COMPLETE LIST: All known US states with OS-level / Device-level child safety laws (June 2026)These mandate age checks at device/OS setup on every general-purpose device (phones, laptops, tablets, Linux PCs, etc.) age-bracket signal to apps. Enacted Pure OS-Level: • California — AB 1043 (Digital Age Assurance Act). SIGNED INTO LAW Oct 2025. Effective Jan 1, 2027. Every OS provider must ask for age at setup & send signal. Advancing/Pending Pure OS-Level: • Colorado — SB26-051 (Age Attestation on Computing Devices). Advanced in legislature, modeled on CA. Now also signed into law. • New York — S8102B (device-level age assurance at activation). • Illinois — HB5511 Passed Sen. • Michigan — SB284/HB4429 (Digital Age Assurance Act). Introduced 2026. Hybrid OS App Store (device age estimate at activation parental consent): • Ohio — SB 167. Still stuck in committee. Would require OS/device makers to estimate age on setup/updates parental consent for under-16 app downloads. (Google pushing weaker SB 175.)Arizona: ZERO OS/device-level bills. Only app-store proposal (HB 2920, stalled) website porn checks. No other states have true OS-level mandates yet (TX/UT/LA are app-store only, no setup rules).Three states has passed it. A handful are close. Parents deserve built-in controls on every device. Also federal HR 8250- Parents Decide Act os age verification for all devices for all states.

To anyone who is against the direction the world is going with age verification, privacy invasions, and so-called App Store Accountability Act bills/laws: look into GrapheneOS. GrapheneOS is an alternative mobile operating system built around privacy, security, and user control. Instead of relying on the normal Google-heavy Android experience, GrapheneOS removes a lot of the default Google-based services and gives users a cleaner, more private OS environment. This matters because many age verification proposals are moving toward the app store and operating system level. That means instead of every website checking your ID, governments and companies may try to push age checks through Apple, Google, Microsoft, or app store accounts. Your device, OS, or app store account could become the gatekeeper for what you are allowed to access. GrapheneOS offers a different path. It is designed to reduce dependence on centralized app stores and Google services, giving users more control over what apps they install, what permissions apps get, and how much personal data is tied to their device. For people concerned about privacy, account-based tracking, and forced identity checks, that makes it worth paying attention to. This does not mean GrapheneOS magically makes every law disappear. Websites, apps, payment processors, and governments can still create their own restrictions. But compared to a locked-down mainstream OS tied tightly to an app store account, GrapheneOS gives users more separation, more privacy, and more control. The bigger point is this: if age verification keeps moving to the OS and app store level, then the operating system you use will matter more than ever. A private OS is not just a tech preference anymore. It may become one of the most important tools for resisting forced digital ID, mass tracking, and overreaching age-gate systems. Privacy is going to depend on the choices people make now. GrapheneOS is one of the strongest options for people who want more control over their phone instead of handing everything to Apple, Google, app stores, or governments.

Age verification has a trust problem. Companies keep saying: “Trust us. We delete your data. We do not sell it.” That is not enough. Age checks can involve IDs, face scans, birthdays, IP addresses, device info, and metadata. Even if the main company means well, the data can still be exposed through bad security, vendors, hacks, legal requests, or sloppy systems. Yoti was fined by Spain’s data regulator over data-protection issues tied to its Digital ID app. Yoti denies wrongdoing, says no user data was breached, and is appealing. But it still proves these companies need scrutiny, not blind trust. Discord’s ID-photo leak was not from an age-verification provider. It came from a third-party customer service vendor. But that is exactly the point: sensitive ID data can leak through the vendor chain anyway. And here is the part the average person actually understands: Who has my information? What did they collect? How long are they keeping it? Can I delete it? Was it shared with another company? Who do I contact if something goes wrong? If a system cannot answer those questions clearly, people should not be expected to blindly trust it. Adult sites and apps should not get your ID, face scan, birthday, or reusable identity profile. They should only get the minimum signal needed: adult, minor, or unknown. If age verification is going to exist, it needs strict data minimization, short retention, easy data-deletion requests, clear records of who has your data, real audits, vendor transparency, strong penalties, and systems designed so there is almost nothing worth leaking.

🚨KOSA update: To make a long story short, the White House is pushing for a package on Capitol Hill that bans AI regulation in exchange to pass #KOSA and other age verification laws. R's working with White House on this while D's are also negotiating. A deal could come in weeks.

