Dad's thoughts

Age restrictions and how to use them in tech

published: Mar 12, 2026 | modified: Mar 12, 2026 | 16 min read

Part one of a series on the recent age verification legislations

California just passed their bill which requires Operating System creators to ask for age information from users and provide that to applications and websites. In theory, I like the idea. Force the operating system to provide a modified and restricted experience to aid parents in the ever growing task of moderating what their children have access to on their computers, phones, tablets, applications, and websites. I personally believe that it falls to the parents to do that moderation, and I am very much involved with the content and experience my children have in the computing world. In fact, this belief is ultimately what lead me to start writing this whole blog - to focus on reviewing games through the lens of a parent trying to make sure that my children are not being bombarded with themes and content that are inappropriate for their age. However, as I wrote about already, I am a bit privileged in that I have been playing around with technology and computers since I was at least 8 years old. I grew up in a house with enough disposable income to build PCs back in the 90s and early 2000s. I was playing the early Grand Theft Auto games, StarCraft, Age of Empire, and Duke Nukem 3D as a young boy. Maybe I shouldn’t have been, but it has given me a better understanding of what is out on the internet and in these applications to understand why parental moderation is desperately needed. I also know that California’s bill (and all other bills to come before and after) is not the right way to go about it.

The issue of Online Privacy

I’d like to propose a slightly different way of going about this experience which I hope can act as a bit of a middle ground. What makes me nervous about this bill is that it puts the onus of “child safety” on the developer of a technological solution. Let’s take Discord as a stand-in for this discussion, as it has recently been made the subject of a lot of controversy. In order to “protect the children”, Discord has decided that it is going to set all users to a “Teen” user experience by default and requires a user to either scan their ID and upload it for age verifications or provide a video of your face to estimate your age. According to their announcement,

  • Facial scans never leave your device. Discord and our vendor partners never receive it.
  • IDs are used to get your age only and then deleted.
  • Discord only receives your age — that’s it. Your identity is never associated with your account.

We all know we can trust Discord, right? Given the history of all private companies (publicly traded or otherwise), we all understand that companies like Discord, Apple, and Microsoft all are incentivized to hide the truth, to artfully craft these announcements so they are technically true on the surface, but then write code that collects as much data as possible to build profiles around you. Large cooperations have shown us time and time again that they are not to be trusted with our private information and do not have any interest other than making more money.

Getting rid of Corporate Speak

I’ve been using the language of the corporate offices where they talk a out “opportunities” and “markets” and “users”. However, it is important to understand that we are not talking about some amorphous pile of money to be mined out of the earth. Users are people. So, let’s reword some of my statements above.

Discord has decided … to set all people to a “Teen” experience … requires a person to scan their ID … or provide a video of your face.

We’re collecting face scans and government ID cards of people. Not Users. Not markets. Not Opportunities. People. With the rise of fascism and authoritarian tendencies around the globe, now is not the time to be requiring users to provide more and more extremely sensitive data. Discord claims that this data will “never leave your device” or or information is “used … and then deleted”, but as we’ve seen with one of the last few software “good guys” on the internet, those promises can always be retracted.

Another example of failing trust

This article actually brings up one of the things that I am more personally concerned about. Down at the bottom of the article on Firefox, they pull a quote which insinuates that they will pass on potentially location-related data (such as when you search the word “Boston”) to advertisers. I understand the desire for services on the internet to want to hyper focus their advertisements on only the people that would be most likely to buy your product. Maybe I’m looking for “Breweries in Boston” because I heard about a political candidate that owns a brewery, but I can’t remember what the name was. An advertiser would like to understand if I actually live in the area before trying to show me an sponsored ad for Harpoon Brewery, when I actually live 12+ hours away by car. It is almost a guarantee at this point that a company will buy as much data as it can in order to either save a few extra dollars where it doesn’t “need” to spend money on a useless ad and try to extract as many dollars as it can out of anyone who might be willing to pay for whatever service is relevant at that moment.

Which brings me back to the original point of this essay: Age verification at the operating system level. According to the current wording of California’s bill, Operating system developers and maintainers are required to obtain and provide the age and birth date of a user of the operating system. Remember that the operating system is essentially the software that lets most people user computers.

