The only device mandates that should be taking place is for the default installations of web clients should be checking to see if parental controls are enabled. This only impacts the major browsers. An intern at each browser company could add this check in minutes. If they are enabled and the person logged in is on a regular account (not admin or power user of sorts) then the base installation of web clients must check for an RTA header [1]. If present, prompt for a override password and also give the option for the admin to approve-list the domain at that time. That's it. Not perfect, nothing is or will be.
The only thing server, platform, website, service providers should be doing is setting an RTA header if the content could possibly be adult or user-contributed content that could dynamically become adult, moderation aside. This knocks out two issues with one fix. Small children don't see much if any adult content and they are kept off social media until the admin (parent or legal guardian) approves it.
If a site is not adding the RTA header then progressively fine them into oblivion. If they accept the fines as the cost of doing business then seize everything and put everyone in GenPop. An intern could enable the header in 5 minutes.
All legislation regarding age verification must revolve around this otherwise people must reject it as an abusive form of tracking and privacy invasion. The focus should be on small children as teen share porn, warez, movies and such within Rated-G games.
Bold of you to assume that lawmakers have any common sense when it comes to technology legislation. It could have taken 3 interns 3 hours at each browser company to implement a cookie consent standard 15 years ago, yet here we are in cookie banner hell.
Cookie banners exist because it is a dark pattern companies use to get you to opt into marketing cookies by making the easiest thing the worst choice.
This could all be handled by settings in the browser, only if the sites themselves listened to the users' browser preferences.
Agree. Its like in some countries you put a sticker on the mail box "no advertisement, please" and its illegal tor postman to deliver you ad brochures. Same could have been possible with browsers, but oh no, now you have to go out to each postman ant tell him explicitly that you do not want ads, and postman has no memory, if you tel him that you don't want ads. He can come back ten minutes later and you have to tell him again.
If sites donāt listen to user preferences why would the cookie banner listen to my consent.
Ultimately thereās no good excuse for the banner solution.
Yes, the data protection people are always blamed for the banners when, in fact, the marketing people are responsible.
If you build a website without all that tracking stuff and without 'free' services from the data collection companies Google and Facebook, then you have a pretty good chance of not requiring a banner at all, because for logins, etc., you are allowed to use cookies et al. without requiring an opt-in.
But I never saw anybody at the OMR being proud about the state of cookie banners they created...
"Do Not Track" (DNT) is already a browser setting. It just doesn't enforce anything, nor does anyone respect it.
Tech companies could have headed off this legislation 15 years ago by just solving the problem as Bender suggested. But they wanted to pretend they had no social responsibility to not deliver filth to children, and so now the legislators are involved and they get to deal with that. I have no sympathy.
Here's one thing Apple did well on. Their screentime settings also work in the browser. It could be better, but at least it's something if you set up your kids device properly.
[dead]
In the US all the age verification legislation is written by data broker companies that want to mine this data. The government also wants to be able to have access to this information by proxy.
Itās not written the way itās written because theyāre oblivious itās written the way itās written because itās plain lobbying writing the bill.
For example, thereās little in the way of protections in how the age verification would be protected or prevent the analytics from being sold
How do you know?
I was referring to the intern being able to add the header. Politicians need financial incentive. I don't have the resources to lobby them. I think that might require a philanthropist should there happen to be one that lurks on HN. There are some interesting people that lurk here that we sometimes learn about.
They can't do anything today as it is a federal holiday but they could do something tomorrow.
I think the header/metatag is designed poorly. The RTA proposal is that every operator of every site must verify the content and add the header to mark the site as "safe" or "unsafe". This is unnecessary burden that they have to bear if this proposal is given a green light and this is wrong.
Instead, the default should be, that if there is no header or it cannot be parsed, then the content is unsafe. And if there is a header, it describes the page rating, like what kind of dangerous content it may contain. The header may be added to any displayable content like HTML, text, images, audio or videos, but not to machine-readable content like JS files or AJAX responses.
So only those who wants their site to be accessible by minors, have to add headers. For social networks, the user might have an option to mark his content as "safe".
This means that with my proposal existing site operators need not to do anything to mark their sites as "unsafe" - all sites are "unsafe" by default. This means that millions of site operators need to spend 0 dollars to adapt their sites. How great is that?
The browser on a device with parent mode, should not allow displaying any content which doesn't have a header or that is marked as unsafe, or that contains header with invalid value. The parents may whitelist some sites.
