The extent to which core linux projects are laying the groundwork for age verification is very concerning.
-
@simonzerafa @sarahjamielewis As I said in my previous post, rushing to comply in advance will result in them not being able to comply or even breaking other laws (like privacy) in the process. (I would, in fact, argue that they can't comply with these laws due to this and the laws themselves are illegal, so by rushing to comply in advance, they're actually breaking other, more established laws.)
I will agree that the decision should be the user's, but opt-out is NOT letting the user decide. Opt-out is making the decision and then requiring the user to jump through hoops. Ultimately this will also mean your data will be submitted first. That also means opt-out often doesn't really opt-out, it just provides the illusion. Once the data is collected it's frequently already too late.
@simonzerafa @sarahjamielewis As a side note, "just being illegal" isn't the only other option. Fighting back is also an option. Telling them that this can't be legally implemented is an option. Hiring lawyers (fund-raising first if need be, but likely EFF/etc will take it) is an option.
Rushing to comply in advance is intentionally and willfully making a decision to circumnavigate what is best for users because it's what they want (and I might add here that "they" is actually a very small handful of people who are just pushing it through and ignoring/deflecting arguments. Oh, and Claude apparently.)
One thing I'd really like to be clear on is that in complying in advance with that law in one specific area, they're probably breaking a lot of other laws everywhere else.
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
@sarahjamielewis I think the best way to go is to make this a) fully optional and b) as loosely coupled to the system as possible. Next, we need to look into licensing to ensure that if we provide a system meant for the rest of the world w/o age verification, that we can get any legal costs back from users who used it in a country w/ age verification.
-
@nazokiyoubinbou @sarahjamielewis
My bet would be that the Ageless Linux strategy will be the way to go.
Distros will ultimately have to comply with the law (however stupid and illogical) and let users break or sidestep compliance post installation.
The legal folks can point to whomever asks and say that Linux / our distro is compliant and users can break it as they see fit.
I doubt that even the commercial distros will want to pay fines or suffer the other legal consequences even if they can theoretically afford it.
Hopefully the various laws will be eventually be written to be sensible but while we wait for that ...
@simonzerafa @nazokiyoubinbou @sarahjamielewis rush to comply or what...put a disclaimer on Linux that says not valid in California.
If someone installs software not made for CA in CA whose fault is that.
Do they have to actively stop download or installs based on some geo restriction.
-
@simonzerafa @nazokiyoubinbou @sarahjamielewis rush to comply or what...put a disclaimer on Linux that says not valid in California.
If someone installs software not made for CA in CA whose fault is that.
Do they have to actively stop download or installs based on some geo restriction.
@ahasty @simonzerafa @sarahjamielewis Don't forget that by complying with that one law in that one area (which will likely be amended and thus making any compliance in advance rushed out now non-compliant anyway) they're violating laws in California and in other places...
Or they could just not rush to comply in advance and speak to a lawyer. I bet the EFF would be really glad to step in.
BTW, contrary to popular believe among those hitting accept on PRs, Claude is not actually an expert on legal matters (or anything else for that matter...)
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
@sarahjamielewis The fact that they’re writing even one line of code for it is concerning already.
-
@ahasty @simonzerafa @sarahjamielewis Don't forget that by complying with that one law in that one area (which will likely be amended and thus making any compliance in advance rushed out now non-compliant anyway) they're violating laws in California and in other places...
Or they could just not rush to comply in advance and speak to a lawyer. I bet the EFF would be really glad to step in.
BTW, contrary to popular believe among those hitting accept on PRs, Claude is not actually an expert on legal matters (or anything else for that matter...)
@nazokiyoubinbou @simonzerafa @sarahjamielewis
It would be really fun to see a bunch of distros just say no to California. I do hate that these Devs feel like this should be a component of systemd of all things
-
@nazokiyoubinbou @simonzerafa @sarahjamielewis
It would be really fun to see a bunch of distros just say no to California. I do hate that these Devs feel like this should be a component of systemd of all things
@ahasty @simonzerafa @sarahjamielewis Agreed.
Systemd has stepped way outside of its scope. Really it has done so in a lot of things, but it's starting to get really extreme as it begins to collect private data about users that they're not even supposed to have direct control over...
