Posted by shaicoleman 9 hours ago
Apple cost Meta billions by cutting off their data pipeline at the OS level, justifying it with a unilateral privacy moral high ground. Now, Meta is returning the favor. By astroturfing the App Store Accountability Act through digital childhood alliance, Meta is forcing Apple to build, maintain and also bear the legal liability for a wildly complex state-by-state identity verification API.
Gotta give it to Zuck. Standing up a fully-fledged advocacy website 24 hours after domain registration and pushing a bill from a godaddy registration to a signed Utah law in just 77 days is terrifyingly efficient lobbying.
if "it" is the middle finger, for sure. "terrifying" is a great choice of word for it.
Plus, Apple gets to be the gatekeeper for Meta and other apps which can't be good for meta, and Apple gets to know the age of its users, which in itself is monetizable.
Overall, that's the reason anti-trust laws must be applied rigorously, otherwise the normal population has no chance.
In the end, all the little people are just collateral damage or occasionally they get some collateral benefits from wherever the munitions land.
I am not skeptical of any of the research, the sources seem to be cited properly. I am skeptical that this researcher has thought through or verified their conclusions in a systematic and reliable fashion. This part gives it away: "Research period: 2026-03-11 to present." This individual dropped his investigative report two days after beginning research!
Yes, AI is an incredibly good research assistant and can help speed up the tasks of finding sources and indexing sources. The person behind this investigation has not actually done their due diligence to grok and analyze this data on their own, and therefore I can't trust that the AI analysis isn't poisoned by the prompters implicit biases.
> A Meta employee (Jake Levine, Product Manager) contributed $1,175 to ASAA sponsor Matt Ball's campaign apparatus on June 2, 2025. Source: Colorado TRACER bulk data.
> No direct Meta PAC contributions to any ASAA sponsor across Utah, Louisiana, Texas, or Colorado. Source: FollowTheMoney.org multi-state search.
While it is true that Meta has funded groups that advocate for age verification, a lot of them also appear to have other actors so it's not like this is some pure Meta thing as some of the other commenters are suggesting.
> LIMITATION: Direct PDF downloads returned 403 errors. ProPublica Schedule I viewer loads data dynamically (JavaScript), preventing extraction via WebFetch. The 2024 public disclosure copy on sixteenthirtyfund.org was also blocked.
> Tech Transparency Project report: The article "Inside Meta's Spin Machine on Kids and Social Media" at techtransparencyproject.org likely contains detailed ConnectSafely/Meta funding analysis but was blocked (403)
The least they could have done is read their own reports and then provided the documents to the LLM. Instead they just let it run and propose connections, asked it to generate some graphs, and then hit publish.
No, the way to stop it is to talk to your representatives.
You have the power. You just have to pick up a phone, and ask your friends, relatives, neighbors, to do the same. (They will, because it affects all of them.) Tell your reps to remove the legislation or you're voting them out. They don't want to lose their jobs. They will change if you tell them to. But only if you tell them. That is your power. Use it or lose it.
Turns out they were right
You have consumer activist brain. Next you're going to suggest that we complain to the manager or start our own government and compete in the marketplace.
> The only thing that talks is money
No, the only thing that is talking is money. Money wants this. You're busy pretending like you're going to do a boycott; they're going to boycott you.
Complain about the internet? They'll just blacklist you from it. Complain about the phone? Well now you can't use one; try smoke signals. Complain about the landlord? They'll settle the case, kick you out on the street, and blacklist you among all private equity landlords and the management companies that service small landlords. You'll just go to a small landlord that doesn't use one of the management companies? Well they won't have access to a bunch of vendors that have exclusive contracts with and share ownership with the management companies; now they can't make any money and have to sell to private equity.
You've been fooled into thinking that being victimized is a moral failure of the victim. The perpetrators taught you that. They taught you that the only appropriate action is to beg and threaten to leave, and they shut down customer service and monopolized the market. But, again, the worst thing they trained you to do is to blame the victim.
Just because you're a pessimist doesn't mean you have to be coy. :)
What do you mean? They still need people purchasing software and hardware.
You can argue effectiveness, but if enough people say no, then a boycott is extremely effective. The issue is always on awareness and making people take hard actions.