There should be a reponsibility for intentionally marking unsafe content as "safe". We should also think what to do with foreign operators, intentionally putting invalid headers for unsafe content. Maybe they should be added to some kind of blacklist that the browsers would periodically update.
Search engines like Google could work by default in "safe" mode, but add "unsafe" header if the user wants to turn off restrictions.
> If a site is not adding the RTA header then progressively fine them into oblivion.
I think my proposal is better because it requires only fining those who intentionally misrepresent content safety.
> Instead, the default should be, that if there is no header or it cannot be parsed, then the content is unsafe.
That's something the client should be doing. You can configure your own device (or your kid's) to have whatever default you want.
The actual problem is that classifying the entire firehose of user-generated content is precarious and uneconomical, so the default tag is going to be whatever minimizes liability. If untagged implies "unsafe" and "unsafe" minimizes liability then the majority of content will be untagged. If untagged implies "safe" then the majority of content will end up explicitly tagged as unsafe, because tagging it as unsafe minimizes liability.
But either way if you disable "unsafe content" you'll end up disabling almost everything, specifically including the huge amount of "safe" content which isn't tagged as safe because accurately classifying it is uneconomical.
If the default wasn't "almost nothing" then you'd be sanctioning exposing some kids to content their parents didn't want them to see. If there's no economic incentive to tag content then it's not valuable content for kids.
Ultimately the problem is the provider knows what category the content is and the parent knows what the content policy is. Providers can't say whether it's "safe" or "unsafe", only what standards it complies with. Some parents will have weird policies like "only G-rated movies or any Jim Carey movie" that can't even be delegated in any reasonable way to providers.
So the header has "PG-13, US-legal" because it's a movie rated PG-13 and constitutionally-protected legal content in the US, and whatever other markets you want to open up. Providers could even include AI ratings so as to mass-tag their content at low cost, and parents can decide if a particular AI rating is okay.
Parental controls could even restrict official ratings to country of origin, so if you approve PG-13 it'll block that content from countries where you can't sue them for lying about it.
> But either way if you disable "unsafe content" you'll end up disabling almost everything, specifically including the huge amount of "safe" content which isn't tagged as safe because accurately classifying it is uneconomical.
I think that's okay. The need for regulation is incentivizing capitalism in its amoralism to favor your regulated morality.
Corporations very much like targetting impressionable kids with content to sell stuff. If that adds a liability cost to moderate and make sure that content is "safe" (whatever that means in your jurisdiction), then isn't that what you would want?
I've never let my kids out on youtube, or the internet without either of us parents (yet at least). I hear you can now whitelist channels on youtube premium for child accounts, which sounds exactly like I want, but of course that doesn't scale. While I'd want to curate the entire internet for them until we've instilled enough judgment/their brains have developed enough to do it themselves, it's obviously impossible. Adding a liability risk or moderation cost to target kids seems like a fairly aligned incentive.
Basically we'll get 99% of websites with headers that amount to "Online Interactions Not Rated by the ESRB"
The page having a simple rating assumes there can be one mapping from content to rating for the whole world. I doubt we can even have one for North America and Europe.
Every app submitted to the App or Play store already has to do this. If parental controls are on, then users cannot download those apps.
The only hard part for the web is that a site could lie since there is no gatekeeper, but some black lists can help with bad actors.
Come up with a few categories and let the browser/OS decide.
Websites by default are ātrueā for every category, unless they specify.
Categories are, for example of some: nudity, sexual, violence, etc.
It doesnāt have to be perfect but sites will have to err on the side of caution.
We could even create an html tag <restricted type=violence> for example, and the browser can simply not render that portion of the page of the user has that type disabled.
And we could give companies a pass for best-effort categorization using tech to assess user-generated content, along with allowing users to flag their own content as āsafeā
That's a sorry attempt at an excuse. Companies are expected to collect ID and have related business logic that respects local laws but can't figure out how to tag their content? That's an utterly nonsensical position.
There's no reason a simple, standardized header can't be used to communicate any number of classifications simultaneously.
Edit: It occurs to me that if you oppose all age related measures then my above response isn't entirely fair to you. I still think it's an absurd objection but the comparison I made no longer applies.
It's a hard problem but the key is that it needs to be on the client rather than on the server, because that's what can have any information on jurisdictions, local regulations, religions, or general parental preference.