  • For laptops and desktops, this is going to be Windows and MacOS for most people.
  • Don’t forget about Android and iOS/iPadOS for phones and tablets
  • A handful of people are going to be using some Linux distro like Ubuntu, Fedora, and Arch, but also don’t forget about more neich OSs like SteamOS, Raspberry Pi OS (formerly known as Raspbian).
  • Every Student (including my own children) are likely going to be using Chromebooks, which have a flavor of linux, mixed with a lot of their own web browser and a sprinkling of Android in there.

Why we should be concerned

Every one of these Operating Systems, and therefore computers and computing devices, is required by California law to ask for your age on setup. Remember, we are not talking about “users” and “markets”; It’s fucking people. Large companies like Microsoft, Google, Apple, and many, many others are required to ask how old you are and when is your birthday. It’s cute when you have it in your contact on your phone, or when Facebook has a policy that requires you to be at least 13, or your favorite porn or vape website asks you “are you at least 18 years old?” the combination of Google, Microsoft, and Apple are all going to have immediate access to your personal information which is needed to verify who you are in every aspect of our life (at least here in the United States). How many times have these large companies been hacked and leaked sensitive user information like phone numbers, email addresses and passwords, or birthdates and social security numbers. In my opinion the last thing we should be doing is requiring people to be handing over these details.

What is a computer

Because let’s be very real here. A requirement by the government on the developers of this software is actually a requirement for the people to provide that information. There is not a singular piece of technology that you use that does not use some flavor of Windows, MacOS or Linux, especially linux. Two prime examples of where you find an Operating System in places you might not think about.

  • My Kobo e-reader uses a flavor of linux. I know this because I like to tinker with shit and have found that the file system uses the same one as every Linux OS I’ve installed, that the linux build of Tailscale works on it, that I can run Bash scripts without adding anything extra, and that I can immediately SSH into it simply by flipping a single switch.
  • The Nintendo Switch is a device which uses the same chips as an Android Tablet. This led to people being able to hack the Switch with software and install a version of Android onto the device.

We start to ask the same question Apple tried to pose with an ad campain for the iPad Pro a few years ago: What’s a computer? Technically your phone is a computer. So is your tablet, your smart home thermostat, your e-reader, your car, your game console. All of these devices are running more sophisticated applications, connect to the internet, have many different input and output devices, be it sensors, keyboards, displays, or speakers. All of these are in some capacity an computer, almost all of which are based on Linux or Windows (even MacOS has a history tracing back to Linux). All of them are going to have an Operating System, or software that allows a person to interact with the computer, select and execute software, read and write files and data to a hard drive, process data and instructions, connect to the internet, and many other computing tasks.

Are all of these devices going to be required to store the age of each user? or more correctly, each person? At that point, there is no modern electronic device which a person can use without exposing their age, date of birth, and personal information to the internet at large. This bill is essentially saying “you are not allowed to have anything unless you tell us how old you are.”

Mass Surveillance

For now, the requirement across the board has been “Give us your age before you use the software.” At the surface, I understand the argument. Having details about a user’s/person’s age allows a software developer to rapidly modify the experience and interface to better accommodate for age appropriateness. In theory, we can block content that is not suitable for children, which again, is the whole reason I write in this blog at all. I want kids to be exposed to good (both in quality and content) video games that are appropriate for their mental development and skill levels, but once again, my opinion is that this should be the job of parents, not Microsoft, Discord, Apple, Facebook, or Steam.

Call it a slippery slope if you will, but today the requirement is just the age. I’ll once again call our the rise of authoritarian and hyper capitalist tendencies across the globe. Today we’re “concerned” that kids are seeing things that they should not be, so we are creating a technological “solution” to ensuring that they don’t see or interact with what they should not be. I’m sure many are also making the claim that it is going reduce the amount of abuse that happens online, which is implied by Discord’s announcement in their mention of messages from “people a user may not know” go to a different inbox by default, with a similar statement regarding new friend requests.

How quickly will this change from requiring an age to requiring your identity? One must verify who they are or to use a given service? Once again, we should not be trusting these companies with our identities like this, not until they can sufficiently lock down our sensitive data.

Not Just the OS

The reason I believe this could quickly turn into mass surveillance is because of the second thing this bill requires.

1798.501. (a) An operating system provider shall do all of the following: (b) (1) A developer shall request a signal with respect to a particular user from an operating system provider or a covered application store when the application is downloaded and launched.

