from the age-gating-is-still-bad dept

After public outrage, California lawmakers are moving closer to exempting open-source operating systems from the sweeping age-bracketing regime mandated by last year’s Digital Age Assurance Act (AB 1043). Nonetheless, the current bill still jeopardizes internet users’ speech, privacy, and security.

While the open source exemption, if passed, would improve the law, the remaining amendments proposed by AB 1856 would require all web browsers and websites to request and collect users’ ages. This is an expansion of last year’s AB 1043’s age-bracketing system that compounds its constitutional harms to users’ speech, privacy, and security. As AB 1856 moves on to the Senate, EFF will continue fighting for amendments that reduce those harms.

AB 1856 Extends AB 1043’s Age-Gating Regime

Last year, California passed AB 1043, which requires all operating systems and app stores to create age-bracketing systems that segment users based on their ages. As we’ve written, that regime is a recipe for censorship: it creates unnecessary and unconstitutional barriers to accessing lawful online speech, threatens our right to anonymity, and pressures online services to collect troves of valuable and sensitive user data. On top of that, A.B. 1043’s wide-sweeping compliance burdens impose disproportionate harms on the open-source ecosystem that underpins much of the modern web. 

Given these flaws, lawmakers introduced AB 1856 this year as a supposed “clean-up” bill for AB 1043. But instead of sticking to fixing AB 1043’s unique and serious harms (like its impact on open-source operating systems), AB 1856 also expanded the regime even further—extending its age-bracketing requirements beyond operating systems and app stores to browsers and websites. 

EFF opposed AB 1856 on two grounds, which we explained in our opposition letter to the Assembly: 

1. The harms that age-gating regimes pose to users’ speech, privacy, and anonymity; and
2. The disproportionate harms that this particular regime imposes on open-source developers. 

Open Source Concerns Somewhat Alleviated By Amendment

On May 28th, AB 1856 passed the Assembly in a nearly unanimous vote (68-1). 

Before that vote, however, AB 1856 was amended to relieve the compliance burden on open-source operating systems. This is a meaningful improvement and a welcome relief for open-source developers, who have been loud and clear about how much of an existential threat A.B. 1043’s age-gating mandate would pose.

The new exception reads:

“Operating system provider” does not mean a person or entity that distributes an operating system or application under license terms that permit a recipient to copy, redistribute, and modify the software.”

EFF understands this amendment to exempt open-source operating systems from the requirement to collect and transmit users’ age-bracket data. That is a definite win for open-source developers. The bill is narrower now than it was before, and lawmakers clearly responded to concerns raised by EFF and the broader open-source community. 

Some important questions still remain—for example, it is unclear how the law would apply when an open-source operating system is incorporated into a commercial product or service. And, given the structure of where the exemption is placed under the “operating system provider” definition, lawmakers could stand to clarify that the exemption applies to open-source operating systems and applications.

Nonetheless, that ambiguity aside, this amendment does substantially reduce the threat that AB 1043 could have on many open-source developers. 

AB 1856 Still Expands the Problematic Age-Bracketing Regime

Don’t get us wrong—if this bill passes, we will be very happy that AB 1043 does not pose nearly the amount of harm to our friends behind open-source operating systems. But even after these amendments, EFF remains opposed to AB 1856 because it ultimately expands California’s sweeping age-bracketing framework far beyond the original scope of AB 1043. 

In AB 1856 and its amendments, the Assembly failed to address the core problem with AB 1043’s age-bracketing regime: mandated age-gating systems threaten users’ speech, privacy, anonymity, and security. 

Even though AB 1043 does not explicitly require companies to perform age verification, it nonetheless imposes a liability structure that strongly pressures companies to verify users’ ages anyway. In practice, that could lead to more ID checks, more biometric scanning, more invasive data collection and risk of breach, and more barriers to adults’ and young people’s lawful speech.

In fact, instead of narrowing AB 1043’s wide net, AB 1856 expanded it to add browser providers and website operators to the list of entities that must comply with its age-bracketing requirements. This dramatically broadens the scope of AB 1043 and pulls more services, developers, and users into an anonymity- and privacy-destroying data collection framework that has not yet been implemented or evaluated. The result would make it nearly impossible for regular internet users to avoid AB 1043’s age gates.

