littlerack so when a cashier asks a kid for an ID to sell alcohol, It's called spying?
I think it's slightly different, because the eyes of the cashier are not streaming what they see to the internet :/
littlerack it could be stateless on your pc
I can easily see Microsoft leveraging this opportunity as an excuse to have every-one ids.
littlerack But it's your choice to ignore it
I think the problem is not to ignore it.
You probably can see something we clearly can't and maybe we need some education on that.
But up to know I do not see any rational explanation on why a cashier asking for an ID is the same as a piece of software connected to internet.
Echel0n It's the same in my state (southern).
This starts to be a little bit off topic, and I am probably saying this because in my country it's completely different, but if I am (and look) 50 years old, and the cashier asks for my ID to sell me a product that is legal for minors to buy, I would just put the items back and leave the shop...
littlerack The store - of course. Software, cameras, etc.
I guess the real difference stands in the fact that a single store does not have the same power/reach of an entire OS.
Let's pretend that every shop, also the smallest one, has infinite data retention of what cameras see and complex Computer Vision applications that write down every document and face they see.
The data collection will still be confined to that shop.
If iOS on the other end, would ask you the ID to create your account, now you have shops, computers, tablets, smartphones and much more that is following you in every step you make, with bluetooth, wifi, gps, and so on.
Furthermore, let's think about other interactive cases:
Let's say Linux introduces a stateless system to do age verification, how can it check that everytime I lock the laptop it is still me that is accessing the system? It will be very impractical to show my ID everytime I have to login.
So let's switch to a stateful system and fear that our data can (and will) leak someday.
And again, I can easily see Microsoft/Apple/Google/Samsung/YouNameIt using this opportunity to profile people even more.
And then, what about users on servers? Or even better, what about service users? Who will give the ID card for postgres user when you will use it to access the database? What about all the NT SYSTEM\* users?
I think what California is asking is very unpractical and I hope they realize it's introducing a whole set of legal stuff to address that might take years if not decades to be fully mitigated.