I'm glad EFF's people have the guts to fight this. This debate is very emotionally charged and I think many reasonable people are uncomfortable with the legal panopticon being constructed to "protect the kids" but they're afraid to speak out.
Christopher Cabaldon had a great monologue during CA's social media ban hearing the other day:
> And so I think one thing I've learned here is that when something's framed up as let's do it for the kids, let's do it to stop murderers and rapists, or let's stick it to the big corporations, all of those are important. Those are important objectives, but they can sometimes cause us to stop thinking about what's the actual policy underneath.
My favorite use of this is peer-to-peer transfer of Docker images. The Docker CLI only allows you to use registries authenticated with HTTPS but there's an exception where it allows HTTP transfers over localhost.
So, if you use SSH tunneling to forward a port from localhost to a remote, then Docker unwittingly pushes to a remote. This is super useful "off the grid" with robotics/embedded applications where you don't want to bother with a registry and a good Internet connection.
That's not quite true, you just need to add the `insecure-registries`[1] option with a list of either IP (or ip ranges) or hostnames that you want to allow without TLS.
Yes this is true. I should caveat that we distributed the tool among a team and we didn't want to ask them to all edit their daemon.json with an ever-expanding list of IP addresses.
Not really since all it takes is one person with misconfigured device and your LAN is now accessible from who-knows-where unless the LAN is under very strict lockdown.
It's understandable Anthropic would do this to limit their liability against minors getting harmed. Especially with laws like California's AB 2023 in the works, where parents can sue a chatbot maker if the chatbot harms their child.
Still, I hate that I have to share biometrics and blindly trust that Persona is doing cybersecurity properly.
> These laws exist because social media is extremely damaging to children
There actually isn't much evidence of this. Most of the thrust for this hypothesis comes from The Anxious Generation, which was written by a moral psychologist as opposed to an adolescent researcher, and has been widely criticized by experts.
There is evidence that social media use is associated with poor mental health but the causation piece is contested. Most stories about social media harm are kids who were already struggling.
> Can anyone suggest a better way of protecting kids, other than age verification?
As far as protection from social media, the best solutions I've seen are:
- Antitrust and interoperability: people want social media, just not the toxicity. Give them a way to migrate to better platforms. CA tried this with the Digital Choice Act (AB 2169) but it got shot down by Big Tech lobbyists.
- Privacy protection: rather that detect who's a child and protect only them from being tracked and surveilled, protect everyone.
IMO social media is a red herring. There are much more obvious sources of youth distress with far stronger effects in the data: poverty and economic hardship, abuse in the home, parental mental illness, drug abuse, marginalized demographics (e.g. LGBTQ+ youth have way higher suicide rates).
The kids would be way better served by things like universal healthcare, universal childcare, a better foster care system, etc.
Agreed. The Heritage Foundation even admitted it when promoting KOSA: "Keeping trans content away from children is protecting kids."
And I think a lot of this is projection from parents who massively struggle with social media.
It's quite telling that Sarah Huckabee Sanders, who is aligned with the Christian right, and whose job as press secretary was to be a meat shield for Trump's incompetence and absorb all the anger from the press and social media, sent a copy of The Anxious Generation to governors in all US states.
I wish we could just have microtransactions to buy access to individual articles at a time. Like physical news stands letting you buy a newspaper or magazine.
There are so many times where I've bounced away from an interesting article because I didn't want to deal with the subscription paywall.
The argument for subscriptions is it helps cultivate a relationship with customers and gives the business recurring revenue. Which is fine if I want the relationship, like with Ars Technica, Wired where I'm usually interested in their reporting. But in most cases the relationship feels awkward and forced, like this linked article mentions.
Like I'm not paying $400/year to The Information just to unlock a one-off story.
If you’re in CA, definitely leave messages for your state senator and assemblyperson. I already did and their staffers replied that they got the message.
This and AB1043/AB1856 just make me so mad. These politicians apparently think they can threaten fines upon the open source community and coerce us into implementing their poorly researched laws.
It’s like in a toxic workplace when a non-technical manager agrees to a questionable assignment on your behalf, without your consent, and tells the stakeholder oh yeah, no problem, that’ll take 2 weeks.
I first used the contact form on their website and sent a written message so they have my position in writing.
Since they might get a flood of written correspondence, I also called their district office and either talked to a staffer or left a voicemail telling them the same thing.
The key is the district office phone number, not the capitol phone number. One of my reps said the capitol phone line was understaffed and they missed one of my voicemails.
This is a potential loophole. Companies could have an "open source" OS but restrict installations like Tivo did in the 2000s (i.e. "Tivoization"). Or they could allow installation of modified software but restrict functionality like the way the Google Play Integrity API can nerf apps running on custom builds of Android.
Or, they can have a license like the Business Source License where you can copy, redistribute, and modify the software but you can't use it commercially. This goes against OSI's open source definition.
We emailed this amendment to Buffy Wicks's staff:
§1798.504(f) This title does not apply to[...]:
(4) An operating system or application that meets both of the following conditions:
(A) The operating system or application is distributed under license terms that permit a recipient to copy, redistribute, and modify the software, including for commercial purposes and without payment of a royalty or fee.
(B) The operating system provider or developer does not, by technical or contractual means, prevent the recipient from installing modified versions of the software on a device on which the unmodified version operates, and does not restrict the functionality or interoperability of modified versions.
Shouldn't that specify the code not or not only the software? For example, the corporate Windows license allows the corporation to copy, redistribute (internally), and modify (via group policy, APIs, or development on the Windows platform) the software. The big difference between that and Linux is licensees can't access the code. FOSS requires free access to, use of, modification of, and redistribution of the code.
Honestly you're probably right, code is a better term. I copied that language from Colorado's SB26-051 bill which also has a FOSS exemption and they use the word "software". I'm not a lawyer but I'm hoping that a court's interpretation of one state's language will apply to other states.
That and lots of FOSS licenses use some variant of those words "copy, redistribute, and modify" so it's probably a term-of-art that courts recognize.
This is what Colorado's law says. It prevents Tivoization but not feature nerfing like the Play Integrity API.
§ 6-30-105 (3)
(e) AN OPERATING SYSTEM PROVIDER OR DEVELOPER THAT
DISTRIBUTES AN OPERATING SYSTEM OR APPLICATION UNDER LICENSE TERMS
THAT PERMIT A RECIPIENT TO COPY, REDISTRIBUTE, AND MODIFY THE
SOFTWARE WITHOUT ANY PLATFORM-IMPOSED TECHNICAL OR CONTRACTUAL
RESTRICTIONS IMPOSED BY THE PROVIDER OR DEVELOPER ON INSTALLING
ALL MODIFIED VERSIONS.
reply