The Fight Moves to the Senate

On those grounds, EFF will continue to oppose AB 1856. Though it has passed the Assembly, the fight is not over. As the bill moves through the Senate, we’ll continue to push for amendments that actually “clean up” and narrow the scope of AB 1043, and offer more protection to users from the harms of age-gating systems.

Republished from the EFF’s Deeplinks blog.

Filed Under: ab 1043, ab 1856, age verification, california, open source, operating systems, websites

• Rivian’s boss believes we will have eyes-off driving within 18 months
• It will be the “most disruptive feature we’ve seen”, according to RJ Scaringe
• But a new report suggests Tesla engineers and staff don’t trust the technology

Rivian’s boss and CEO, RJ Scaringe, believes that we will see increasing levels of autonomous driving arriving in the coming months.

Speaking to Top Gear during a test drive of the upcoming R2, which the company hopes will be its first electric SUV with true mass appeal, Scaringe revealed that he thinks we will move from level two to three, which includes hands-off and eyes-off autonomous driving, within “the next 18 months”.

A new Leiden Declaration, endorsed by the International Mathematical Union and published on June 2, 2026, warns that AI could undermine mathematics by flooding the field with plausible but flawed proofs, weakening attribution, shifting incentives, and giving tech companies too much influence over research priorities. “Mathematicians should find it quite striking that tech companies are suddenly interested in their work,” said Kevin Buzzard, a mathematician at Imperial College London, in a statement. “The Leiden Declaration is a well-thought-through response to what is currently happening, as AI continues to disrupt this space.” Ars Technica reports: The Leiden Declaration, which has already drawn hundreds of signatories, warns that recent AI developments are threatening “characteristic values” of mathematical research, “often in ways that disproportionately affect students and early-career mathematicians, and hence the long term future of the discipline.”

First, it points out how AI models can “produce plausible but unreliable (or even incorrect) arguments which are difficult to distinguish from correct mathematical proofs.” Such developments put reviewers under increasing pressure and are “jeopardizing our ability to implement traditional standards for the correctness, transparency, and independent verifiability of proof,” the declaration warns. “Inaccurate AI-generated drafts are cheap to produce, and there is a risk of cluttering the literature with claimed results that are simply wrong,” said Leslie Ann Goldberg, head of computer science at the University of Oxford, in a statement. “Once that happens, the errors are likely to propagate as new results are built on faulty foundations.”

Second, the declaration highlights how “models trained on published works frequently return outputs that do not properly cite the human works they synthesize,” while also pointing out that many current AI models were trained on data obtained through “exploiting licenses and access arrangements” or “simply violating copyright protections.”

Third, the declaration describes how the use of AI “may become incentivized for its own sake, disrupting our mechanisms for hiring, funding and recognition” while leaving out researchers who lack access or are “unwilling to use technologies controlled by organizations whose values they do not share.”

Fourth, the declaration warns against mathematics research “communicated through informal channels such as press releases or blog posts, often without any research paper or other disclosure of information necessary for scientific evaluation.” Such communication strategies can lead to “oversimplification” in media reporting that overemphasizes AI tools’ significance at the expense of prior human contributions, and “misleadingly uses specific mathematical tasks as metrics for the general reasoning capacities of commercial products.”

Fifth, the declaration describes “increasing involvement of technology companies in mathematical research” as threatening the “autonomy of mathematics,” especially as university budgets are under pressure and researchers may feel greater professional incentive to collaborate with technology companies on “asymmetric terms.” This also raises the risk that mathematics research questions amenable to AI-driven techniques may be prioritized. What can mathematicians do about this? The Leiden Declaration urges them to treat AI as a tool, not a substitute for human responsibility. Individual mathematicians should disclose AI use, remain accountable for the correctness of their work, continue crediting human authors, and use AI tools only when they align with the declaration’s values.

It also warns that mathematics can be applied to “warfare, oppression, mass surveillance, and the undermining of democracy,” so mathematicians should weigh the ethics of tech-industry partnerships carefully. Professional organizations are encouraged to develop AI-use guidelines for publication and review, protect researchers from having their work used as training data without consent, support peer-reviewed publishing, and “actively prepare to become involved if major mathematical results are claimed using unconventional means.”

