System76 Exposes the Real Agenda Behind State Age Verification Bills: Big Tech’s Liability Dodge Meets Government Surveillance

System76 CEO Carl Richell isn’t hedging. In a public statement posted to the company’s blog, Richell laid out what he sees as the fundamental danger of state-level age verification mandates now advancing across the United States: they don’t just fail to protect children. They actively destroy the conditions under which children — and adults — can freely use the most powerful tool humanity has ever built.

“Liberty has costs, but it’s worth it,” Richell wrote.

The statement arrives as New York, Colorado, California, and several other states push legislation that would require operating system makers, app store operators, and in some cases individual developers to implement age verification mechanisms before users can access certain content or install certain applications. The bills differ in scope and severity. But the trend line is unmistakable: elected officials are building a legal framework that would insert identity verification between every user and their device.

New York’s bill is the worst of the bunch. It doesn’t merely ask platforms to guess a user’s age through inference or estimation. It mandates hard identity verification — the kind that requires government-issued ID or biometric data to confirm that a person is old enough to use their own computer without restrictions. This is surveillance architecture, full stop. It creates a centralized chokepoint where the state — or any entity that gains access to the verification infrastructure — can monitor, restrict, and log what individual citizens do on their personal devices.

Richell was blunt about the implications: “A centralized platform designed to control the activity of the user creates the environment where the centralized platform provider can themselves then be controlled by higher powers. Decentralized platforms and app stores, like Linux, are essential to the personal liberty of adults and children.”

That’s not abstract philosophy. It’s an engineering argument. Centralized verification systems create single points of failure and single points of control. Once the infrastructure exists to verify age, it can be repurposed to verify anything — political affiliation, purchasing habits, browsing history. The architecture doesn’t care about legislative intent. It cares about capability.

Richell extended the argument beyond privacy into something broader: human potential. “The computer is the most powerful and versatile technology we’ve ever created,” he wrote. “It is a foundational technology that affects the progress of all other innovations. A platform that controls the user’s activity, and can itself be controlled, limits the user’s ability to contribute to our shared future. Many of the world’s best programmers started experimenting with computers as children.”

He’s right. Linus Torvalds was a kid tinkering with a Commodore VIC-20. A generation of open-source contributors got started by poking around in systems they weren’t supposed to fully understand yet. Age-gating operating systems doesn’t just inconvenience minors. It walls off the sandbox where the next generation of builders learns to build.

The state-by-state breakdown matters here. Richell drew clear distinctions: “In the case of Colorado’s and California’s bills, effectiveness is lost. In the case of New York’s bill, liberty is lost. In the case of centralized platforms, potential is lost.”

Colorado and California have pursued age estimation and design-code approaches — less overtly authoritarian than New York’s identity mandate, but functionally useless. As WebProNews previously reported, California’s AB 1043 forces a surveillance mandate onto every developer, including small open-source projects that have no technical or financial capacity to comply. The bill assumes every piece of software is built by a corporation with a legal department. It isn’t. And the compliance burden falls hardest on the developers least able to bear it — solo contributors, nonprofit projects, and small Linux distributions.

Follow the money: Big Tech’s fingerprints are all over these bills

Here’s where the story turns from bad policy to something more calculated. A detailed Reddit analysis of the actual bill text from five state age verification proposals found a striking pattern: the legislation consistently shifts liability away from social media platforms — the companies that actually host and algorithmically amplify harmful content — and onto operating system makers and app store operators.

The practical effect? Meta, TikTok, Snap, and other platforms that have faced billions in potential fines and mounting public anger over child safety failures get to offload responsibility downstream. Instead of being held accountable for what their algorithms serve to minors, they get to point at Apple, Google, and — critically — open-source OS providers like System76 and say: “The device should have stopped them.”

This isn’t speculation. The Reddit post documented how bill after bill uses language that targets “covered platforms” defined not as social media services but as operating systems and app distribution mechanisms. The framing is deliberate. And the lobbying money behind these bills tracks back to exactly the companies that benefit most from this liability shift.

So Meta gets to keep running Instagram’s engagement-maximizing algorithms aimed at teenagers while Linux distributors — volunteer-run projects with zero advertising revenue — are expected to implement government-compliant age verification systems. The absurdity is the point. If compliance is impossible for small and open-source platforms, they either shut down or get pushed out of the market. The incumbents win either way.

This is the part that should alarm anyone who cares about competition in computing. Age verification mandates, as written, functionally criminalize open platforms. Linux distributions don’t have centralized app stores with identity verification pipelines. They weren’t designed to. That’s a feature, not a flaw. But under New York’s framework, that design philosophy becomes a legal liability.

Richell’s position is that the entire legislative approach misidentifies the problem. “The challenges we face are neither technical nor legal,” he wrote. “The only solution is to educate our children about life with digital abundance. Throwing them into the deep end when they’re 16 or 18 is too late. It’s a wonderful and weird world. Yes, there are dark corners. There always will be. We have to teach our children what to do when they encounter them and we have to trust them.”

That stance will irritate people who want a legislative fix. But Richell isn’t arguing for inaction. He’s arguing that the proposed action makes things worse — that locking children out of computing until an arbitrary age doesn’t prepare them for the world they’ll inherit, it just delays their exposure while simultaneously building the surveillance tools that will constrain their freedom as adults.

The data supports skepticism of these mandates. Age verification systems in practice are either trivially bypassed (VPNs, borrowed credentials) or require such invasive identity collection that they create massive honeypots for data breaches. The UK’s attempt at mandatory age verification for adult content was abandoned in 2019 after years of delays and privacy concerns. Australia’s similar push has faced withering criticism from security researchers.

None of this means child safety online isn’t a real problem. It is. Algorithmic amplification of harmful content to minors is documented and serious. But the solution to that problem lives at the platform level — in the design choices made by social media companies — not at the operating system level. Asking Fedora or Pop!_OS to verify the age of every user before they can install Firefox is not child safety policy. It’s structural consolidation disguised as protection.

And that’s exactly what Big Tech wants. Every compliance burden that falls on operating systems and app stores rather than on content platforms is a burden that reinforces the dominance of companies large enough to absorb it. Meta can build an age verification system. A three-person Linux distribution team cannot.

System76 ships computers running Pop!_OS, its own Linux distribution. The company has skin in this fight. But Richell’s argument extends well beyond his own business interests. The question he’s posing is whether Americans want their relationship with their own computers mediated by a government-mandated identity checkpoint. New York’s answer, apparently, is yes.

The rest of us should think harder about that.