Ageless Linux — Software for Humans of Indeterminate Age

Q: Is Ageless Linux a real operating system?

It is as real as any operating system that identifies itself via
/etc/os-release. The law does not define minimum technical
thresholds for what constitutes an operating system. It defines an
“operating system provider” as anyone who “develops, licenses, or controls
the operating system software.” We control the operating system software.
The operating system software says it’s Ageless Linux. QED.

Q: Isn’t this just Debian with a different name?

Isn’t Ubuntu just Debian with a different name? Isn’t Linux Mint just
Ubuntu with a different name? Isn’t Pop!_OS just Ubuntu with a different name?
The entire Linux distribution ecosystem is built on the premise that
modifying and redistributing an existing system creates a new distribution.
Each of these distributions is, under AB 1043, a separate operating system
provider with separate compliance obligations. There are over 600 active
Linux distributions. The California Attorney General’s office may wish to
begin hiring.

Q: Is this really just a bash script that changes the name of the OS?

Right now, yes. A bash script that modifies /etc/os-release
and installs a refusal notice. That’s the point — that’s all it takes to
become a regulated “operating system provider” under AB 1043.

But Ageless Linux is not just a script. It is a commitment. As major
distributions formulate their compliance strategies — D-Bus interfaces,
AccountsService patches, age collection prompts in installers — Ageless
Linux will be there with removal scripts, spins, and forked packages
that strip out age collection infrastructure. If Ubuntu adds an age
prompt to its installer, we will publish a script that removes it.
If Fedora ships an org.freedesktop.AgeVerification1 daemon,
we will publish a package that replaces it with /dev/null.
If Debian stable adds age bracket signaling to AccountsService, we will
maintain a fork that doesn’t.

Today, the bash script is the whole distribution, because today there is
nothing to remove. When there is something to remove, we will remove it.
Ageless Linux is a promise that somewhere in the ecosystem, there will
always be a distribution that treats its users as people of indeterminate
age.

Q: What if I run the script and a child uses my computer?

Then you are an operating system provider who has distributed
an operating system to a child without collecting their age at account setup.
But here’s the thing: you don’t have an “affected child.” You have a person
whose age you don’t know. The law fines you per “affected child”
(§ 1798.503(a)), but can only identify
a child as “affected” through the age bracket data
(§ 1798.500(b)) that the law requires
you to collect. You can’t be fined per child until you’ve counted the
children. You count the children by asking their age. You’re being fined
for not asking their age. The law eats its own tail.

Q: What about the age verification API? Don’t you need one?

In standard mode, Ageless Linux ships a shell script at
/etc/ageless/age-verification-api.sh that prints
an error message and exits. In flagrant mode, no API of any kind
is installed. We recommend flagrant mode. The standard-mode stub
exists only for people who find comfort in the “good faith effort”
defense. We do not.

Q: Is this legal?

We are not lawyers. We can tell you what the law says. AB 1043
creates civil penalties. It does not criminalize noncompliance.
There is no private right of action — only the AG can enforce it
(§ 1798.503(a)). The law does not
prohibit distributing operating systems without age verification. It
fines you for doing so. We are doing so. The question is not whether
this is legal. The question is whether anyone wants to spend the
State of California’s money suing a person who handed a child a
Linux USB drive.

Q: What is the point of all this?

There are two points.

The first is that AB 1043’s definitions are so broad that a bash
script and a static website can create a regulated operating system.
A law that cannot distinguish between Apple Inc. and a shell script
has a drafting problem. A law that sweeps in 600+ volunteer Linux
distributions was not written with them in mind. A law that was not
written with them in mind but regulates them anyway is not a careful
law.

The second is that this law was never meant to be enforced against
everyone it covers. It was meant to be enforced selectively. The
large platform companies already comply. The small ones can’t.
The Attorney General has sole enforcement discretion. A law that gives
a single office the power to selectively impose $7,500-per-child
fines against any operating system distributor in the state — while
ensuring that only the largest corporations can avoid liability — is
not a child safety measure. It is a tool for selective prosecution.
The children are the justification. The discretion is the product.

We are trying to make the selective part difficult. If the AG wants to
enforce AB 1043, we would like to be first in line. We are a clear
violation. We are documented. We are findable. We are daring them.
If the law is worth enforcing, enforce it against us. If it is not
worth enforcing against us, ask why it exists.

Q: Will you ever implement age verification?

Q: What if the AG actually fines you?

Then we will have accomplished something no amount of mailing list
discussion could: a court record establishing what AB 1043 actually
means when applied to the real world. Does “operating system provider”
cover a bash script? Does “general purpose computing device” cover a
Raspberry Pi Pico? Can you fine someone “per affected child” when no
mechanism exists to count affected children? These are questions the
legislature left unanswered. We’d like answers. A fine would be the
fastest way to get them.