For example, it would be insane if every website and blog in the world to had to run logic to detect and prevent Elbonian males under 16 lunar years from seeing ankles except on Thursdays.
The problem with your proposal is that it's already the status quo. Various whitelists exist but service operators don't generally bother with these things. What you end up with is a largely unusable experience if you enable whitelist filtering.
The core problem is the lack of buy in. Unfortunately that likely needs to be forced. I think it's not unreasonable to legally require people to make a claim about the nature of what they are serving up. They already need to be aware of the legal status of what they're doing anyway so it hardly seems as though making such a determination should pose a burden when you consider that it's an alternative to either requiring ID, requiring the client send age bracket information, or other heavy handed interventions. The choice here isn't "the status quo vs a header" but rather "some other age related regulation vs a header".
An easy way to enforce this "voluntarily" (ie coerce) without sending government agents after every small time website operator would be to require that mainstream browsers and other client software (based on MAU or similar metrics) refuse to process content that does not send a classification header. Doesn't matter what the header says or what the status of the user account or parental controls or whatever else is, it has to send the header regardless or it will be blocked without exception. That would presumably trigger broad compliance with the relevant regulations.
Should books require an age rating?
What about spoken words?
What makes online speech different, from the perspective of the Constitution that limits the power of the state?
For what its worth this header has been around for a very long time. It's actually the second iteration and much simpler than it's predecessor.
Parents today can accomplish what you are suggesting by installing parental control software and only allowing access to things they explicitly approve.
This can also be done via headers explicit blocking of all the things and was suggested in another thread. [1] Some people liked the idea.
Again, RTA header doesn't work because it's a blacklist, not a whitelist, and also because it's only granular enough to say "this is a porn website" and nothing else.
The point is that it is unrealistic to expect millions of people to mark the content. Also, the header is better than the metatag because it can be added to images, videos and other non-HTML content as well.
No such mandates should take place at all.
This is correct. It is not the government's job to raise our children. The more we ask the gov't to do that we should do, the less power we actually have. Some will say this ship has sailed, well, I say it's not too late to sink it.
Earlier today there was a large thread on HN about the golden age of child rearing, from time immemorial to about two decades ago, when children started getting sent home and parents got a stern talking to from the police, just for owning a pocket knife or biking home alone.
We really can't have it both ways, that every failure of the child is blamed on the parent for lapsing in their almost totalitarian oversight, while also idealizing the idea that children must make their own mistakes and gradually growing into responsibilities and self-governance. Except having access to the Internet, apparently.
Taking a step back, this all smells like madeleines and a yearning for the good old days when everyone rode bikes and nobody owned smartphones. That's not really a productive stance on anything.
(If you would ask me, and I'm sure nobody would, I would think that there is a sort of trade-off here but with a clear answer: Make clear restrictions about buying cigarettes, alcohol, abusive content and extreme porn. But these restrictions aren't meant to be technically perfect. It's ok that some kids will learn to lift the limits and explore what is forbidden. At least then they would know that there is some reason society collectively considers these things off-limits, and that they soon will be in a mistake of their own making.)
On the other hand, I know several "home-schooled" people [0] who literally can't even read and later married people more than twice their age or had other serious deficiencies in their life potential. The government can probably step in a little more here and there.
[0] I also know home-schooled people whose parents are far better than any teacher I've ever had and whose education and achievements reflect that obvious fact. Home-schooling itself isn't the issue, and I'd prefer that it remain possible.
But it seems that many parents do not bother to do anything to raise their children properly, including setting up parental controls.
I am sick of these "government bad" takes. They lack constructive suggestions, like your "sink it" nugget, they lack decent problem descriptions, as if anything after the sinking (likely private governance, aka feudalism) is immune to the ills of big-gov, and on top perpetuate reductivist arguments as if any kind of restrictions of freedom is by definition bad.
This broad rejection without good reasons is borderline sociopathic. ... and parental control is not the gov raising anyone.
I agree with you, as a longtime free speech believe.
but... I would also like to keep my kids from seeing the very worst of the internet before they're ready to handle it. I tried using a PiHole but Firefox DNS-over-HTTPS nullifies that now. It's not realistic for me to be watching over their shoulders 24/7; what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?