For policymakers, the recommendations are blunt: “protect the rights of authors,” “regulate the artificial intelligence industry,” and “invest in public computational infrastructure.” The declaration also urges people to “don’t believe the hype,” warning that tech companies have “a strong commercial incentive… to overstate the capabilities of their products.”

• Email systems were never designed for autonomous machine workflows
• Hostinger introduces webhook-first email for real-time automation processing
• AI agents now trigger actions immediately when emails arrive

AI agents can process data and execute actions within milliseconds, yet many automated systems still depend on tools originally built for human users.

That mismatch has become increasingly noticeable as businesses attempt to connect AI-driven workflows with traditional email systems, never designed for machine-to-machine interactions.

Noble Audio is using High End Vienna 2026 to expand its true wireless lineup with the new Osprey, an entry-level earbud aimed at listeners who want the Noble house sound without wandering into $300-plus wallet damage. Priced below $200, the Osprey gives Noble a more accessible option in a category it already knows well, combining everyday wireless convenience with the brand’s focus on balanced tuning, musicality, and a more refined presentation than most budget true wireless earbuds can usually manage.

Construction & Exterior Design

The Osprey follows the design language Noble Audio has used across its true wireless lineup, with a distinctive marbled faceplate that gives the earbuds a more finished look than the usual plastic black-bean approach. It is a small touch, but a useful one in a crowded category where most affordable wireless earbuds look like they were issued by the same factory committee.

Noble also includes a compact aluminum charging case, which should give the Osprey a more durable and premium feel without making it bulky. The goal here is practical: a lower-cost Noble earbud that still looks and feels like it belongs in the family.

The Osprey uses an ergonomic earbud shell designed to sit securely in the ear without feeling bulky. A proper fit should improve passive isolation, which matters more than most people admit with true wireless earbuds.

Noble includes multiple eartip sizes to help users find the best seal for comfort, stability, and consistent sound quality over longer listening sessions.

Drivers

The Osprey uses a hybrid dual driver configuration, pairing a 10mm dynamic driver with a custom balanced armature. In theory, that gives Noble more room to divide the workload: the dynamic driver handles low frequency weight and impact, while the balanced armature supports midrange and treble detail.

That does not automatically guarantee magic. This is still an earbud under $200. But it does give the Osprey a more ambitious driver platform than many entry level true wireless models. The goal is controlled bass, clear mids, and better high frequency separation without pushing the sound into something thin or etched.

High-Resolution Wireless Connectivity

Powered by an Airoha 1571 Bluetooth chipset, the Osprey supports noise cancellation (ANC) and Bluetooth multipoint pairing for seamless device switching. With Bluetooth 5.4 and TrueWireless Mirroring, the Osprey provides a stable, low-latency connection whether you’re streaming high-resolution audio or making calls.

Clear Phone Calling

For calls and virtual meetings, the Osprey employs a dual-microphone array with Qualcomm cVc noise suppression. This technology minimizes background noise while preserving the natural tone and dynamics of your voice, ensuring speech remains clear and intelligible in both professional and everyday environments

The Osprey includes Active Noise Cancellation and a Hearing Through mode, giving listeners some flexibility when moving between commuting, office use, calls, and street noise. Integrated cVc noise reduction is also included to help improve voice pickup during calls, although real world results will still depend on wind, background noise, and microphone placement.

Battery life is rated at up to 7 hours with ANC turned off, or up to 5 hours with ANC enabled. The 500mAh charging case extends total playback time, and Noble claims a 10 minute quick charge can provide roughly 2 hours of listening. 

Battery Life

The Osprey includes a 500mAh wireless charging case, which extends playback beyond the earbuds themselves. Noble rates battery life at up to 7 hours with ANC turned off, or up to 5 hours with ANC enabled. A 10 minute quick charge provides roughly 2 hours of listening.

Those figures are suitable for daily use, especially given the Osprey’s under $200 price point, ANC support, hybrid driver design, and wireless charging case.

Companion App

For ease of use, the Osprey is compatible with the Noble Audio app, which offers EQ and OTA software updates, keeping the Osprey relevant for as long as you use them. 

