Open Source Developers Are Considering Locking California Out, and the State Has Only Itself to Blame

Age verification has been creeping steadily up the tech stack for years, from adult websites to social media platforms. But now it has seemingly reached the last place anyone expected: your operating system's account setup screen. And the open-source community is not taking it quietly.

California's Digital Age Assurance Act (AB 1043), signed by Governor Newsom in October 2025 and taking effect January 1, 2027, requires every operating system provider to collect a user's age or date of birth during account setup and expose that data to app developers via a real-time API. Every developer who asks gets a signal telling them which of four age brackets you fall into: under 13, 13 to 15, 16 to 17, or 18 and older.

The law applies to everything: Windows, Android, iOS, macOS, SteamOS, Linux distros, and any niche project that technically qualifies as an OS under California's deliberately broad definition. Now, all of these smaller developers are trying to figure out the best approach to dealing with this mess or if it’s worth dealing with it at all.

Your OS as a Government Informant

The situation is quite straight-forward. Under AB 1043, age collection happens at account creation, before you've done anything. The OS must then maintain a live API that any eligible app developer can query to find out your age bracket on demand.

No photo ID is required, meaning users simply self-report their date of birth, which sounds almost reasonable until you realize the data doesn't stay on your device. It flows outward to every developer who requests it, in real time, indefinitely.

California isn't alone for long, either. Colorado is working on its own parallel bill, SB26-051, which would impose similar requirements from January 1, 2028. What starts as a California quirk has a pattern of becoming a national baseline.

The Open Source Community's Dilemma

The developer response has ranged from cautious to defiant. Fedora Project Leader Jef Spaleta admitted in a community discussion that he wasn't even aware of the law when it was first raised and is now exploring a local D-Bus service or a simple age file in /etc/ that apps can query without any data leaving the machine. Ubuntu developer Aaron Rainbolt proposed a similar optional D-Bus interface; Canonical says it has no concrete plans yet.

Others aren't waiting around. MidnightBSD, which takes its name from the University of California, Berkeley (the irony writes itself), has already modified its license to exclude California residents from desktop use starting January 1, 2027.

Then there's DB48X, an open-source calculator that apparently qualifies as an OS under this law and has updated its legal notice to ban California and Colorado users. You know a law has gone wrong when it's angered the math people. And you know what? I say the logic is sound. If California and Colorado want to enforce this, that's their problem.

One Fedora community member put it quite accurately, saying that not complying and taking a public stance against this is the only correct response, because compliance today is an invitation for stricter overreach tomorrow.

Child Safety Theater With a Surveillance Aftertaste

The law's fatal flaw is baked in by design. AB 1043 requires no actual verification. A child can type any birth year they want, and nothing stops them. It solves exactly zero of the child safety problems it claims to address while creating a permanent OS-level data pipeline broadcasting your age bracket to any developer who asks. One breach, one future amendment, and the infrastructure is already in place.

The developers pushing back, whether by refusing to comply, proposing privacy-preserving alternatives, or simply locking the state out, are the only ones in this story treating user privacy as a non-negotiable. It’s quite clear to anyone who’s not pushing their own agenda that age verification laws framed around child protection across the world have hardly ever really been about children. They've been about normalizing surveillance infrastructure, one "reasonable" step at a time.

And if it’s really about children, then prove us wrong by stopping, taking a step back, and coming up with something that actually makes sense. Because right now, there are literally hundreds of scientists begging governments to stop this insanity. Or does the opinion of the world’s brightest only matter when it fits your narrative?