people on reddit are doing a whole lot of yapping about age verification in Linux
-
@cas @jane @freya
I mentioned here here:
https://social.vlhl.dev/notice/B4PU0aMRZdCXV8QAJk
but tl:dr I believe that a child young enough to need parental controls should not be left alone unsupervised w/ an internet device, and that teenagers should have already learnt discretion and have built a trust relationship with their parents
in a good world then, parental controls would just be guardrails for the former, but in the world we live in, i fear how much abuse, well, abusive parents might cause on the latter by forcing parental controls on their devicesa trust relationship is exactly the thing i am arguing for, i'm not sure how much you dealt with actual parenting and supervising children.
you're arguing against a cptsd survior, i had very a abusive parents. the reality is that we as a foss community should enable healthy foss tools, because the stalkerware will get developed anyway due to money incentives. and it will not rely on any age bracket stuff as the primary usecase for stalkerware is stalking partners.
-
a trust relationship is exactly the thing i am arguing for, i'm not sure how much you dealt with actual parenting and supervising children.
you're arguing against a cptsd survior, i had very a abusive parents. the reality is that we as a foss community should enable healthy foss tools, because the stalkerware will get developed anyway due to money incentives. and it will not rely on any age bracket stuff as the primary usecase for stalkerware is stalking partners.
-
@cas It's as if UNIX carries AN ENTIRE DATABASE of PII in /etc/ without any consideration for user's privacy! Unbelievable!
I think we all need to *demand* from Kernighan and Ritchie to immediately drop /etc/passwd and related files from UNIX, and stop helping the government with collecting this kind of data. It's really appalling that no one has called them out on this yet! The shock! The horror!
-
@eliasr @pid_eins superficially sure that makes sense, if FOSS existed in a vacuum I'd be totally on board. But despite the efforts of many to create and share software while taking zero responsibility for the consequences of their actions, software still exists in the real world.
To be clear (though I think i said so in my post) im not in favour of governments imposing restrictions or requirements on software, these laws are arbitrary and almost as hard to define concretely as they are to enforce.
With that being said, if I may attempt to challenge your underlying assumptions here: how are the requirements of law different to the requirements of (for example) a security minded individual, or an enterprise customer?
I want to daily drive a Linux phone but I care a whole lot about security and implementation details basically mean to only way to implement a truly secure OS stack is to use proprietary "trusted apps" from Qualcomm to protect my OS encryption keys (think software backed TPM), I have no doubt in my mind that people may object to the idea of Linux loading proprietary trusted apps into the "secure world" to implement this functionality, but would you object to the kernel adding support for this because it might not be "what the users want"?
I guess im making two points here so i'll try to separate them:
1. At what point is a topic so technical that the opinion of an average user with minimal context shouldn't be trusted?
2. How do you in practice enforce that "libre" software is always serving "the users" without alienation and othering?Like I personally am always pretty confused and occasionally frustrated by the systemd unit constraints system, did i want Requires= or BindsTo= or WantedBy= or Requisite= etc.... Similarly the fact that every openrc service file is a shell script is infuriating, does these mean these aren't libre projects?
And again, yes I think the laws are fucking dumb, i just think criticising systemd and XDG in particular is just virtue signaling here, not advocating for real change. I hope i don't just come across as contrarian, you're making a philosophical argument so I hope it's ok to respond in kind.
Is it virtue signalling though?
Can't it be plain frustration about the state and trend of the world in this matter?Yes, it might be barking up the wrong tree.
But I think what many people are looking for is acknowledgement of that frustration, a feeling of being heard at least within *their* community. At least within libre FOSS.How to respond to that is a choice.
-
@navi so your arguing against a specific implementation? memories while growing up are heavily skewed, that was a really though thing to learn for me while taking care of a kid for a year. there were even moments were it made sense to lie or heavily skew the truth, a thing i couldn't have imagined before.
-
@navi so your arguing against a specific implementation? memories while growing up are heavily skewed, that was a really though thing to learn for me while taking care of a kid for a year. there were even moments were it made sense to lie or heavily skew the truth, a thing i couldn't have imagined before.
@jane i argue against specific features, that are often included in "parental control"
so far the only thing people convinced me could be okay, is screen timeout timers
what i get worried is, for a teenager, making it easy to allowlist-only or blocklist websites and content types, and making it easy to track everything they do with their devices
sure, there is other ways of doings those things, but the easier those tools are to enable and use, the more i saw them get abused -
@ZanaGB @cas @freya yes. but at what point has the child learned enough? at what age is privacy more important? you can't supervise a child all day long unless your an "helicopter parent"
it's giving your kid training wheels with a bicycle so your sibling can take them on a small road tour, there isn't an exact day where a newborn turns into a kid turns into an teenager turns into an adolescent.
