cross-posted from: https://lemmy.ca/post/62278765
Software changes for compliance with age-verification laws are being pushed a bit everywhere in Linux-development; for example:
In Systemd, already merged.
In xdg.desktop.portal (a portal frontend service for Flatpak and other desktop containment frameworks), still open.
In Arch Linux, still open.
In Freedesktop.org, still open.
It’s interesting that it’s the same small group of people behind these pull requests, and that discussion threads in them have been locked owing to a great amount of negative criticisms.
They say “we have to comply with the law”. Which also means that if “the law” in the future will require proper verification, handling to 3rd-parties, or whatnot, then they will comply.
Well, it’s their right to. They don’t owe anything to anyone, and are under no obligation to report to users or to the community, nor to pay heed to anybody’s wishes.
If things proceed in this direction, we users may at some point have to choose between privacy-friendly Linux distributions or legal Linux distributions. People who, like me, are worried, need to start thinking about concrete actions to take before it’s too late: where to develop such distros? which channels to download and distribute them from? And so on. (And of course, more generally we need to write and protest to politicians, organize protest marches, go on strike, refuse to comply…)
It’s good to remind to those who keep on repeating the words “legal” and “illegal” that for example Nelson Mandela was, technically speaking, a criminal who did and promoted illegal activity. This happens when laws become immoral.
As a Linux user; if they make me an accidental criminal, I will have no choice but to become so good at crime.
When I am sufficiently notorious, I think I have to run for president on a “my crimes were hilarious, though” platform.
I guess maybe that’s just how it’s done now? This new world is confusing.
Political hit piece: They are a criminal!
User: A rapscallion at most.
So, I can see where commercial OSes, like Windows and MacOS, but maybe including Chrome, Red Hat, and similar, would welcome the requirement to collect user ages. Another piece of user data for telemetry, ad serving, etc, with the cover of ‘government made me do it.’
Linux is always going to have weirdos, ready to spin up their own distribution for their own reasons. Like, I remember when the majors all started switching from init to systemd. There’s still a bunch of distros, even some good–sized ones, that avoid systemd. If age verification works its way from facilitating tools to distro mandates, I guarantee that there will be distributions created in jurisdictions without age mandates that exclude any tools that require age validation or with systems to spoof age validation. It’s simply too easy to change linux to avoid this.
Why wait? Start your own journey now, learn on the way, be prepared to be your own provider and tell authoritarian governments to pound sand.
And when you finish installing, you can start all over again because everything’s already out of date
💪 That’s what I count on!
So, I can see where commercial OSes, like Windows and MacOS, but maybe including Chrome, Red Hat, and similar, would welcome the requirement to collect user ages. Another piece of user data for telemetry, ad serving, etc, with the cover of ‘government made me do it.’
Except that maybe they are smart enough to understand that there is no way to be sure that the date is accurate and so you have an high possibility to profile the user in the wrong category.
If the birthdate field is just a random number, then I don’t see why anyone cares - it would have less personally identifying information than the MAC address. I thought the whole reason people are up in arms about this is the proposal/hypothetical where the OS is required to validate that field against government ID databases, thus giving a third party - the OS vendor or whatever contractor performs the validation - a link to real world identity of any computer user.
If the birthdate field is just a random number, then I don’t see why anyone cares - it would have less personally identifying information than the MAC address.
True.
I thought the whole reason people are up in arms about this is the proposal/hypothetical where the OS is required to validate that field against government ID databases, thus giving a third party - the OS vendor or whatever contractor performs the validation - a link to real world identity of any computer user.
I agree, but in the end it is nothing new in a professional environment.
For example in Italy (but I suppose in EU as well), my employer already know my birth date since I am required by law to undergo a medical examination at regular intervals (with the interval depending on the work and age), so this information is already stored in some way and it need to be correct, my company get fined if I am not checked when required. Having it in systemd or in active directory or any other user management system make no difference.
The problem would arise if there will not be any option to avoid the check, but again, in some countries you cannot ask anything you don’t need to offer the service, and I am pretty sure that the birth date is not necessary to setup an user account on my personal home pc.
Linux is used in so many places where age verification makes no sense that I find it highly unlikely there will be “illegal” distros.
