people on reddit are doing a whole lot of yapping about age verification in Linux
-
people on reddit are doing a whole lot of yapping about age verification in Linux
I would generally agree that the whole approach of these laws is total dogshit and clearly a wedge issue to enable stricter surveillance laws in the future
at the same time though, the actual implementation and potentially having a portal which exposes the users age bracket seems totally reasonable as a way to implement parental controls... I'm also not totally against holding service providers to higher standards for data processing when it comes to minors, and hey if they're doing that why shouldn't adults get the same treatment?
what im totally miffed about though is why the fuck would you get mad at systemd for adding a birthDate field to userdb, what would you have them do? Would you rather every desktop environment had its own way to store this data??
An XDG portal for this also means you can *trivially* write a stub that always identifies you as an adult or even lets you pick per-app (heck maybe per website! that might be the new cursed way of avoiding trackers under late stage capitalism)
and yeah it sure would be shit if we get real-id laws in a few years, but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone. The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!
in the replies i expand a bit more on my point that systemd/xdg refusing to comply would more or less force distros to do the work themselves (potentially to a worse standard) or refuse, and in either case have to face the blowback themselves. While we can and should criticise industry backed distros if they blatantly disregard the interests of their users, particularly when they have the power to push back against legislation like this.
However it seems absurd to me to expect small community driven projects to navigate this legislation themselves or have to take the heat for taking steps to protect the livelihoods of their maintainers by complying with this legislation, something they would have to expend more effort in doing if the projects they are built on (systemd, flatpak, GNOME, KDE) took the high road and refused to comply.
I think there is a pretty huge lack of understanding by a lot of even highly technical Linux users when it comes to how the software supply chain of their distro actually works.
Very relevant example:
Danielle Foré (@danirabbit@mastodon.online)
When you tell me to just not implement age declaration, do you understand you’re asking me to risk thousands of dollars in fines? Which means realistically the only way for me to not follow the law is to close my business and stop making elementary OS. Do you think it makes sense for me to decide to have no income right now in the middle of massive tech layoffs in a purely symbolic act of protest? Do you really fully understand this is what you’re asking of me?
Mastodon (mastodon.online)
-
in the replies i expand a bit more on my point that systemd/xdg refusing to comply would more or less force distros to do the work themselves (potentially to a worse standard) or refuse, and in either case have to face the blowback themselves. While we can and should criticise industry backed distros if they blatantly disregard the interests of their users, particularly when they have the power to push back against legislation like this.
However it seems absurd to me to expect small community driven projects to navigate this legislation themselves or have to take the heat for taking steps to protect the livelihoods of their maintainers by complying with this legislation, something they would have to expend more effort in doing if the projects they are built on (systemd, flatpak, GNOME, KDE) took the high road and refused to comply.
I think there is a pretty huge lack of understanding by a lot of even highly technical Linux users when it comes to how the software supply chain of their distro actually works.
Very relevant example:
Danielle Foré (@danirabbit@mastodon.online)
When you tell me to just not implement age declaration, do you understand you’re asking me to risk thousands of dollars in fines? Which means realistically the only way for me to not follow the law is to close my business and stop making elementary OS. Do you think it makes sense for me to decide to have no income right now in the middle of massive tech layoffs in a purely symbolic act of protest? Do you really fully understand this is what you’re asking of me?
Mastodon (mastodon.online)
@cas I still think #SystemD should refuse to comply and I will certainly #RefuseToComply with @OS1337 as a matter of principle!
Because #Cyberfascism is bad!
-
@cas
Note that the only software that face a backlash are those that comply with authoritarianism, not the others.
yep, that's why all distros, all kernels, all the bits that are concerned need to get together as one voice on this issue. The group takes care of the individuals. Now that systemd has complied, the ones that don't use it will bear all the pressure. And the ones that do use it won't go against systemd's decision because they still are alone.
If anything systemd has become a spof that allows this kind of things to happen@rakoo I agree with your suggestions but i still feel like your analysis isn't fully grounded here. Pushing back is good, coming together to do so is amazing, but it's also not mutually exclusive with ensuring that distro maintainers don't get caught in the net and fined
i expanded a bit more here, id also suggest giving Danieles post I linked to a read
kcxt (@cas@treehouse.systems)
in the replies i expand a bit more on my point that systemd/xdg refusing to comply would more or less force distros to do the work themselves (potentially to a worse standard) or refuse, and in either case have to face the blowback themselves. While we can and should criticise industry backed distros if they blatantly disregard the interests of their users, particularly when they have the power to push back against legislation like this. However it seems absurd to me to expect small community driven projects to navigate this legislation themselves or have to take the heat for taking steps to protect the livelihoods of their maintainers by complying with this legislation, something they would have to expend more effort in doing if the projects they are built on (systemd, flatpak, GNOME, KDE) took the high road and refused to comply. I think there is a pretty huge lack of understanding by a lot of even highly technical Linux users when it comes to how the software supply chain of their distro actually works. Very relevant example: https://mastodon.online/@danirabbit/116250765623660340
Treehouse Mastodon (social.treehouse.systems)
-
@cas I still think #SystemD should refuse to comply and I will certainly #RefuseToComply with @OS1337 as a matter of principle!