Comparison

The Bottom Line 

The Noble Osprey gives Noble Audio a more affordable entry point in true wireless without turning it into a stripped down budget model. For $199, the Osprey offers the styling Noble is known for, a hybrid dual driver design, ANC, Hearing Through mode, Bluetooth 5.4, Multipoint connectivity, app support, and a wireless charging case. That combination gives it a stronger identity than many wireless earbuds in this price range, especially for listeners who already like Noble’s tuning approach but do not want to spend FoKus money.

The tradeoffs are clear. The Osprey does not carry the FoKus name, and codec support appears more limited with no aptX formats listed, and no indicated support for Dolby Atmos or Spatial Audio. That matters because the $179 to $249 earbud category is crowded with models from LG, Beats, Sony, Status Audio, and aggressive value brands like SOUNDPEATS, which are pushing features such as LDAC, aptX Lossless, hybrid ANC, and app based EQ at even lower prices.

What makes the Osprey interesting is not that it wins the spec sheet war. It probably does not. The appeal is Noble bringing its design language, hybrid driver experience, and app supported true wireless platform below $200. The question is whether buyers in this range care more about Noble’s sound and styling, or whether they will chase the longer codec list and feature overload offered by lower priced competitors.

Price & Availability

The Noble Audio Osprey will be available for pre-order from nobleaudio.com and selected retailers worldwide starting June 4th, 2026, priced at $199 / £199 / €225. Shipping is expected to begin by the end of June 2026

The Osprey launch will coincide with Noble’s appearance at HIGH END Vienna 2026, where attendees can try it out for themselves.

Related Reading:

While schools have made progress in technology adoption — from artificial intelligence guidelines to vetting education technology — they still struggle with the lack of resources, funding and expertise, according to a new report.

The annual State of EdTech report from the Consortium for School Networking polled roughly 600 chief technology officers for K-12 schools. One of the biggest takeaways, according to CoSN CEO Keith Krueger: AI adoption is higher than ever. According to the report, nearly three-quarters (79%) of school districts have AI guidelines in place, up from 57% in 2025.

“Given how many school districts we have, given how many small and rural ones there are, it’s shocking at how quickly at least the guidance around responsible use of AI is,” Krueger says. “As a foundational step, we’re seeing movement.”

But respondents repeatedly stated they are running into roadblocks of insufficient staffing and funding.

“There’s never going to be enough training, and we have to make sure the training is quality and meeting administrators with what they want and need,” Krueger says, adding it’s not just about training on a specific tool, but “helping them think in new ways how to use the tools.”

Most of the districts polled are in favor of AI guidelines, either set by the districts themselves or state education agencies, but do not want state or federal mandates. Typically, mandates are formed, then approved, by a board — something that is time-consuming and does not lend itself well in the fast-moving world of AI.

“This week, this month, this year is changing rapidly,” Krueger says. “It doesn’t mean we change fundamental beliefs of what’s cheating (with AI), for example, but things are moving rapidly. You don’t want to have too many solidly, board-approved things which can get locked in when you need to evolve.”

The most common AI initiative among districts is training staff on the use of instruction-focused generative AI tools, with 7 out of 10 respondents saying they do so. Productivity-focused measures focused on instructional staff and teachers followed, with 54% and 53%, respectively, deploying those initiatives. One of the largest jumps was the amount of districts having initiatives focused on AI’s operational purposes, from 37% in 2025, to 64% in 2026.

Less than half (41%) of initiatives focus on using AI for teaching and learning.

“I would say the low hanging fruit is on the operational and teacher productivity side,” Krueger says. “We should continue to explore and think through the great uses that are in the classroom. But, overnight we shouldn’t just wildly go trying to do those things when it’s going to take time to figure out the instructional piece.”

Cybersecurity

The largest concern about AI use: cybersecurity attacks. According to the report, nearly all respondents (98%) are concerned that AI can bring in new forms of cyber attacks, with just 2% stating they are “not at all concerned.” That same percentage also has concerns on student data and AI’s effect on its privacy.

While the concern over cybersecurity is strong, two-thirds of respondents state they have insufficient staffing and budget to address those challenges.

