California has officially lost its mind. I say this with all the love in the world for a state that gave us silicon valley, the internet, and at least three different ways to legally smoke weed, but the people writing these laws have clearly never touched a computer outside of a Zoom call.

Let me break down what AB 1043, the “Digital Age Assurance Act,” actually says. Starting January 1st, 2027, every single operating system provider in California must implement age verification during account setup. And when I say every operating system, I mean every operating system. Windows. macOS. Linux. Android. iOS. SteamOS. Whatever OS your smart TV runs. The firmware in your printer. The computational toothpaste dispenser that’s somehow running a full Linux kernel because someone at Philips wanted to prove a point.

The law applies to “any computer, mobile device, or any other general purpose computing device.” Now here’s where it gets beautiful, because as Alan Turing once famously noted, anything is a general purpose computer if you stare at it hard enough. People have run Doom on a graphing calculator. People have run Doom on a pregnancy test. People have run Doom on a literal toothbrush. The law is so broad that it could theoretically require age verification before you can wipe your own ass with a smart toilet.

And the requirements aren’t small. The law talks about “digital signals” that must flow between the OS, the app stores, and the applications. These signals need to communicate user age verification status before an app can run. The wording is so vague that no one actually knows what compliant implementation looks like. The legislators wrote “digital signals” like they’re describing magic fairy dust that somehow makes children invisible to the internet.

The Technical Illiteracy Is Actually Offending Me

Here’s what gets me: the people who wrote this law clearly do not understand how operating systems work. Let me count the ways:

What even is an “operating system provider” for Linux? A typical Linux distribution is a Frankenstein mashup of the Linux kernel, GNU utilities, a desktop environment, a package manager, and various other components all maintained by different groups of volunteers scattered across the planet. Who’s responsible for AB 1043 compliance? The Ubuntu team? The Debian maintainers? The random guy who maintains the AUR packages in his spare time? The law seems to assume there’s always a single corporation behind an OS, which tells me whoever drafted this has never opened a terminal in their life.

What happens to vintage computing? If the “digital signal” is required for software to run, does that mean your 1995 ThinkPad running Windows 95 suddenly becomes a brick? What about all the retro gaming enthusiasts who depend on emulators? Are we about to witness a forced hardware upgrade apocalypse that makes Windows 11’s TPM requirements look like a gentle suggestion?

What about air-gapped systems? You know, the computers that aren’t connected to the internet on purpose? The ones in nuclear facilities, medical equipment, industrial control systems? They need age verification too now, apparently, because they can “download an application.” How does that even work when there’s no network connectivity? Do you verify your age by mail and then the computer gets a certificate? The law doesn’t say. The law doesn’t say anything useful, actually. It’s 2026 and we’ve somehow regressed to the point where legislation reads like a Magic 8 Ball.

The Fines Are The Real Crime

But here’s the part that really恶心 me. The law establishes “specific and punitive fines for non-compliance” without actually defining what non-compliance looks like. It’s like saying “we’re going to fine you if you do something wrong, but we won’t tell you what wrong looks like until after we fine you.” This is the legislative equivalent of a cop hiding behind a billboard and then giving you a ticket for “suspicious walking.”

Companies are going to live in perpetual fear of violating a law that no one can explain. Innovation doesn’t flourish in an environment where compliance is a guessing game and the penalty for getting it wrong is financial annihilation. This is regulatory terrorism dressed up as child protection.

And let’s talk about the actual children for a second. Who is this actually helping? A motivated 13-year-old who wants to access inappropriate content is going to find a way. They can use a VPN, borrow a parent’s account, use a friend’s phone, or simply lie about their age like every human being on earth has done at some point. This law won’t stop them. It will only punish the people who actually try to comply and create a massive data collection nightmare in the process.

Because here’s what no one is talking about: where does this age data go? How is it stored? What’s the retention policy? The law requires age verification but is suspiciously silent on what happens to that information. We’re creating a system that collects and stores age identification for every single computer user in California, and somehow that’s supposed to make us safer? Give me a break.

The Open Source Community Is Going To Just Ignore It

The beautiful irony here is that for open source operating systems, this law might as well not exist. You know why? Because open source is built on the fundamental principle that users can modify their software. You think some age verification gate is going to stop a Linux user from patching it out? A five-year-old with basic coding knowledge can remove a compliance module from an open source project. The law assumes a world where everyone is running pre-compiled proprietary binaries that they can’t touch, and that world hasn’t been accurate since 1991.

Unless the law mandates a cryptographically enforced, centrally controlled verification system that somehow persists through software updates, it’s completely toothless against the people who actually care enough to get around it. And if they did mandate that, it would be an absolute nightmare for security researchers, tinkerers, and anyone who wants to actually own their hardware.

So the law will either do nothing useful against the people it’s targeting, or it will become a weapon against the people who just want to use their computers in peace. Either way, it’s a win for absolutely no one except maybe the lawyers who get to interpret this mess for the next decade.

Other States Are Doing It Too And That’s The Scary Part

Texas tried something similar with their App Store Accountability Act, forcing age verification on apps. A federal court blocked it, correctly identifying that it’s probably a First Amendment violation for being too broad. But California isn’t backing down, and neither are other states. This is a pattern now. They keep passing these laws and hoping something sticks, and even when courts push back, the message to tech companies is clear: comply or die trying.

The worst part is that this will probably work. Not because the laws are good, but because the cost of non-compliance is existential. Even if a company thinks a law is unconstitutional, they don’t have the money to fight it in court for five years. They’ll just implement whatever half-baked solution the regulators grudgingly accept and move on. The regulatory chill is the real damage here, and it’s happening right now.

Clue Verification For Politicians

I genuinely do not understand how someone can write a law this broad, this vague, and this technically illiterate and then feel comfortable signing it. The legislators who passed this either don’t use computers or have been promised by some staffer that “the tech companies will figure it out.” And they’re right, actually. The tech companies will figure it out. They’ll figure out how to comply in the most minimal way possible while collecting as little data as they can get away with, and then we’ll all just live with a worse computing experience because some people in Sacramento wanted to seem like they were doing something.

What we need isn’t age verification for operating systems. What we need is clue verification for politicians. You should have to demonstrate basic technical competency before you’re allowed to draft legislation that affects two billion computer users.

I’m not holding my breath.

Somewhere out there, a smart-toothbrush is about to ask a six-year-old to prove they’re over 13 before it will dispense toothpaste recommendations. This is the world we live in now. This is what governance looks like in the algorithm age. And somehow, impossibly, somehow people are still surprised when tech does weird shit.

I’m done. I’m going to go configure my router to run off-grid so the state of California can never reach me. At least until they mandate age verification for router firmware.