Because #Cyberfascism is bad!
-
people on reddit are doing a whole lot of yapping about age verification in Linux
I would generally agree that the whole approach of these laws is total dogshit and clearly a wedge issue to enable stricter surveillance laws in the future
at the same time though, the actual implementation and potentially having a portal which exposes the users age bracket seems totally reasonable as a way to implement parental controls... I'm also not totally against holding service providers to higher standards for data processing when it comes to minors, and hey if they're doing that why shouldn't adults get the same treatment?
what im totally miffed about though is why the fuck would you get mad at systemd for adding a birthDate field to userdb, what would you have them do? Would you rather every desktop environment had its own way to store this data??
An XDG portal for this also means you can *trivially* write a stub that always identifies you as an adult or even lets you pick per-app (heck maybe per website! that might be the new cursed way of avoiding trackers under late stage capitalism)
and yeah it sure would be shit if we get real-id laws in a few years, but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone. The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!
@cas so basically:
"well, if we're going to slide into fascism and real-id laws, might as well make it user-friendly!"
nope, nope nope nope. Fight this shit every step of the way. Couldn't disagree more strongly with every single thing you've said.
Principles matter, my man. Sometimes they don't make sense, they don't fit in nicely with how an ideal world should be, sometimes they make things more difficult. That's the nature of boycotts, of refusal, of being led by your heart and not by your brain sometimes.
-
@cas na. It's just having basic principles!
-
@rakoo I agree with your suggestions but i still feel like your analysis isn't fully grounded here. Pushing back is good, coming together to do so is amazing, but it's also not mutually exclusive with ensuring that distro maintainers don't get caught in the net and fined
i expanded a bit more here, id also suggest giving Danieles post I linked to a read
kcxt (@cas@treehouse.systems)
in the replies i expand a bit more on my point that systemd/xdg refusing to comply would more or less force distros to do the work themselves (potentially to a worse standard) or refuse, and in either case have to face the blowback themselves. While we can and should criticise industry backed distros if they blatantly disregard the interests of their users, particularly when they have the power to push back against legislation like this. However it seems absurd to me to expect small community driven projects to navigate this legislation themselves or have to take the heat for taking steps to protect the livelihoods of their maintainers by complying with this legislation, something they would have to expend more effort in doing if the projects they are built on (systemd, flatpak, GNOME, KDE) took the high road and refused to comply. I think there is a pretty huge lack of understanding by a lot of even highly technical Linux users when it comes to how the software supply chain of their distro actually works. Very relevant example: https://mastodon.online/@danirabbit/116250765623660340
Treehouse Mastodon (social.treehouse.systems)
@cas Thank you for the perspective, those are really interesting. I still think that systemd being the all-encompassing OS layer it wants to be, it is the best place to fight back against this. All distros will have to fill the bit anyway. But I know it takes a lot of energy to actively fight, sometimes too much. -
@cas so basically:
"well, if we're going to slide into fascism and real-id laws, might as well make it user-friendly!"
nope, nope nope nope. Fight this shit every step of the way. Couldn't disagree more strongly with every single thing you've said.
Principles matter, my man. Sometimes they don't make sense, they don't fit in nicely with how an ideal world should be, sometimes they make things more difficult. That's the nature of boycotts, of refusal, of being led by your heart and not by your brain sometimes.
@ret yes fight this shit at every turn, but don't get mad at distros (particularly small and community driven ones) for not wanting to risk not complying. maintainers didn't sign up to risk their livelihoods against fascism and we shouldn't expect them to take on this liability
-
@ret yes fight this shit at every turn, but don't get mad at distros (particularly small and community driven ones) for not wanting to risk not complying. maintainers didn't sign up to risk their livelihoods against fascism and we shouldn't expect them to take on this liability
@cas nobody compelled
systemdto do this. Some commenters on the original PR made that much clear.Nothing/nobody compelled
systemdto do this. It was a choice to make this easier for others. Greasing the wheels of this awful concept. -
@cas It's as if UNIX carries AN ENTIRE DATABASE of PII in /etc/ without any consideration for user's privacy! Unbelievable!
I think we all need to *demand* from Kernighan and Ritchie to immediately drop /etc/passwd and related files from UNIX, and stop helping the government with collecting this kind of data. It's really appalling that no one has called them out on this yet! The shock! The horror!
