{"id":17290,"date":"2026-05-20T10:13:04","date_gmt":"2026-05-20T17:13:04","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=17290"},"modified":"2026-05-20T10:14:58","modified_gmt":"2026-05-20T17:14:58","slug":"big-tech-backs-colorado-os-level-age-data-bill","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2026\/05\/20\/big-tech-backs-colorado-os-level-age-data-bill\/","title":{"rendered":"Big Tech Backs Colorado OS-Level Age Data Bill"},"content":{"rendered":"\n<p>(Headline article below) According to Brian Lunduke, they carved out an exception for opensource, but supposedly anything with the GPL license wouldn&#8217;t be included, so not really? It&#8217;s all just shenanigans to drive us to digital ID and biometric identification. They&#8217;re doing this piecemeal by state and country, making such a mess of the landscape, hoping they can sneak their digital ID scheme through with the public accepting it. Perhaps with the right false flag cyber events they can get this accepted? Side note, the System 76 computer maker CEO (also the manager of their own distro with Cosmic Desktop) went to Colorado legislators for the opensource exemption and supported this bill, so either compromised or didn&#8217;t understand their legislative trick?<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Colorado &quot;Age Attestation&quot; Bill Sent to Governor for Signing\" width=\"1290\" height=\"726\" src=\"https:\/\/www.youtube.com\/embed\/wP8H2e5AMPE?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p><a href=\"https:\/\/reclaimthenet.org\/big-tech-backs-colorado-os-level-age-data-bill\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/reclaimthenet.org\/big-tech-backs-colorado-os-level-age-data-bill<\/a><\/p>\n\n\n<div class=\"wp-block-ub-divider ub_divider ub-divider-orientation-horizontal\" id=\"ub_divider_c26201fb-d63c-4ad7-b1e2-62e6c6162028\"><div class=\"ub_divider_wrapper\" style=\"position: relative; margin-bottom: 2px; width: 100%; height: 2px; \" data-divider-alignment=\"center\"><div class=\"ub_divider_line\" style=\"border-top: 2px solid #ccc; margin-top: 2px; \"><\/div><\/div><\/div>\n\n\n<h5 class=\"wp-block-heading\">Apple and Google would become the state-appointed gatekeepers of every Coloradan&#8217;s age data and their lobbyists are pushing hard for the privilege.<\/h5>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/media.reclaimthenet.org\/2026\/05\/C7DZwANMzVDN-scaled.jpg\" alt=\"Vintage-style padlock with teal and pink gradient lighting against a soft purple background.\" class=\"wp-image-239910\"\/><\/figure>\n\n\n\n<p>By Dan Frieth<\/p>\n\n\n\n<p>Chamber of Progress, a lobbying group bankrolled by Amazon, Apple, Google, Meta, and OpenAI, is <a href=\"https:\/\/media.reclaimthenet.org\/2026\/05\/FDNz29W6fsiU.pdf\">pushing<\/a> Colorado Governor Jared Polis to sign SB 26-051 into law.<\/p>\n\n\n\n<p>The <a href=\"https:\/\/reclaimthenet.org\/colorado-operating-system-age-verification-minors-online-access\">bill<\/a> would force operating system providers to harvest users\u2019 dates of birth and pipe that data to app developers through an API every time you download or open an app. If Polis signs it, your phone\u2019s operating system becomes more of an identity checkpoint, not just for children, but for everyone.<\/p>\n\n\n\n<p>The bill landed on the Governor\u2019s desk on May 12 after clearing both chambers of the Colorado legislature, passing the House 40-23 and the Senate 26-9.<\/p>\n\n\n\n<p><strong>We obtained a copy of the latest version of the bill for you <a href=\"https:\/\/media.reclaimthenet.org\/2026\/05\/6rDgaJ49DbE1.pdf\">here<\/a>.<\/strong><\/p>\n\n\n\n<p>Sponsored by Democratic Senator Matt Ball and Representative Amy Paschal, the legislation mirrors California\u2019s AB 1043, signed into law in October 2025. Colorado\u2019s version would start applying to new users on July 1, 2028, with existing users folded in by January 1, 2029.<\/p>\n\n\n\n<p>When you set up a device account, the OS asks for a date of birth. That data gets translated into one of four age brackets (under 13, 13 to 15, 16 to 17, and 18-plus) and stored as an \u201cage signal.\u201d<\/p>\n\n\n\n<p>Developers are required to request that signal at first launch or account creation through a real-time API. Every app you open gets to ask your operating system how old you are.