Y'all SERIOUSLY need to trust your kids more. They arent stupid.
Dunno about your local culture. But everyone here grew up knowing you never had to talk to strangers, nwver dibulge any information and stay away from anything that demands a paynent.
Kids are smarter than you remember. Tell them not to do something and why and 99% of the time they will follow through.
No, you will not get a free PS2. No, that raffle for the shiny creature is rigged against you. No. You may not have horse armour. That game looks sketchy but it comes from Steam you might have it. No i dont care all your friends are posting selfies they are going to get hurt and you cannot make an instagram.
One thing is not letting your kids have any agency (helicoptering) and the other is telling them gently they cannot have things and why.
You cannot leave IBM, Amazon, Google, Meta and Oracle decide how it is best to take the task of parenting. The owners of the platforms with addictive content aimed towards children do not have the besr intentions at mind with these policies. The best way to prevent kids from being in places they should not be is... Being literally around them every now and then to check what they are up to and simply... Dont let them go to those platforms.
-
people on reddit are doing a whole lot of yapping about age verification in Linux
I would generally agree that the whole approach of these laws is total dogshit and clearly a wedge issue to enable stricter surveillance laws in the future
at the same time though, the actual implementation and potentially having a portal which exposes the users age bracket seems totally reasonable as a way to implement parental controls... I'm also not totally against holding service providers to higher standards for data processing when it comes to minors, and hey if they're doing that why shouldn't adults get the same treatment?
what im totally miffed about though is why the fuck would you get mad at systemd for adding a birthDate field to userdb, what would you have them do? Would you rather every desktop environment had its own way to store this data??
An XDG portal for this also means you can *trivially* write a stub that always identifies you as an adult or even lets you pick per-app (heck maybe per website! that might be the new cursed way of avoiding trackers under late stage capitalism)
and yeah it sure would be shit if we get real-id laws in a few years, but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone. The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!
@cas honestly, having this be trivially by passable sounds like a wholly desirable outcome
-
@eliasr @pid_eins superficially sure that makes sense, if FOSS existed in a vacuum I'd be totally on board. But despite the efforts of many to create and share software while taking zero responsibility for the consequences of their actions, software still exists in the real world.
To be clear (though I think i said so in my post) im not in favour of governments imposing restrictions or requirements on software, these laws are arbitrary and almost as hard to define concretely as they are to enforce.
With that being said, if I may attempt to challenge your underlying assumptions here: how are the requirements of law different to the requirements of (for example) a security minded individual, or an enterprise customer?
I want to daily drive a Linux phone but I care a whole lot about security and implementation details basically mean to only way to implement a truly secure OS stack is to use proprietary "trusted apps" from Qualcomm to protect my OS encryption keys (think software backed TPM), I have no doubt in my mind that people may object to the idea of Linux loading proprietary trusted apps into the "secure world" to implement this functionality, but would you object to the kernel adding support for this because it might not be "what the users want"?
I guess im making two points here so i'll try to separate them:
1. At what point is a topic so technical that the opinion of an average user with minimal context shouldn't be trusted?
2. How do you in practice enforce that "libre" software is always serving "the users" without alienation and othering?Like I personally am always pretty confused and occasionally frustrated by the systemd unit constraints system, did i want Requires= or BindsTo= or WantedBy= or Requisite= etc.... Similarly the fact that every openrc service file is a shell script is infuriating, does these mean these aren't libre projects?
And again, yes I think the laws are fucking dumb, i just think criticising systemd and XDG in particular is just virtue signaling here, not advocating for real change. I hope i don't just come across as contrarian, you're making a philosophical argument so I hope it's ok to respond in kind.
> how are the requirements of law different to
> the requirements of (for example) a security minded individual,
> or an enterprise customer?It sounds like you are assuming that the law is always good, that the state (making laws) is always good. I think taking a look around the world today makes it pretty clear that this is not the case. The state can be really bad, laws can be really bad.
1/?
-
> how are the requirements of law different to
> the requirements of (for example) a security minded individual,
> or an enterprise customer?It sounds like you are assuming that the law is always good, that the state (making laws) is always good. I think taking a look around the world today makes it pretty clear that this is not the case. The state can be really bad, laws can be really bad.
1/?
Anyway I think you kind of missed the point I was trying to make: I am not critical of the code change itself, what I am critical of is the way it was presented.