Age verification sounds simple until you look at the privacy, OS, and app-store problems. Even with zero-knowledge proofs, someone still has to verify you first. That could be Apple, Google, Microsoft, a government ID app, a bank, a carrier, or a third-party vendor. The app may only get “18 confirmed,” but the verifier may still collect ID scans, selfies, birthdays, device info, IP addresses, failed attempts, fraud scores, or parental consent records. Main issues: • Who stores the original data? • Can users delete it easily? • Do third-party vendors keep copies? • Are backups deleted too? • Can apps track users across services? • Are tokens app-specific or reusable? • What metadata is logged? • What happens after a breach? • What if an adult is wrongly blocked? • What about people without ID? • What about browsers and shared devices? OS/app-store problems make this harder: • Legacy apps may not support age APIs • Foreign apps may not follow the same rules • Sideloaded apps can bypass app-store checks • Windows has EXEs, Steam, Epic, GitHub, browsers, and direct downloads • Android has APKs and alternate stores • iOS has regional app-store rule differences • Web apps may avoid native OS age signals • Shared family devices can confuse adult/minor status • Offline apps may never request an age signal • Developers may not update old apps • Laws may differ by state or country Windows would be especially hard because many apps do not come from the Microsoft Store. A realistic Windows fallback could be a compliance broker: • Microsoft account verifies 18 • Windows stores an adult eligibility credential • Apps that support the API request the age signal normally • Unknown or legacy apps with no age signal go through a fallback path • The broker confirms only “18 verified” or “minor/unknown” • Family Safety blocks or limits minors • Verified adult accounts get access without extra app-by-app checks • Sideloaded/foreign apps can be controlled by OS permissions, warnings, or parental blocks Likely fallback paths: • For adult accounts: allow access by default once 18 is verified • For minors: use Family Safety, parental consent, and app-store limits • For uncertain age: restrict sensitive features until verified • For legacy apps: use OS/app-store controls instead of requiring the app to understand the law • For Windows unknown apps: use an 18 fallback API/compliance broker • For sideloading: use OS-level warnings, permissions, or parental blocks • For foreign apps: require platform-level compliance before distribution • For browsers: use a privacy-preserving OS/browser age signal • For mistakes: provide an adult override and appeal process Real solutions should include: • Verify once, not with every app • Share only an “18 ” or age-range signal • Use zero-knowledge proofs • Use app-specific tokens so apps cannot track users across services • Store the credential locally on the device/account • Delete raw ID data quickly • Give users a clear delete button for every third-party vendor • Show which company verified the user • Ban ad targeting with age-verification data • Require independent audits • Require transparency reports • Use a broker/middleware path for legacy apps • Let verified adult accounts use apps without extra restrictions The goal should be child safety without turning the internet into an ID checkpoint. Age verification should prove eligibility, not expose identity.

We’re one bad deal away from the era of online government censorship. The White House and Congress are negotiating away your rights as we speak. FIRE urges lawmakers to reject any deal that includes the Kids Online Safety Act, the NO FAKES Act, and age verification requirements.

Apple will let parents block children from using apps, as well as restrict access to websites, allowing entry only with active parental consent. This is exactly how it should work. There is no need to verify adults’ age, identity, or, perhaps soon, their shoe size. #wwdc26

Our statement on the UK government’s demand that all content on all devices sold or used in the country be scanned, on the presumption of nudity, using a dystopian combination of age verification and content scanning. This proposal will not safeguard children. It endangers us all. signal.org/blog/pdfs/2026-06…

🎯🎯🎯

🚨 BREAKING: Keir Starmer will announce a social media ban for under-16s in the UK in the next two weeks

Regarding both the California and Colorado, linux is already exempt from the Colorado law. California has a sister bill AB1856 which would also exempt linux, but expands age signal to internet browsers for websites. Also SteamOS unlikely exempt do to proprietary software used.

‼️🚨 BREAKING: Sony PlayStation's age-verification partner Yoti is reporting GrapheneOS users to authorities for using GrapheneOS, due to "past security concerns."

SB 2420 only works if it does not become censorship.The second the app stores start blocking lawful apps, delaying updates, hiding content, or forcing adults through age gates to avoid liability, Texas has a problem. That becomes evidence the law is not just “protecting kids.”It is chilling legal speech. This is how the law eats itself.