On the unfortunate need for an "age verification" API for legal compliance reasons in some U.S. states
Aaron Rainbolt
arraybolt3 at gmail.com
Wed Mar 4 00:32:00 UTC 2026
On Tue, 3 Mar 2026 16:48:19 +0100
Heinrich Schuchardt <heinrich.schuchardt at canonical.com> wrote:
> On 3/2/26 08:08, Stephan Verbücheln wrote:
> > When I install the Debian standard desktop, it already asks me
> > whether each newly created user should have parental restrictions.
> > I assume that there are APIs for the apps to follow this
> > categorization.
> >
> > I assume KDE and others have similar options.
> >
> > I am aware that many existing apps do not follow this setting (yet),
> > and many apps will never follow it because they do not care or do
> > not really display age-relevant content to users to begin with.
> >
> > So what would be the required step to make this existing API
> > conforming?
> >
> > 1. Implement the categories (13/16/18/etc.).
> > 2. Hope that other jurisdictions do not choose different age
> > numbers.
>
> Of course other countries use other age groups. E.g. for games the
> relevant age groups in Germany are 0+, 6+, 12+, 16+, and 18+.
>
> Please, consider that computers are taken on travel and the
> jurisdiction of the current location needs to be observed.
>
> Best regards
>
> Heinrich
Yes, this is a good point. I had a bit of tunnel vision when writing
the initial proposal, as you can see.
I'm planning on drafting and submitting a somewhat more-concrete spec
proposal in the near future, that will take this and other concerns
into account.
--
Aaron
> > 3. Make default apps follow the parental controls.
> > 4. Make web browsers translate the user's age class to appropriate
> > HTTP headers.
> >
> > I do not think this is a risk for user freedom. People who do not
> > have kids on their computers can completely ignore the parental
> > settings.
> >
> > Also I do not think that the law is applying to existing operating
> > system releases. Regulations like this usually apply only to
> > products released after the date. By this logic, it might apply to
> > Debian 14.
> >
> > I also do not believe that this applies do software projects
> > directly. Usually, these things apply to device manufacturers who
> > ship devices, e.g. Lenovo laptops sold with preinstalled Ubuntu.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20260303/87603f4a/attachment.sig>
More information about the ubuntu-devel
mailing list