They don’t need you to purchase hardware or software any more. We’re moving to centralized economic planning, where resources for datacenter buildouts are reserved for people with sufficient political loyalty (and come from tax dollars), and the only products are surveillance and collective punishment.
If you don’t want that to happen, then you’ll need to help build an alternative.
Yes, I agree.
>They don’t need you to purchase hardware or software any more.
Need? No. But they still want as much money as possible. That's why a boycott/strike will still be effective. They don't need money anymore but will still bend over backwards for it.
>If you don’t want that to happen, then you’ll need to help build an alternative.
I want to help. Not sure what I can do to help, though. Seems like simply calling my reps is talking to the wind.
And you seem to have been fooled into thinking all victims are powerless.
Age signals from the OS? Need to provide a channel of information available to applications. Applications already talk to servers with unchecked commonality.
Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Next year, the application needs to "double-check" your identity. That missile that's coming to you? Definitely not AI-controlled, definitely not coming to destroy the "verified" person who posted a threatening comment about the AI system's god complex. Nope, it's coming to deliver freedom verification.
Rocket is obvious and spectacular. Those are for amateurs.
A journalist got beaten up to the brink of death and will never walk again by 'unknown perpetrators'? Well, it's a dangerous country, and he had it coming, maybe some concerned citizens went a bit too far, but our dear leader cannot watch over everybody.
Scaling: do you think other journalists will not take notice?
And he will still be alive to reminder them how they may end up.
If you want to see how far imagination can go here, look up Artyom Kamardin and think how would you behave after hearing his story .
And turns out power-tripping men offered raw power over other humans on threat of violence is something they like.
And ICE? Remember J6 and Three Percenter's and all those right wing militias? They ended up in ICE. Same reasons.
Meanwhile, regular cops have been doing the same awful things that they've always been doing, literally at the command of Democratic mayors who are pompously declaring that they won't enforce immigration law in speeches. They'll send cops to throw your shit into the street when your rent suddenly doubles, and won't report an illegal immigrant felon (whose history we know nothing about) to ICE.
Organized white supremacists are nobodies with no power, they're all over the military, the cops, prison guards, and ICE. Meanwhile, Parchman Farm in Mississippi doesn't even report the people who are dying there, and has plastic all over the floors because the roofs are open to the elements. That's just legal American black people who this country actually owes something to, though. That was trendy like five years ago, it's so over now.
Now you obviously shouldn't set social justice aside, and given the choice, I absolutely prefer the capitalist hellscape where my friends and I are not being rounded up and killed, but that's a REMARKABLY low standard I've had to settle on as a voter.
The Democrats and Republicans both are different approaches for the same billionaire class.
They're not "opposite sides of the same coin". Instead, they're more akin to 2 sock puppets. One wears red, and the other blue.
Like the Trump tariffs? They were initially Biden's tariffs that Trump increased and extended. Different clothes, same game.
But I'd be willing to try a good run with democratic socialism, or hell, communism. What we have is the cushy gold-parachute socialism for the elite, and unabashed hardcore capitalism for the poorest. And that fucking sucks. Burn it down.
That was from a quick search, no doubt there's more. Now it gets down to trust issues on reporting.
"Disabled spending" already happened to the people in the ICC that acted contrary to Trump's diktats[0], without the need for a digital panopticon, both the banks and the government know who you are.
[0] https://www.irishtimes.com/world/us/2025/12/12/its-surreal-u...
Never stopped people overengineering :P
> Nobody stops the government from sending goons to your door right now for a snarky comment.
This is just dumb. They literally don't know who wrote it, and have to assign somebody to track you down. The fact that they're putting infrastructure on your computer and on the network to make this one click away for them matters.
I've wondered if FaceID and the Android counterpart are actively creating an extraordinary labeled dataset for facial expressions at the point of sale.
With users trained to scan their face before every transaction, tech companies could correlate transactions to facial expressions, facial expressions to emotions, and emotions to device content. I can imagine algorithms that subtly curate the user experience, selectively showing notifications, content, advertising to coax users towards "retail therapy".
Also keep in mind keystroke dynamics can probably do that too and has been a topic of study in one form or another since the nineteenth century vis-a-vis telegraph operators.