I read this as “discord” or “firefox” or “chrome” must ask for your age before letting you use the application. Furthermore, the operating system must provide that range to discord, and chrome, and firefox. My assumption is that this will also apply to Instagram, Facebook, Twitter (Fuck Elon), and TikTok, even though those are seen more as websites rather than applications. Your email client and word processor will likely have to require your age as well, so things like Word, Excel, or Outlook will suddenly be asking how old you are. Let’s definitely not forget every single gaming platform in existence, Steam (with both desktop and mobile clients), Playstation (with their own console and phone app), Xbox (owner of Minecraft, Game Pass, and several desktop and phone applications as well), and Nintendo (once again, their own console and phone applications). I hope it is clear that

  1. Everything is a computer and
  2. Everyone has an application

With these two statements, I hope you see that every private company who wants to sell you something will soon be required have your age at their fingertips.

Where does it stop?

Speculate with me for a few minutes while we imagine what could happen if this follows through as is implemented:

Your 15 year old son is browsing the web. Realistically, he is scrolling through instagram and tiktok, because simply google searching for websites is a thing of my era of internet use. Both applications have long since asked for how old your child is and have received the proposed range of 13-15 years old. The applications are doing their best to reduce the amount of sexualized content, but stuff still slips through the cracks because nothing is perfect. On Instagram, your child has been showing more interest in body builder contend, liking the reels he see of the professional men lifting 300+ kg and wants to start working out more and improving his form.

The algorithms have already predicted this path and are starting to show more and more supplements to him via sponsored videos, suggesting he can increase his deadlift by drinking some of this powder every single day. The advertisers know (because of their data collection) he’s a teenager, so instead of the 30+ year old men actually performing at their peek, he is served ads by young fit 20 year old men and women, talking about how this supplement allowed them to quickly put on muscle mass and seems to be a quick solution to his goals. They did so with the understanding that showing younger individuals in their advertisements are more likely to cause people to buy the product.

I’d like to propose a question. How did the advertisers know he a teenager? Did they build it from the rest of his internet activity? Or did Instagram offer that directly to the advertiser? Remember, Meta’s primary source of revenue comes from advertisements and user data. Are we convinced that Instagram did not provide that information directly to the advertisers who were then able to select which sponsored videos to show this child? And frankly does it matter where they got the information? We have written into law that television shows must clearly delineate where the show ends and where advertising begins because we understand that children are more susceptible to influences and declarative statements like those made by advertisers. I saw this first hand when my oldest suddenly was talking about Daisy Sour Cream talking about how “everything is better with a dollop of Daisy”. The boy has never once in his life tasted Daisy Sour Cream, and he had only seen the commercial on YouTube once. Do we really want to give these advertiser more access to critical information about our children and ourselves?

A better solution

I hopefully have convinced you enough that we are quickly running down a path that we really don’t want to be on. I believe we deserver a better solution than simply requiring that all developers collect more data about us, the users.

There are still many other complications that can and will arise with the current wording of the bill and much of that conversation is already happening online. Questions like “who is the user of a server which runs a website?” or “who would be responsible for the fine if an operating system has a decentralized development process?” These boil down to “Where does linux and open-source software fit into this picture?” These are absolutely important questions that should be addressed, but I am not the person to do so. I’d simply like to make sure that we understand where we are going and how we might be able to find a different path.

As I have stated many times in many of my blog posts, I believe it is the role of a parent to make sure their children are safe. This includes online events like being informed about what shows they are watching on YouTube or Netflix or who are they talking to on Discord, Instagram, or facebook. I also believe it includes the physical spaces like what daycare my child goes to, which houses are safe for them to be alone at, or where they are driving with their friends late at night. The responsibility for my children always falls to me, since they are my child, and if I fail in that role, those children get take away from me. With that said, I understand the difficulty of keeping children safe in the current space, both online and offline.

This is why I believe regulation should be around providing the tools to enable parents to do this job with ease and understanding. This is the middle ground I believe exists between keeping children safe and protecting everyone’s privacy.

It’s one thing to simply say “let’s do better” and expect things to change. I’d like to spitball a few ideas of what I think could work better as a middle ground. Instead of extending this post any further than it needs to be, I’m going to write out the rest of my thoughts in other posts to come soon.

Backlinks