Unbound DNS if compiled with --with-libnghttp2 can listen for DoH and your Unbound/Pihole can forward to any destination you desire. This is what it looks like on my firewall:
# https://doh-int.mydomain.net/dns-query
interface: [ip of lan port]@443
interface: [ip of wifi port]@443
https-port: 443
http-max-streams: 220
tls-service-key: "/etc/unbound/keys.d/unbound_server.key"
tls-service-pem: "/etc/unbound/keys.d/unbound_server.pem"
ip route add blackhole "${IP}" 2>/dev/null
If the childs account is not able to gain admin privs then their ability to change settings can be disabled.
If your kids are in the smart 1% who can bypass your authority, they will. Be proud. For the rest, we don't need a police atate
Well, you can't.
Like no past generation could stop their kids.
> what can I do to keep them away from stuff 99% of people agree isn't for children to see, without something like this?
The better question is "Why do I need to give up privacy on my devices that no children ever use and are used for all sorts of mundane things that are entirely unrelated to what you're trying to protect your children from to solve this problem?" The solution being proposed here is to require ID checks at the OS installation level; this would be like requiring me to flash my ID when I walk out of my house because kids would have to go outside if they were going to try to buy alcohol.
A lot of us who grew up pre-social-media agree in principle.
What it fails to account for is that today's internet is qualitatively different from the pre-social-media, pre-smartphone internet. The vast majority of the internet audience, too, is qualitatively different. Incentives are misaligned for an average parent who might want to keep a tight leash on smartphone internet access for their kids, when attempting to do so will generate fierce opposition from their kids and leave them socially out of the loop.
People also wanted to smoke cigarettes but they got fierce opposition from their parents. That's what parents should do.
Maybe we should teach parents how to be parents instead of imposing draconian age checks (read: mass surveillance).
I agree fundamentally and ideologically but we are past that point. The toothpaste is already out of the tube as they say. There will be restrictions so all I can do is suggest more sensible restrictions that keep the control on the client side and do not share data. Any data shared can and will be abused, leaked, sold, stolen without consequence.
We are not past the point at all. Any democracy can ultimately decide on laws and regulation. Why would you wish to insinuate otherwise here? California could easily decide to not implement such laws, for instance.
That data leaks out is always a given. So, gather less data. Ideally none. But this is not a discussion about data. This is a discussion as to what state actors think they are allowed to do. It is an attack on private life of people. See the combined strike against VPNs.
I heard that lie about "sensible restrictions" so many times, now I am waiting for "sensible violence", "sensible beating to death" and so on. It is a false argument that "there will be restrictions so all I can do is suggest more sensible restrictions", what you can do is recognize that "no restrictions is an option".
It is like negotiating with a terrorist that wants to kill you and this is his starting position and then he wants to agree on some compromise, like seriously beating you. There is no negotiation.
How and when did we decide that we were past that point? I don't remember being consulted
> toothpaste out of the tube
Obligatory XKCD: https://xkcd.com/2521/
A) Aren't you targeting a completely different problem than this law? It's my understanding that this law targets the collection of the age from the user. What the user agent does with that signal is a different problem, and seems to already be solved, except for the definition of "actual knowledge" which they are trying to establish here.
B) How would your RTA header intersect with content rating in different jurisdictions? What if the content is illegal for children in Turkey but legal for children in Kentucky?
For topic (A) I am suggesting to negate this behavior all together. No more sharing personal data. That evil-pattern must be stopped.
For topic (B) companies can set or not set the header based on GeoIP. Not perfect but GeoIP is already used in load balancers, web servers and applications.
For (A) we have nothing to talk about. I think we fundamentally disagree about how society functions, and we aren't going to knock that out over hackernews.
For (B), your proposal requires the website have a database over current rules in every country they would be accessible from. Would a website then, in your opinion, be responsible for the accuracy of this database? We have to presuppose an official GeoIP source that would then be legally binding and under democratic control, but given such a database, would a website serving a wrong header to an IP associated with a specific country then be committing a crime in that country? What would the punishment be?
As usual 95+% of people commenting have no idea what is actually in the California law, and so are commenting about things that have nothing to do with it.
Different states, countries, and multi-country organizations that have legislated in this area or are working on legislating in this area have went with many different approaches. These differ in their scope, how age is verified (or even if age is actually verified), what documentation is required (or even if documentation is required), whether they apply to the web or to apps or to both, whether they make anonymous use harder or not, how much if any sensitive information they disclose to the apps/sites that need to check age, whether they could allow government to track your usage, and in other ways.