Cpt America in the Winter Soldier
This is a non-issue because it's almost certainly going to be gated behind a permission prompt. There are more invasive things sites/apps can ask for, and we seem to be doing fine, eg. location. Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
>Biometric data? Today it unlocks your private key. Tomorrow it's used to verify you are the same person that was used during sign-up -- the same that was "age-verified".
Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
Watch as apps refuse to work when you deny them permission. Also the OS (and “privileged apps”) don’t ask for permission, they have full unfettered access to everything already.
If you can't trust the OS, you have bigger issues than it knowing whether you're 18 or not. At the very least it has a camera pointed at you at all moments you're using it, and can eavesdrop in all your conversations.
If your OS prevented encryption, because one of the anti-encryption laws got passed, would you still trust its privacy and security?
lol.
> Moreover is it really that much of a privacy loss if you go on steam, it asks you to verify you're over 18, and the OS says you're actually over 18?
Slippery slope, but an interesting argument. While SteamOS is a thing, Steam isn't my OS.
> Given touch id was introduced over a decade ago, and the associated doom-mongering predilections did not come to pass, I think it's fair to conclude it's a dud.
Really? You think that things built decades ago can't be further built-upon in the now or the future?
You mean non slippery slope?
>Really? You think that things built decades ago can't be further built-upon in the now or the future?
If there's no deadlines for predilections, how can we score them? Should we still be worried about some yet undiscovered way that cell phones are causing cancer, despite decades of apparently no harmful side effects?
These bills also need to be opposed on a legal/political level.
Something I realized last night is that people who lie about their age to send false signals may inadvertently open themselves up to CFAA liability (a felony). So this is a serious matter for users who want to maintain anonymity.
I do think there is a stronger case against the next under-18 Aaron Swartz, who will get hit with 200 felonies for setting his age wrong (one felony per app/service) after pissing off someone important.
If I get arrested for lying about my age, when I'm of age, then they could probably get me on a whim already anyway. No point in trying to fall in line.
Arguably they would be more materially advantaged if they were forced to KYC/validate ages, not the platform; because sure, there's a cost to doing it, but presumably having hard data on who your customer actually is, with age and address and everything, is worth a lot more than the verification cost. And being able to say "We're legally required to gather this" gives a lot of PR cover (even though it'd be followed with "but we're giddy to do so and we will abuse this data and you every way we possibly can. No one at Meta believes you are human. We hate you as much as you hate us, but we're stuck in this together, endlessly loathing the supernatural force that keeps us working together.")
But, On the flip side: I also don't doubt that Meta is doing this, because the purpose of a system is what it does, and the leadership at Meta has done nothing in the past four years to demonstrate that they're capable of cogent thought and execution. We want to believe there's some evil plan, and maybe there is, but in all likelihood one day we'll learn that they're just... unintelligent.
These laws, that attempt to move "age verification" into the OS, 100% absolve Meta (and all the Meta owned "properties") from any legal liability so long as all of Meta's app's follow the law's required "ask the OS for the age signal of the user".
Any "bad stuff" which then gets shown to "underage users" then becomes "not Meta's fault, they followed the legally proscribed way to check the age of the user, and the OS said this user was 'old enough'" and Apple/Google then get to shoulder the liability (and pay out for the class action lawsuits) for failing to provide a proper age signal.
That's the "material advantage" gained by Meta by pushing these laws.
Like, in general, a software change to add an "age class" attribute to user accounts and a syscall "what's this attribute for the current user account" would satisfy the California bill and that's a relatively minor change (the bad part is the NY bill that allegedly requires technical verification of whatever the user claimed).
The weird issue is how should that attribute be filled for the 'root' or 'www-data' user of a linux machine I have on the cloud. Or, to put aside open source for that matter, the Administrator account on a Windows Active Directory system.
Because "user accounts" don't necessarily have any mapping (much less a 1-to-1 mapping) to a person; many user accounts are personal but many are not.
The auth server would lie in Colorado. The FS server, in New Mexico. The CPU server, in Nevada. The terminal (the client), in Alaska. Shut down and repeat at random. Watch the lobbies collapsing down tring to sue that monster.