To clarify precisely what I mean, it's the first sentence in this PR: https://github.com/systemd/systemd/pull/40954 which says:
"Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc."
I don't like that framing of the code change.
2/3
-
Anyway I think you kind of missed the point I was trying to make: I am not critical of the code change itself, what I am critical of is the way it was presented.
To clarify precisely what I mean, it's the first sentence in this PR: https://github.com/systemd/systemd/pull/40954 which says:
"Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc."
I don't like that framing of the code change.
2/3
@cas saying "as required by recent laws" indicates a mindset that "what we do here is to implement laws. States make laws, we implement them. That is what this software is about: compliance with laws."
And I think such a mindset goes against the idea of free software.
> I hope i don't just come across as contrarian
I appreciate your answer, and I'm sorry I only answered parts of it!
-
people on reddit are doing a whole lot of yapping about age verification in Linux
I would generally agree that the whole approach of these laws is total dogshit and clearly a wedge issue to enable stricter surveillance laws in the future
at the same time though, the actual implementation and potentially having a portal which exposes the users age bracket seems totally reasonable as a way to implement parental controls... I'm also not totally against holding service providers to higher standards for data processing when it comes to minors, and hey if they're doing that why shouldn't adults get the same treatment?
what im totally miffed about though is why the fuck would you get mad at systemd for adding a birthDate field to userdb, what would you have them do? Would you rather every desktop environment had its own way to store this data??
An XDG portal for this also means you can *trivially* write a stub that always identifies you as an adult or even lets you pick per-app (heck maybe per website! that might be the new cursed way of avoiding trackers under late stage capitalism)
and yeah it sure would be shit if we get real-id laws in a few years, but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone. The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!
@cas implementing birth date in systemd now is showing everyone how this kind of control is technically practical and can be extended and enforced. It'an entirely new torment nexus being implemented right now.
Seeing no problem here is VERY short sighted.
This cant be good.
-
@jane @freya agreed, this was basically the point i was trying to get to. parental controls in Linux are absolutely a good feature to have, and the GNOME community have earnt a lot of respect from me for implementing this functionality. The ability to impose restrictions on non-sudo users (particularly children) is NOT a restriction of freedoms, I'd argue it's the opposite.
Knowing you can give your kids a device running a FOSS OS while being able to ensure they aren't accessing software they shouldn't is a good thing, give them the freedom to enjoy tech without looking over their shoulder
-
-
@cas honestly, having this be trivially by passable sounds like a wholly desirable outcome
@VileLasagna @cas the mere existence of the system, bypassable or not, is extremely problematic. These half assed layws have to be fought against.
-
@cas "i do not understand why people are so upset that i am giving a gun to the firing squad and i am pre-emptively placing myself against the wall. Its not like they will shoot me and go after everyone indiscriminately or anything. Would you rather the goons need to find their own guns and justified action to prosecute me?"
The only thing y'all needed to do is not implement that garbage until 2027, and force everyone to walk the legislation back. And if they dont: "sorry you cannot use this in california". But hey. No. Fuck the entire world over complying with one law for 1/50th of the US of A.
Everyone involved on the linux exosystem development should be ashamed. The big iron financing your patches has played you like absolute fools.
-
@cas this is a canonical example of "complying in advance"
@migratory @cas definitely a very bad look.
-
Y'all SERIOUSLY need to trust your kids more. They arent stupid.
Dunno about your local culture. But everyone here grew up knowing you never had to talk to strangers, nwver dibulge any information and stay away from anything that demands a paynent.
Kids are smarter than you remember. Tell them not to do something and why and 99% of the time they will follow through.
No, you will not get a free PS2. No, that raffle for the shiny creature is rigged against you. No. You may not have horse armour. That game looks sketchy but it comes from Steam you might have it. No i dont care all your friends are posting selfies they are going to get hurt and you cannot make an instagram.
One thing is not letting your kids have any agency (helicoptering) and the other is telling them gently they cannot have things and why.
You cannot leave IBM, Amazon, Google, Meta and Oracle decide how it is best to take the task of parenting. The owners of the platforms with addictive content aimed towards children do not have the besr intentions at mind with these policies. The best way to prevent kids from being in places they should not be is... Being literally around them every now and then to check what they are up to and simply... Dont let them go to those platforms.
-
@jane i argue against specific features, that are often included in "parental control"
so far the only thing people convinced me could be okay, is screen timeout timers
what i get worried is, for a teenager, making it easy to allowlist-only or blocklist websites and content types, and making it easy to track everything they do with their devices
sure, there is other ways of doings those things, but the easier those tools are to enable and use, the more i saw them get abused -
️