The extent to which core linux projects are laying the groundwork for age verification is very concerning.
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
@sarahjamielewis ... The nightmarish idea of having to fork linux core.
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
I wonder why I'm not surprised that people like Pottering are complacent about this situation.
And it's no surprise that the core distros are complacent either, given how they've been infected by certain schools of thought...
-
E em0nm4stodon@infosec.exchange shared this topic
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
It's a fairly binary option, comply with the law as written (as best as it can be interpreted anyway) or simply ignore it and see what happens.
If those who are considered to be in violation are prepared to accept the consequences then they should do so.
They would have my support for resisting a stupid and illogical law.
systemd for all of its many faults is making a beginning for those who wish to build a framework. It's not mandatory. I don't see how any version of Linux could force this issue.
For one, I am looking with interest at the Ageless Linux strategy which any version of Linux could adopt as a way to achieve malicious non-compliance.
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
@sarahjamielewis i think what many of "us" (free software likers who are not involved in OS dev its self) have realized in this is how exposed to these demands it actually is.
for a long time i had a fantasy version about how these things are produced, maybe influenced from how open source worked in web development; a lot of light touches building something without much funding. but for linux so much of it is really done through paid development by people working at big companies, and they are quite unempowered to do anything about these decisions other than quit outright.
or maybe better said it's that there is no preexisting whisper network or informal understanding of solidarity on these issues among the people most deeply involved in implementation, so there's not really any muscle to be flexed and push back as a group?
-
R relay@relay.an.exchange shared this topic
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
IMO the most concerning part of these laws is still the obligations imposed on developers rather than the OS side.
But I didn't anticipate the speed to which system developers would move to implement and accept these awful proposals.
Sarah Jamie Lewis (@sarahjamielewis@mastodon.social)
Something I really really want to emphasize here: The "age verification" bit doesn't really matter. Even as far as mandating the existence of parental controls is debatable in many contexts. The "developer liability to know personal information" bit is an existential threat to free software. And the bit that deserves defending from every possible angle (freedom of speech, expression, and privacy law to name a few) https://mastodon.social/@sarahjamielewis/116178334950236964
Mastodon (mastodon.social)
-
It's a fairly binary option, comply with the law as written (as best as it can be interpreted anyway) or simply ignore it and see what happens.
If those who are considered to be in violation are prepared to accept the consequences then they should do so.
They would have my support for resisting a stupid and illogical law.
systemd for all of its many faults is making a beginning for those who wish to build a framework. It's not mandatory. I don't see how any version of Linux could force this issue.
For one, I am looking with interest at the Ageless Linux strategy which any version of Linux could adopt as a way to achieve malicious non-compliance.
It's a fairly binary option, comply with the law as written (as best as it can be interpreted anyway) or simply ignore it and see what happens.
It's not even complying with the law though... Someone rightfully pointed out, laws are likely to be amended, so rushing to comply in advance will probably not meet later requirements. Other implementations are likely to be contradictory.
systemd for all of its many faults is making a beginning for those who wish to build a framework. It's not mandatory. I don't see how any version of Linux could force this issue.
Putting aside that age-gating is outside of the scope of something that should only be handling init, it's mandatory in that most major distros are built around systemd and use it as a dependency...
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
@sarahjamielewis I fear that part of the reason for this is the developer mindset. They see a new problem that they can solve so they start working on it without thinking if they should build this in the first place.
-
It's a fairly binary option, comply with the law as written (as best as it can be interpreted anyway) or simply ignore it and see what happens.
It's not even complying with the law though... Someone rightfully pointed out, laws are likely to be amended, so rushing to comply in advance will probably not meet later requirements. Other implementations are likely to be contradictory.
systemd for all of its many faults is making a beginning for those who wish to build a framework. It's not mandatory. I don't see how any version of Linux could force this issue.
Putting aside that age-gating is outside of the scope of something that should only be handling init, it's mandatory in that most major distros are built around systemd and use it as a dependency...
@simonzerafa @sarahjamielewis If you want to see something interesting, try removing systemd from your distro. (Don't actually do it. Use dry-run or whatever equivalent you might have.) Just watch how much else gets removed with it...