> Meta spent a record $26.3 million on federal lobbying in 2025, deployed 86+ lobbyists across 45 states, and covertly funded a "grassroots" child safety group called the Digital Childhood Alliance (DCA) to advocate for the App Store Accountability Act (ASAA). The ASAA requires app stores to verify user ages before downloads but imposes no requirements on social media platforms. If it becomes law, Apple and Google absorb the compliance cost while Meta's apps face zero new mandates.
We should also update all FOSS license terms to explicitly exclude Meta or any affilites from using any software licensed under them.
Heck, Linus Torvalds should just add an amendment to the next release of the Linux Kernel that makes it illegal to use in any jurisdiction that requires age verification laws.
This would obviously cause such a massive disruption (especially in California) that the age laws would have to be rolled back immediately.
This seems like a no-brainer to me but I am admittedly ignorant on this situation. I'm sure there's a good reason why this isn't happening if anyone cares to explain.
If it's not (fully) your code, you aren't free to set the licence conditions; Linus can't do that without getting approval from 100% (not 99% or so) of authors who contributed code.
What one can do is add an informative disclaimer saying "To the best of our knowledge, installing or running this thing in California is prohibited - we permit to do whatever you want with it, but how you'll comply with that law is your business".
It also helps when you take an offender to court. If I contribute to a project but don't assign copyright, then they cannot take offenders to court if my code was copied illegally. The burden is on me to do so.
Of course, all code released prior to the change still remains on the original license.
A "Linux distro" is not the Linux kernel. It's possible for some distros to add such license terms to their distribution media, but others like Debian and Debian-based ones adhere to the GPL so no go.
"Every OS provider must then: provide an interface at account setup collecting a birth date or age, and expose a real-time API that broadcasts the user's age bracket (under 13, 13 to 15, 16 to 17, 18+) to any application running on the system."
Debian, Ubuntu, etc., they'll all fall right in line because the clear and immediate losses will outweigh any PR issue.
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
5. No Discrimination Against Persons or Groups
The license must not discriminate against any person or group of persons.If this was somehow introduced without anyone noticing and deployed, imagine the damage it would cause.
If we're fantasizing here, I like to imagine two major OS makers trying to comply these laws, fail miserably, and let FOSS OSes and kernels more recognition in the desktop market.
Ideally, getting these servers to auto turn off the day this goes into effect ("In compliance with this new law, Linux is now temporarily unusable. Please <call to action>.") would be glorious for getting the bill staved off, or killed.
It would hurt some productivity, but that is a risk these lawmakers taking donations are probably willing to make.
I know. That's exactly the point.
In such situations where one party (Meta) has enough money to lobby and is playing dirty, it's a massively asymmetric situation. In such cases, if you really want to make sure you're heard (which I'm not sure distributers want or care about tbh), you've got to play the game too.
Malicious compliance, if you will.
PS: For a "practical" variant, simply a warning might be sufficient - given how many hospitals/critical infra uses linux. For eg "There is a chance this server will fail to work on x date due to this y law. Not as glamorous/all-guns-blazing, but probably much more sensible and practical.
PPS: For an even more "safer" variant, one could go "Post x, please note that using linux/this server is a violation of law y. Please turn off the server yourself manually. Failure to comply with these instructions and violating the law will be borne entirely by the (no informed) sysadmin/manglement.
What exactly do you think Linux is? I would say that Linux would be forked in like 2 seconds, a bunch of different companies would start offering "attested Linux," and all you'd have to do was change your repos and update.
I would say that, but what would really happen is that we'd find out that Canonical, Red Hat, and a bunch of other distributions had been talking to the government for a year behind closed doors and they're already ready to roll out attested Linux. Debian would argue about it for six months, and then do the same thing. Hell, systemd will require age attestation as a dependency. Devuan and any other stubborn distribution would face 9000 federal lawsuits, while having domain names blocked, and the Chinese hardware necessary to run them seized at the ports with the receivers locked up on terrorism charges.
I have no idea where the confidence of the IT tech comes from. You (we) are something between a mechanic and a highly-skilled janitor.
Update the terms to indicate that you can do what you want, but this OS is probably not compliant with states run by evil dipshits.