Table of Contents
Quick Summary
- MidnightBSD, an open-source operating system designed for desktop usability, has modified its license to exclude California residents from using the system starting January 1, 2027.
- This decision is a direct response to California’s Digital Age Assurance Act (AB 1043), which requires OS providers to build mandatory age-verification interfaces and real-time data-sharing APIs.
- The small team behind MidnightBSD chose to bar the state's users rather than risk the law's severe financial penalties, which can reach $7,500 per child for intentional violations.
Introduction
MidnightBSD project recently made a shocking announcement. Starting January 1, 2027, MidnightBSD has modified its license to exclude California residents from using the system for desktop use.
This decision stems from a new California law called the Digital Age Assurance Act (Assembly Bill 1043). Here's the official announcement post on X (formerly Twitter):
What is MidnightBSD?
Lucas Holt founded MidnightBSD in 2006, naming it after his beloved first cat, Midnight. The team forked the system from FreeBSD to create something unique for daily users.
Most BSD systems focus on servers or old hardware. In contrast, MidnightBSD focuses on usability and performance for the desktop. It includes a graphical app store, easy system settings, and software for web browsing and word processing.
A small community of dedicated developers maintains the project freely for users around the world.
Understanding the Digital Age Assurance Act (AB 1043)
California passed AB 1043 in 2025 to protect minors online. The law applies to "operating system providers" and "developers". It creates several strict requirements:
- Age Verification: The OS must show an interface during account setup. This screen requires the user to provide their birth date or age.
- The Digital Signal: The OS must share a real-time "signal" with apps. This signal tells app developers if a user is a child (under 18) and which age bracket they fall into.
- Strict Compliance: Developers must request this signal every time someone launches an app for the first time.
This law becomes fully operative on January 1, 2027.
The Risks for Small Developers
You might wonder why a small software team would ban a whole state instead of just following the law. The answer lies in the technical burden and the financial risk.
1. Engineering Hurdles
The law requires a complex system to track and share user ages securely via an API. For a small team, building this infrastructure takes time and resources away from improving the core operating system.
2. Extreme Financial Penalties
The penalties for mistakes are very high.
If the California Attorney General finds a "negligent" violation, the fine is up to $2,500 per affected child. If they find an "intentional" violation, the fine jumps to $7,500 per child.
A small open-source project could face millions of dollars in fines very quickly.
The Decision to Exclude California
On February 27, 2026, the MidnightBSD team posted on X (formerly Twitter) about the license change. They stated the exclusion is a measure they are taking "until [they] have a better plan".
By changing the license, the developers hope to protect the project from the legal reach of AB 1043. Because they cannot afford the risk of massive fines, they chose to bar users in that region instead.
[Update] MidnightBSD is Building Tools to Comply with Age Verification Laws
The MidnightBSD developers are now actively building a technical framework to comply with the Digital Age Assurance Act (AB 1043) and similar age verification mandates.
While they have temporarily modified their license to exclude California residents from desktop use starting January 1, 2027, this is a placeholder measure "until [they] have a better plan". That "better plan" involves the following tools and system changes:
aged(8)Daemon: A new system service that runs as a dedicated user to securely store and query age verification data. It uses Unix domain sockets for internal communication.agectl(1)Utility: A command-line tool that allows the root user to set a user's age or birth date. When run by a non-root user or an application, it returns an integer value representing an age bracket (or "-1,-1" if undefined) to provide the required "digital signal" without exposing the raw birth date.- System Integration: The developers plan to modify
bsdinstallandadduserso that users are prompted for their age or date of birth during the initial system setup. - Package Management (
mports): The project is introducing rating fields for software packages. If a package is restricted (like a game), the system can use ZFS Access Control Lists (ACLs) to block underage users from executing the specific binaries. - Automated Updates: The system will use a weekly periodic script to check stored birth dates and automatically move users into older age groups (such as
age13porage18p) as they grow up.
This infrastructure is specifically designed to satisfy the legal requirements for a "real-time application programming interface" that signals a user's age bracket to third-party developers.
While currently targeting laws in California, Illinois, and Colorado, the developers are researching whether these tools can be disabled for users in regions without these requirements.
For more details, check the following link:
Conclusion
The conflict between MidnightBSD and California highlights how broadly drafted consumer protection laws can unintentionally alienate small, community-driven projects.
While AB 1043 aims to protect minors, its technical requirements (like real-time age-signaling APIs) and heavy fines create a prohibitive compliance burden for "small communities of dedicated developers".
For a project like MidnightBSD, which operates on a volunteer basis, the legal risk of non-compliance outweighs the benefit of serving the California market, forcing them to abandon their mission of being "The BSD For Everyone" in that region.
The conflict also highlights a growing problem in the tech world. When states pass complex regulations with high fines, small creators often suffer the most.
MidnightBSD started with a mission to be a system for everyone. Now, because of the Digital Age Assurance Act, the project must limit who can use it to survive.
For now, if you live in California and want to use MidnightBSD, you will have to wait for the team to find a "better plan".
Well, it seems they found a plan now. The developers of MidnightBSD have started to build system tools to comply with the age verification laws. It is a work in progress and will take a while to implement it.
Let us hope for the best.
2 comments
AB 1043 has no interest in protecting minors any more than anti-abortion legislation protects children. AB 1043 is intrusive oppression designed to convince people that the state owns the means of connecting to the Internet and that private property and privacy no longer exist. We are all government property now. Worship His Divine Shadow.
California’s Digital Age Assurance Act violates the privacy protection of Article I, Section I of the California State constitution. Privacy is a fundamental right in California.