Cybersecurity concerns continue to cause schools woe, most recently with the Instructure attack in May that caused several schools to pay a ransom and shut down one of the world’s largest digital education platforms.

“The high visibility breaches and attacks that we’ve seen underscore the real cost to our school system by not investing in better cybersecurity,” Krueger says.

After 17 years of utilizing the State of EdTech report, Krueger says he believes a tipping point may have finally been reached on addressing cyber concerns.

“Certainly those in charge of technology have been yelling loudly that cybersecurity is a problem,” he says, adding the issue has become more well-known among superintendents and school board members. “I think they will start to say, ‘We can’t just have these broadband networks and not have them safe and secure.’ But it’s a huge challenge, given the lack of human capacity in schools for cybersecurity.”

EdTech

Another major finding from the report is an issue that has been bubbling beneath the surface in both tech evangelist and oppositional circles: vetting educational technology.

Edtech vetting has been under consideration amid the screen-time backlash in classrooms, with some states pushing for better review of the vetting process. Oftentimes, schools rely on the vendors’ own data and are unequipped to review the software themselves to ensure children’s safety.

“There is nobody right now that is confirming these products are safe, effective and legal,” Kim Whitman, co-lead for Smartphone Free Childhood US, said in a previous interview with EdSurge. “It should not fall on the district’s IT director; it would be impossible for them to do it. And the companies should not be tasked with doing it — that would be like nicotine companies vetting their own cigarettes.”

According to the report, most schools now have a process for vetting free edtech tools before they’re used in schools, either through IT or a list of approved vendors.

But that process still has some gaps: only 29 percent require information about if the product is inclusive and accessible for all learners. That is particularly worrisome for accessibility advocates who already fear they are being left out of the conversation.

“Parents with children who have a disability must have a seat at the table,” Sambhavi Chandrashekar, global accessibility lead for D2L, an online learning platform, said in a previous EdSurge interview. “Blanket rules that are blind to fundamental human differences will do more disservice than good to students at the margins.”

And while more than half (55%) of the edtech processes require vendors to provide information about safety, that leaves roughly 45% not addressing safety concerns.

“It’s a huge warning sign; there’s a whole lot of progress and work that has to happen in this area,” Krueger says.

He suggested reviewing the five quality indicators for edtech and AI products, with districts benchmarking their current status and set it as a priority to push forward.

“One of the biggest powers we have is procurement, so getting serious about how we buy them, and when,” Krueger says. “Whether or not we move forward will depend on if we set it as a priority and get serious about the awareness, the training and the policies.”

Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.

The attacks were detected by WordPress security firm Defiant, whose Wordfence firewall blocked over 222 attempts against its customers in the past 24 hours.

The full name of the plugin is Kirki – Freeform Page Builder, Website Builder & Customizer. It is a freeform visual builder and advanced theme customizer active on more than 500,000 websites.

Wordfence reports that the issue was introduced in a recent major release, version 6.0.0, and impacts plugin versions up to 6.0.6, which are used by nearly 40% of the plugin’s userbase, according to download statistics from WordPress.org.

CVE-2026-8206 is caused by the exposure of a custom REST API endpoint for password resets through the ‘handle_forgot_password()’ function.

The flaw stems from the plugin accepting an arbitrary email address during password reset requests.

When a username is provided, the plugin generates a valid password reset link for the associated account, but sends it to the attacker-supplied email address rather than the account owner’s registered email address.

This behavior makes it trivial for unauthenticated attackers to generate password reset links for any user registered on the site to email addresses under their control, easily hijacking them.

Once an attacker gains admin-level access, they could install malicious plugins, modify website content, deploy web shells or persistent backdoors, and access private databases.

The flaw was discovered by security researcher CHOIGYENGMIN, who reported it to Wordfence on May 4, 2026. The company notified the vendor on May 16 and released a fix with version 6.0.7 on May 18, 2026.

Given the active exploitation status of CVE-2026-8206 and the very low requirements for launching attacks, it is critical that website owners/administrators upgrade to version 6.0.7 or disable the plugin.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

This guide covers the 6 surfaces you actually need to validate.

Download Now

You can pre-order the Faden siblings’ next adventure now.