-
@cas nobody compelled
systemdto do this. Some commenters on the original PR made that much clear.Nothing/nobody compelled
systemdto do this. It was a choice to make this easier for others. Greasing the wheels of this awful concept.@ret genuinely curious, if not this then how would you have distros like Debian or small ones like ElementaryOS handle this, assuming the law goes into effect and makes them ultimately responsible for complying with it?
by all means critique how systemd went about this i guess, but at the end of the day if the bar for distro maintainers is to risk fines or quit then are we not just letting the fascists win?
I just don't think implementation is the right platform to fight this issue, we need lobbying and political pressure
-
@ret genuinely curious, if not this then how would you have distros like Debian or small ones like ElementaryOS handle this, assuming the law goes into effect and makes them ultimately responsible for complying with it?
by all means critique how systemd went about this i guess, but at the end of the day if the bar for distro maintainers is to risk fines or quit then are we not just letting the fascists win?
I just don't think implementation is the right platform to fight this issue, we need lobbying and political pressure
@cas this is open source, we're never going to have a billion dollar lobby or enough political pressure to change this stuff. But we can fight. If you live in the U.S., in California, and you are the main maintainer of a distro, then you have a decision to make about how to proceed. That's it. Anything beyond that, especially actions by European residents supporting this crap is purely proactive compliance with a law that doesn't affect them at all.
-
people on reddit are doing a whole lot of yapping about age verification in Linux
I would generally agree that the whole approach of these laws is total dogshit and clearly a wedge issue to enable stricter surveillance laws in the future
at the same time though, the actual implementation and potentially having a portal which exposes the users age bracket seems totally reasonable as a way to implement parental controls... I'm also not totally against holding service providers to higher standards for data processing when it comes to minors, and hey if they're doing that why shouldn't adults get the same treatment?
what im totally miffed about though is why the fuck would you get mad at systemd for adding a birthDate field to userdb, what would you have them do? Would you rather every desktop environment had its own way to store this data??
An XDG portal for this also means you can *trivially* write a stub that always identifies you as an adult or even lets you pick per-app (heck maybe per website! that might be the new cursed way of avoiding trackers under late stage capitalism)
and yeah it sure would be shit if we get real-id laws in a few years, but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone. The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!
@cas if it's so trivial to write an xdg portal then do it yourself. doesn't that require the application to be written to use xdg portals though and therefore provides no protection against malware? this is precisely why init systems making decisions without distro consent sucks.
and it's crazy how you're acting like every desktop environment would make the same choice as lennart did. yes i would prefer that every service on my system be allowed to decide whether to capitulate to the fascist regime printing number tattoos. that means i can decide.
"distros or random individuals" is a crazy thing to say. i'm sure flathub will save us all from the tyranny of distro reviewers who allow us to consent to changes. "distros or random individuals" are exactly the people who would implement the trivial xdg portal and they are also individually accountable for changes to software running on our machine. your argument here is that everyone else would have made the same decision and lennart is more trusted than anyone else.
read IBM and the Holocaust and learn what rené carmille did https://en.wikipedia.org/wiki/Ren%C3%A9_Carmille
-
Fine. We'll take the bait.
Here are some facts.
- SystemD (and most of FD.O) is an IBM product by virtue of the sheer weigh behind Red Hat's contributions to most to their codebases
- Most of the kernel patches are submited by IBM/RHEL, MicroSlop, Amazon, Google, Oracle, Meta employees.
- A lot of these "anti big tech", "for the children" surveilance laws are being lobbied by... These same companies who happen to be contributing most of the code to freedesktop dot org, and who own these very platforms.
- SystemD is the first project to rush to implement these surveilance specs.
These are just facts regarding the current situation.
This has nothing to do with the inane discourse unsavoury people and fascists alike love parroting ad nauseum, going against everything systemd has done due to being "monolithic corporate slop" and "not SysVInit"
And yet... Here we have a clear example of legitimate concerns being drowned by the wolf that cried "child" and their comrades trying to muddy the waters.
The corporate product with a lot of corporate weight behind it is the first to implement the corporate surveilance garbage onto its code way ahead of schedule.
... It is really not a conspiracy when you are seeing the thing happen in real time now is it?
-
@cas i am waiting for the moment when these folks who partake in this misguided shitstorm learn about the kind of PII the good old GECOS field on Linux/UNIX carries...
And once people are over that the next shock waits for them! There's a file in /etc/ that contains a hash (i.e. a unique identifier!) of your most personal, private, secret data: your password. And linux systems even kinda insist on you on providing that on first install! Can you believe that?
-
people on reddit are doing a whole lot of yapping about age verification in Linux
I would generally agree that the whole approach of these laws is total dogshit and clearly a wedge issue to enable stricter surveillance laws in the future
at the same time though, the actual implementation and potentially having a portal which exposes the users age bracket seems totally reasonable as a way to implement parental controls... I'm also not totally against holding service providers to higher standards for data processing when it comes to minors, and hey if they're doing that why shouldn't adults get the same treatment?
what im totally miffed about though is why the fuck would you get mad at systemd for adding a birthDate field to userdb, what would you have them do? Would you rather every desktop environment had its own way to store this data??