<\/p>\n\n\n\n<p>Chamber of Progress told Colorado lawmakers that the bill \u201creflects an important effort to protect children online while minimizing risks to privacy and lawful speech.\u201d<\/p>\n\n\n\n<p>That framing collapses under the weight of what the bill constructs. It calls age-bracket data \u201cnonpersonally identifiable,\u201d but an age bracket combined with a device ID, app usage patterns and an IP address makes re-identification trivial. When that signal flows to dozens of apps at launch, the aggregate profile becomes far richer than any single data point suggests.<\/p>\n\n\n\n<p>The bill also makes anonymous device use functionally harder. If account setup requires an age attestation that follows you into every app, you lose the ability to use the software without disclosing something about your identity. That has consequences for journalists, activists, domestic violence survivors, and anyone who treats privacy as a default.<\/p>\n\n\n\n<p>The bill never specifies how age data is verified. Account holders just \u201cindicate\u201d a birth date. It may not have an ID check or a biometric scan, at least for now. But a 12-year-old can type in 1988 and the system accepts it.<\/p>\n\n\n\n<p>As a mechanism for protecting children, this is useless, and everyone involved in writing it knows that. What it does accomplish is something else entirely. It builds the architecture: the API, the data pipeline, the legal obligation for developers to query an age signal at every app launch. Once that plumbing exists, the only question left is what gets poured through it.<\/p>\n\n\n\n<p>The self-reported birth date is a placeholder. When legislators inevitably point out that kids are lying about their age (which this system was designed to let them do), the fix will be ID uploads, biometric verification, or both. The bill doesn\u2019t protect children from anything today but it lays the groundwork for mandatory identity verification tomorrow and it does so without ever having to make that argument openly. And when the system misfires in its current form, nobody is accountable.<\/p>\n\n\n\n<p>Section 6-30-104(2) gives OS providers and app stores a \u201cgood faith\u201d safe harbor, meaning an adult incorrectly flagged as a minor who loses access to content has no real recourse.<\/p>\n\n\n\n<p>Requiring Apple and Google to collect, store, and distribute age data makes them custodians of a sensitive dataset tying age to device identity. The bill includes data minimization language but the structural reality is that two companies gain a legally mandated role as age gatekeepers for an entire state\u2019s population. A breach of that data would be consequential.<\/p>\n\n\n\n<p>The Chamber of Progress knows what it\u2019s endorsing. A law requiring OS-level age signals doesn\u2019t threaten Apple and Google. It cements their dominance, handing them a statutory mandate to manage personal data while creating compliance costs smaller competitors absorb less easily.<\/p>\n\n\n\n<p>This bill builds an infrastructure that changes the baseline expectation of anonymity when using a computing device, and the companies lobbying for it are the ones who profit from holding the keys.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Headline article below) According to Brian Lunduke, they carved out an exception for opensource, but supposedly anything with the GPL license wouldn&#8217;t be included, so not really? It&#8217;s all just shenanigans to drive us to digital ID and biometric identification. They&#8217;re doing this piecemeal by state and country, making such a mess of the landscape, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,7],"tags":[],"class_list":["post-17290","post","type-post","status-publish","format-standard","hentry","category-tech","category-world"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/17290","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=17290"}],"version-history":[{"count":3,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/17290\/revisions"}],"predecessor-version":[{"id":17293,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/17290\/revisions\/17293"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=17290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=17290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=17290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}