A volunteer project banned California rather than comply with an age law meant for Apple, Google, Microsoft. Hundreds of Linux distros with $0 budgets face the same choice.

Hundreds of distributions. Zero legal departments.

California signed a law requiring every "operating system provider" to collect an age signal from every user. The legislators who wrote AB 1043 were thinking about Apple, Google, and Microsoft. But the legal text does not mention Apple, Google, or Microsoft. It mentions "operating system providers." And in 2026, that definition covers Fedora, Linux Mint, Arch, Debian, Gentoo, and a teenager in Brazil who maintains a desktop environment used by thousands of people.

I am a father. I grew up on Atari, Commodore 64, and Amiga 500 Plus. I care about what my kid accesses online. I have also spent over twenty years building compliant platforms. Fourteen of them met ISO 27001 and GDPR requirements. I know what compliance infrastructure costs: headcount, tooling, legal review, and ongoing audit. I have watched billion-dollar companies struggle with it. The idea that a volunteer-run project with no revenue, no employees, no lawyers, and no office should build a real-time age-classification API in less than 10 months is not an ambitious goal. It is a regulation written by people who could not tell you the difference between a kernel and a web browser.