alt Hacker NewsWhat a crappy law.
> Section 1798.500(e)(1) states:
“Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
So… DNS servers are “covered application stores”, right? As is PyPI or GitHub or any other such service. S3 and such, too — lots of facilitating going on.
And I’m wondering… lots of things are general purpose computers. Are servers covered? How about embedded systems? Lots of embedded systems are quite general purpose.
edit: Yikes, whoever wrote the text of the law seems to have failed to think at all.
> (b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.
The developer shall request? Not the application? So if I write an application and you download it and run it on an operating system, then I need to personally ask your OS how old you are? This makes no sense.
> (2) (A) A developer that receives a signal pursuant to this title shall be deemed to have actual knowledge of the age range of the user to whom that signal pertains across all platforms of the application and points of access of the application even if the developer willfully disregards the signal.
Did they forget to make this conditional on getting g the right answer? If I develop an application used by a 12-year-old and the OS says the user is 18+ (which surely will happen all the time even if no one lies because computers have multiple users), and the OS answers my query, then courts are directed to deem that I have actual knowledge that the user is under 13? Excuse me?
Replies
My reading of 2A is that devs can take the word of the OS or App Store. If they say the user’s 18, and the user’s really 13, then the developer’s in the clear for serving adult content to them because they took the word of the certifying entity.
Conversely, if the OS says the user’s 13, then they can’t say they thought the user was actually 18. Guess sucks to suck if you want to buy a movie ticket from your kid’s phone, or if you mistyped your age when you set yours up because you didn’t have your passport nearby.
I guess we will have to replace the OS of every system that can play a violent and inappropriate videogame, like Doom.
> [distributes] AND [facilitates the download of]
Grouping braces and capitalization mine. So distributing also required. However it's still overly broad, vague, and ambiguous.
DNS doesn't generally distribute applications, so no it doesn't apply.
> “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.
So OpenWRT would be covered since they allow the user to download packages (ie software) via apk/opkg.
Awesome!
Christ, that would make Google, Dell, Netgear, and Comcast a "covered application store".
This isn't a law. It's a prayer.
2A just says that if the e.g. client request headers say the age bracket, the server (dev) can trust the reported age, but also shall not ignore it on purpose. No "just ignore the do-not-track flag" escape hatch here. "A bartender can't willfully refuse to check someone's ID if they are presented with it."
For incorrect OS answers, keep reading. 3B covers what happens if there's clear and convincing evidence that the age covered in 2A is inaccurate. (Reported profile birthday, for instance) This is "if someone shows a bartender a valid drinking-age ID but says they're celebrating their 17th birthday, this can't be ignored".