IMO it's time to just dump systemd anyway. I suppose it's more of a fallen support beam that broke the camel's back than a straw, but the camel's back is broken and it's time to move on. Systems shouldn't have been built to be so interdependent on systemd which should not be doing all the stuff it's doing...
Really, if they want to comply, since doing so kind of violates laws elsewhere and often enough even the licenses in the distro, they have to make a California-specific distro...
-
@sarahjamielewis I fear that part of the reason for this is the developer mindset. They see a new problem that they can solve so they start working on it without thinking if they should build this in the first place.
@johan @sarahjamielewis This is why a maintainer's most important job is to say no.
-
@johan @sarahjamielewis This is why a maintainer's most important job is to say no.
@dalias @sarahjamielewis True but this happens a lot too in non FOSS environments. You have to really hope you have a product owner who thinks about whether the new feature is actually useful
-
@simonzerafa @sarahjamielewis If you want to see something interesting, try removing systemd from your distro. (Don't actually do it. Use dry-run or whatever equivalent you might have.) Just watch how much else gets removed with it...
Some people are actually doing it and it even removes stuff like Pipewire-Pulse. They're back down to Alsa and all the problems it presents...
@nazokiyoubinbou @simonzerafa @sarahjamielewis Still on OpenRC to this day. I've never once regretted not having systemd.
-
@nazokiyoubinbou @simonzerafa @sarahjamielewis Still on OpenRC to this day. I've never once regretted not having systemd.
@landelare @simonzerafa @sarahjamielewis OpenRC sounds really promising as a really viable alternative. Just the basics with adherence to standards.
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
@sarahjamielewis given how many Linux machines have no human users for their entire lifecycle that does seem like a solution to a problem that will never exist.
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
@sarahjamielewis as uncommon as this scenario may be, but I hate that it adds a barier for people who tinker with OSs and publish them online. I hate the feeling that it's assuming that OS development has to be centrilized so that those central entities can be held accountable, I'm affraid that it would set a precedent for adding regulating open source passion driven projects
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
there's also a line to be drawn - appliances often have a small rtos in them, I saw a firmware gig for a gaming mouse that used zephyr - so will we need age verification to make popcorn in a microwave? (my microwave already has a mandated child safety door lock which is super annoying)
never mind that all these age verification mechanisms will be circumvented by any determined 12 yr old (or younger)
-
It's a fairly binary option, comply with the law as written (as best as it can be interpreted anyway) or simply ignore it and see what happens.
If those who are considered to be in violation are prepared to accept the consequences then they should do so.
They would have my support for resisting a stupid and illogical law.
systemd for all of its many faults is making a beginning for those who wish to build a framework. It's not mandatory. I don't see how any version of Linux could force this issue.
For one, I am looking with interest at the Ageless Linux strategy which any version of Linux could adopt as a way to achieve malicious non-compliance.
@simonzerafa @sarahjamielewis I’m really annoyed how this is framed as „law compliance”.
Law doesn’t require an init system to do this shit. Law could be satisfied by a separate service left to rot by everyone else on the planet.
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
From Kagan's dissent in Paxton 2025, she argued that "age verification is never just about age; it is about the end of the anonymous digital life."
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
@sarahjamielewis for whatever it might be worth, this particular effort looks to have been rolled back.
So far.
Revert "userdb: add birthDate field to JSON user records (#40954)" by paramazo · Pull Request #41179 · systemd/systemd
The systemd System and Service Manager . Contribute to systemd/systemd development by creating an account on GitHub.
GitHub (github.com)
-
@landelare @simonzerafa @sarahjamielewis OpenRC sounds really promising as a really viable alternative. Just the basics with adherence to standards.
@nazokiyoubinbou @simonzerafa @sarahjamielewis OpenRC being called the alternative makes me feel extra old.
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
@sarahjamielewis I don't know if you're familiar with Steam. It requires a sort of age verification to view a video games page. You have to select a birth date to comply with regulations similar to what's happening here. Most folks just scroll down to 1945 or something insane allowing them to view the content and also screwing up any real data. I think this will be the compromise moving forward unless some sort of visual age verification or ID turns out to be a requirement.
-
@sarahjamielewis I think the best way to go is to make this a) fully optional and b) as loosely coupled to the system as possible. Next, we need to look into licensing to ensure that if we provide a system meant for the rest of the world w/o age verification, that we can get any legal costs back from users who used it in a country w/ age verification.
Shifts liability to the user - and away from the OS