An XDG portal for this also means you can *trivially* write a stub that always identifies you as an adult or even lets you pick per-app (heck maybe per website! that might be the new cursed way of avoiding trackers under late stage capitalism)
and yeah it sure would be shit if we get real-id laws in a few years, but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone. The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!
@cas
| Would you rather every desktop environment had its own way to store this data??Uh, yes? Uniform implementation makes future grabs easier to conceive and therefore more likely.
As engineers, we all like nice, uniform solutions. Why? Easier to build on top of. Which in this case is something virtually no one wants.
-
-
@f4grx i'm sorry but this is just FUD. GNOME lets you set a profile photo for your user account but we aren't getting up in arms about how any unsandboxed software could upload it and run facial recognition.
@cas the fud is on your part. Having this info available is just the first step. Laws mandating its value in http headers prior to accessing data is next.
-
people on reddit are doing a whole lot of yapping about age verification in Linux
I would generally agree that the whole approach of these laws is total dogshit and clearly a wedge issue to enable stricter surveillance laws in the future
at the same time though, the actual implementation and potentially having a portal which exposes the users age bracket seems totally reasonable as a way to implement parental controls... I'm also not totally against holding service providers to higher standards for data processing when it comes to minors, and hey if they're doing that why shouldn't adults get the same treatment?
what im totally miffed about though is why the fuck would you get mad at systemd for adding a birthDate field to userdb, what would you have them do? Would you rather every desktop environment had its own way to store this data??
An XDG portal for this also means you can *trivially* write a stub that always identifies you as an adult or even lets you pick per-app (heck maybe per website! that might be the new cursed way of avoiding trackers under late stage capitalism)
and yeah it sure would be shit if we get real-id laws in a few years, but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone. The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!
@cas you nailed it in the last sentence when you said "if we need to have the crap" We don't need this crap and embedding it in the cancer that is systemd makes it even harder to cut out.
But hey, you do you. Bend the knee to whomever you like.
-
Fine. We'll take the bait.
Here are some facts.
- SystemD (and most of FD.O) is an IBM product by virtue of the sheer weigh behind Red Hat's contributions to most to their codebases
- Most of the kernel patches are submited by IBM/RHEL, MicroSlop, Amazon, Google, Oracle, Meta employees.
- A lot of these "anti big tech", "for the children" surveilance laws are being lobbied by... These same companies who happen to be contributing most of the code to freedesktop dot org, and who own these very platforms.
- SystemD is the first project to rush to implement these surveilance specs.
These are just facts regarding the current situation.
This has nothing to do with the inane discourse unsavoury people and fascists alike love parroting ad nauseum, going against everything systemd has done due to being "monolithic corporate slop" and "not SysVInit"
And yet... Here we have a clear example of legitimate concerns being drowned by the wolf that cried "child" and their comrades trying to muddy the waters.
The corporate product with a lot of corporate weight behind it is the first to implement the corporate surveilance garbage onto its code way ahead of schedule.
... It is really not a conspiracy when you are seeing the thing happen in real time now is it?
@ZanaGB
Yes, Red Hat is a heavy weight in contributions but it's misleading to think in those terms.
https://fedoraproject.org/wiki/Red_Hat_contributionsSo we look at governance, I cant find the link for stuff so I'll just the first result in my search engine. https://www.x.org/wiki/BoardOfDirectors/
Do note, that it makes sense to view the stuff gnome is doing and the gnome foundation as completely different things.
https://handbook.gnome.org/governance.html#maintainers
https://www.bassi.io/articles/2025/08/03/governance-in-gnome/systemd is probably the clearest example for cooperate involvement, as it's not a desktop only component.
https://systemd.io/GOVERNANCE/systemd isn't the first project to rush. it's not a spec to provide that, it sadly passed in california. and it maps cleanly to existing gecos field for passwd so isn't a new thing for linux. /etc/passwd is probably readable by everyone, so already fingerprinting compatible.
i myself will just geoblock non-europe in the future if i make my distro public.You wanna think about corporate linux desktop? We already have that, it's called chromebook, android and steamos. https://agelesslinux.org/distros.html
There are far worse things already around for years. Like forcing a data sim-card in combination with a microphone in your car. You should be scared for a widevine-like module in trustzone to ensure you verified your age with a government. Not seeing certain domains in emails of contributors as a big conspiracy by big tech. It's so much easier to just force compliance by saying that "disabling secure boot" and "rooting" is prohibited in a country, only compliant operating systems will be allowed.
https://compliancehub.wiki/brazil-age-verification-law-operating-systems/