Most ridiculous are the comments that after saying how bad it is (clearly talking about things not in the California law) then say how it should work and describe something close to the California law.
It's not out of the ordinary for folks on HN to discuss the general subject of a topic and not the exact contents of TFA. The article tends to just be a catalyst for discussions.
It is kinda silly to read comments that do what you mention at the end (have a seemingly novel idea to fix the issue at hand and their solution is the one from TFA). That's just embarrassing.
But I feel like the rest of the discussions are fair game.
The age verification is coming from the Digital Age Assurance Act.
this act is pushed by the NGO 501c3 called Common Sense Media, their donors include Bezos, zuckerberg, and other rich people.
The same NGO also created a platform called Bandio that provides age verification services. How convenient.
Legislate restrictionist policy today that manufactures demand for age verification service, and then rollout the solution for $$$.
How convenient, muh free market capitalism.
Common sense media also earns $15 mln revenue from licensing its content rating technology.
Magic, Inc.
Who is actually writing this very concerning California Internet legislation, which will ultimately affect the entire nation and world?
Did someone write California Internet legislation without consulting any California Internet companies?
Did some California Internet companies write California Internet legislation?
Did some other party write California Internet legislation?
If you go take a read through the CA bill text that "became law", you'll quickly realize that whomever did write it must live in a very narrow bubble where the only "computers" that exist in the world are tablet style cell phones, the only OS'es that exist in the world are Android and iOS, and the only way anyone installs any software on the only computers that exist is via an "app store".
Meanwhile, while the overall writing clearly indicates the author has a very narrow view of "computers", the definitions of the terms is so broad that every computer, even the tiny embedded CPU in your microwave oven, might just need to ask your age before it allows you to do anything.
> every computer, even the tiny embedded CPU in your microwave oven, might just need to ask your age before it allows you to do anything.
Why do I keep seeing this bullshit exaggeration? It doesn't help anything to make such ridiculous statements. Nobody's microwave oven has an app store.
> Nobody's microwave oven has an app store.
Meanwhile, Samsung refrigerators can have an app store.
The bill was written by Buffy Wicks, who represents me in the State Assembly, who is very good on housing, transportation, and climate, and who should absolutely stay in her lane and not try to legislate platform APIs.
Meta alone spent 2 billion dollars lobbying for this worldwide, and it was a massive success, it's passing everywhere unanimously.
Citation for this claim? Searching lands on this page without any citations and seems AI generated slop:
https://captaincompliance.com/education/meta-is-spending-2-b...
There was an AI generated slop report posted to Reddit that went viral. It even got some news coverage before anyone stopped to read the files and discover that it was gibberish.
I still get downvoted for pointing it out and trying to ground the conversation in facts. As you noticed the story continues to thrive on bad news sites and social media.
Meta has not spent $2 billion lobbying for this or on lobbying altogether.
Itās amazing how that one AI slop project that made this claim got so many people to believe this number.
Spreading this disproven AI slop around isnāt helping. It just makes opposition look like uninformed conspiracy theorists who canāt fact check anything.
Meta is lobbying to get age verification installed at the OS level so that they don't have to bear the cost themselves. I know nothing of the $2B but the fact that Meta influences the legislation can hardly be denied:
During the meeting, Meta executives, including Antigone Davis, global head of safety, are understood to have argued that any age checks should be handled on a smartphone operating system rather than by the likes of Meta.
https://www.yahoo.com/news/politics/articles/meta-urges-labo...
>>Meta alone spent 2 billion dollars lobbying fo
Source: Some guy on Reddit, trust me bro
give source
> Who is actually writing this very concerning California Internet legislation, which will ultimately affect the entire nation and world?
Why would it affect the entire world?
One technological backwater is Having A Massive Sad over people using rude words on the internet, so they think they can tell everyone else what do to?
Bit rich calling US/CA a tech backwater when it comes to online speech.
A cynical person might suspect that the reason they are doing this is so that Linux developers don't have standing to challenge the law on 1st amendment grounds...
Nah, you're not cynical enough.
This is the classic "what we're trying to do is bullshit on a fundamental level so we're gonna just exempt random things until it becomes a niche issue and we can just do what we want and from there we'll just close all those exceptions over time" move.
Give it 5yr and you'll have idiots in the comments talking about how the "linux loophole" was a mistake and should be closed.
