countries, states, or territories that require age verification for operating systems, are not authorized to use MidnightBSD. This list currently includes Brazil, effective March 17, 2026, California (CA AB1043), effective January 1, 2027, and will include Colorado, Illinois and New York provided they pass their currently proposed legislation. We urge users to write their representatives to get these laws repealed or replaced.
- Midnight BSD

What failed?

The answer is simple: incompetence. The people drafting the bill did not consult experts, leading to "Does TikTok access my local Wi-Fi?" levels of confusion. Age verification cannot be labeled as "present" or "absent" without considering the technical trade-offs, viability, and the sheer impossibility of enforcement in an open-source ecosystem.