Like, if I spin up an EC2 instance to use as a server will I need to verify my age? If I create SSH users for my coworkers will they have to verify their age? What about service users like the ones used in systemd? What about Linux embedded in industrial controls?
I ask because all of those could be used to circumvent age restrictions, and that’s just off the top of my head.
The law is bonkers. As a user commented, with internet of things you might need to verify your age to open your fridge 😂 https://pluralistic.net/2025/08/14/bellovin/#wont-someone-think-of-the-cryptographers
I’m interested in where the line is for adding this stuff.
What if Hemmingford, NE passes the same law but wants your favorite color instead of dob? What if India says the OS needs to verify your caste, or any number of oppressive countries want your religion as a field? Hell, the US is like one step away from saying your gender assigned at birth needs to be tracked.
What if Hemmingford, NE passes the same law but wants your favorite color instead of dob?
You simply input a random color. How they can check if it is true ? Same for any other field.
What if India says the OS needs to verify your caste, or any number of oppressive countries want your religion as a field? Hell, the US is like one step away from saying your gender assigned at birth needs to be tracked.
In some countries it would be illegal to ask for such data. (EU for example)
Then I totally agree that this law is beyond stupid.
You simply input a random color. How they can check if it is true ? Same for any other field.
The point there is that complying with the whims of every town on the planet gets to be unmanageable. A town with <1000 people deciding what fields are present for the other 8 billion is insane. I picked color as an example for something dumb that wouldn’t matter. I hoped that was obvious.
And if you can just lie about it, then why even bother including the field at all?
In some countries it would be illegal to ask for such data. (EU for example)
Exactly. How does systemd decide which set of laws to follow? The ones that say you need to report the data or the ones that say you can’t?
The point there is that complying with the whims of every town on the planet gets to be unmanageable. A town with <1000 people deciding what fields are present for the other 8 billion is insane.
Nah, if the problem is the whim of small town I don’t think someone would go to the trouble to implement it. The problem is if the law is from a country, and even in this case it would not be obvious that someone would do something.
Then there we could start a discussion about how this was handled in Systemd, but it out of scope.
I picked color as an example for something dumb that wouldn’t matter. I hoped that was obvious.
I know it was just an example.
And if you can just lie about it, then why even bother including the field at all?
Because who write the law do not understand anything about it and they are naive enough to think that everyone will answer sincerely.
Exactly. How does systemd decide which set of laws to follow? The ones that say you need to report the data or the ones that say you can’t?
That should be asked to the guy who implemented the feature and to the maintainer of Systemd. But the real problem here is that they think that what US laws say are valid everywere in the world. (Not that I have any confidence that Pottering and the other guy would answer in some intelligent way…)
legal distros
Who cares if the distro you’re using is legal or not? Half the shit you do online is illegal somewhere, you’re gonna start worrying about legality just because California made some stupid unenforceable law? If you don’t also worry about uncensored porn being illegal in Japan and having an opinion counter to the government being illegal in China, then it seems kind of silly to be worried about Gavin Newsom saying you gotta be an adult to use your PC. Linux is an OS backed by a hundred thousand gay furry hackers, nothing is gonna happen to it because not even the US government has managed to tame the thigh-high enthusiast club. They’re ungovernable, and it’ll stay that way.
I don’t know who this Dylan Taylor guy is, but he really seems to like the taste of boot leather.
Why do you think it’s fishy that it is the same person adding systemd and the arch addition? I mean wouldn’t it be weird if those were two different persons?
Also there is no age verification. It’s just an age storage unit. Why is this treated as the same thing?
Because it makes for more exciting content.
People who, like me, are worried, need to start thinking about concrete actions to take before it’s too late: where to develop such distros? which channels to download and distribute them from? And so on
My ideal outcome here is that this stuff sparks a renaissance in covert, anonymous software development and distribution, and various infrastructure to support it. Ideally this should be standard; your work may at some point in the future be deemed illegal, at which point you can be forced to comply if you haven’t protected yourself from the start. The most obvious solution is to manage a project as if it was already illegal; carefully conceal your identity before it’s technically required to do so, then when draconian laws show up just carry on as normal.
Maybe this is going on already. Unfortunately I have no idea.