Source: history
They're finally applying their 2A strategy to the 1A.
Thatās exactly what it is. It removes standing, and that is a major flaw in our legal system. We need significant changes to defend constitutional rights properly.
Remember when women kept suing for the right to get an abortion and the courts kept just waiting out the pregnancy? Something something sixth amendment...
Justice delayed is justice denied
LEarn to take a win as a win. People who are unable to look at anything without seeing themselves being scammed are clinically paranoid.
It is an admission from the writers that this law is unrelated to safety and people should very loudly and frequently point that out.
If OSes that don't verify the age of their users are a genuinely unsafe for children, why should they be allowed just because they are open source? That doesn't seem to mitigate dangers associated with age in any away I can identify.
I think it just means that people using those OS simply wonāt be able to access adult content.
Have you considered that the writers typically have legislative but not technical skills and are just trying to placate upset voters, without really understanding what the optimal solution could be? Reading this and other threads you can see therea re plenty of highly technical people who struggle to articulate what kind of policy they want or what kind of parental controls they want to set up themselves?
It's kind of a hard problem and legislators are inclined picking the lowest hanging fruit. Their primary concern is to not be smeared as child predators by their political opponents at the next election, eg "jwitthuhn voted to give gambling websites, pronographers, and pedophiles easy access to YOUR children - s/he OPPOSED age verification laws on internet sleaze!! Who's jwitthuhn really working for - you, or the people who want to exploit your kids?!!"
One can point out that such electoral pitches are dishonest bullshit until one is blue in the face, but the fact is they work on a lot of voters because most of them are not smart and don't have the energy or inclination to research every issue. And it is true that there are a lot of hustlers on the internet who are willing to either passively or actively exploit kids, and the anonymity, non-locality, and technical complexity of the internet makes that relatively easy to do and hard to prosecute. Legislators offer simplistic solutions because that's what a most of the public wants, and people often make their voting decisions based on emotional factors rather than cold rationality.
You don't need mustache-twirling villains saying 'let's impose burdensome techn regulations that perpetuate oligopolies and allow me to make another trillion dollars, a few million of which I'll send your way, mwhahahaha' to get shitty legislation (which is not to say they don't exist). It will emerge naturally by default if other conditions are right.
A bad law that only affects other people might be a win for me, but it's still a loss for society
This would be a reasonable take if lawmakers hadn't been trying to scam us our of our rights since those rights were first put to paper.
More paranoia. What about the lawmakers who have tried to expand rights? I'm sick of these fallacies of composition.
[dead]
All this because public institutions have lost the will or capacity to regulate the companies. So they switch to burdening the consumers.
Lost the will? How about paid to look the other way?
It's hard for a politician to understand what his campaign contributions require him not to.
This is regulation from a public institution. Regardless of how such a resolution is passed, it will impact the consumers.
Itās regulation on consumers, not companies
Banning or limiting addictive features like algorithmic feeds would be regulating the companies.
They are regulating the companies. Apple, Google, and Microsoft are companies.
Desktop and mobile Linux is an extreme niche and alternatives to Linux are practically nonexistent. I'm not surprised law makers might not have known that there are operating systems not made by for-profit companies.
Another way to say it is that capital is operating as it always has: in its own interest.
Not just Linux. More specifically: āOperating system providerā does not mean a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software.
I read the title and thought "BSD folk must be in shambles". Glad it is not as shortsighted as I originally thought.
Yes, I wonder what false positives and false negatives will result from that definition. I suppose Microsoft permits corporate licensees to copy (to all their PCs and servers), redistribute (internally), and modify (by corporate software developers and also by sysadmins using group policy) the software.
Maybe it should say, the software 'code' - requiring open source code - and to do it all 'for free'.
there must be an reasonable assumption of what counts as such in the first place. being modifiable and publicly available in both source and binary form sound like enough to me.
> both source and binary form
Where does it say that? Not in the GGP.
Linux will be exempt for now. I wouldn't be at all surprised to see them try to slip it through later. Legislators in California have learned over the years, and have carved out exemptions in bills such as gun control bills to get it passed, and later classified their exemption as a "loophole" to be closed.
We did it despite the naysayers who faught us saying it "wasn't a big deal" and that this is the "best version of the law we could get". Never listen to the naysayers and compromise your principles to appease them, stay true to what you believe.
Get a daily email with the the top stories from Hacker News. No spam, unsubscribe at any time.