Some people are actually doing it and it even removes stuff like Pipewire-Pulse. They're back down to Alsa and all the problems it presents...
-
@simonzerafa @sarahjamielewis If you want to see something interesting, try removing systemd from your distro. (Don't actually do it. Use dry-run or whatever equivalent you might have.) Just watch how much else gets removed with it...
Some people are actually doing it and it even removes stuff like Pipewire-Pulse. They're back down to Alsa and all the problems it presents...
@nazokiyoubinbou @sarahjamielewis
My bet would be that the Ageless Linux strategy will be the way to go.
Distros will ultimately have to comply with the law (however stupid and illogical) and let users break or sidestep compliance post installation.
The legal folks can point to whomever asks and say that Linux / our distro is compliant and users can break it as they see fit.
I doubt that even the commercial distros will want to pay fines or suffer the other legal consequences even if they can theoretically afford it.
Hopefully the various laws will be eventually be written to be sensible but while we wait for that ...
-
@nazokiyoubinbou @sarahjamielewis
My bet would be that the Ageless Linux strategy will be the way to go.
Distros will ultimately have to comply with the law (however stupid and illogical) and let users break or sidestep compliance post installation.
The legal folks can point to whomever asks and say that Linux / our distro is compliant and users can break it as they see fit.
I doubt that even the commercial distros will want to pay fines or suffer the other legal consequences even if they can theoretically afford it.
Hopefully the various laws will be eventually be written to be sensible but while we wait for that ...
@simonzerafa @sarahjamielewis As I said in my previous post, rushing to comply in advance will result in them not being able to comply or even breaking other laws (like privacy) in the process. (I would, in fact, argue that they can't comply with these laws due to this and the laws themselves are illegal, so by rushing to comply in advance, they're actually breaking other, more established laws.)
I will agree that the decision should be the user's, but opt-out is NOT letting the user decide. Opt-out is making the decision and then requiring the user to jump through hoops. Ultimately this will also mean your data will be submitted first. That also means opt-out often doesn't really opt-out, it just provides the illusion. Once the data is collected it's frequently already too late.
-
@simonzerafa @sarahjamielewis As I said in my previous post, rushing to comply in advance will result in them not being able to comply or even breaking other laws (like privacy) in the process. (I would, in fact, argue that they can't comply with these laws due to this and the laws themselves are illegal, so by rushing to comply in advance, they're actually breaking other, more established laws.)
I will agree that the decision should be the user's, but opt-out is NOT letting the user decide. Opt-out is making the decision and then requiring the user to jump through hoops. Ultimately this will also mean your data will be submitted first. That also means opt-out often doesn't really opt-out, it just provides the illusion. Once the data is collected it's frequently already too late.
@simonzerafa @sarahjamielewis As a side note, "just being illegal" isn't the only other option. Fighting back is also an option. Telling them that this can't be legally implemented is an option. Hiring lawyers (fund-raising first if need be, but likely EFF/etc will take it) is an option.
Rushing to comply in advance is intentionally and willfully making a decision to circumnavigate what is best for users because it's what they want (and I might add here that "they" is actually a very small handful of people who are just pushing it through and ignoring/deflecting arguments. Oh, and Claude apparently.)
One thing I'd really like to be clear on is that in complying in advance with that law in one specific area, they're probably breaking a lot of other laws everywhere else.
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
@sarahjamielewis I think the best way to go is to make this a) fully optional and b) as loosely coupled to the system as possible. Next, we need to look into licensing to ensure that if we provide a system meant for the rest of the world w/o age verification, that we can get any legal costs back from users who used it in a country w/ age verification.
-
@nazokiyoubinbou @sarahjamielewis
My bet would be that the Ageless Linux strategy will be the way to go.
Distros will ultimately have to comply with the law (however stupid and illogical) and let users break or sidestep compliance post installation.
The legal folks can point to whomever asks and say that Linux / our distro is compliant and users can break it as they see fit.
I doubt that even the commercial distros will want to pay fines or suffer the other legal consequences even if they can theoretically afford it.
Hopefully the various laws will be eventually be written to be sensible but while we wait for that ...
@simonzerafa @nazokiyoubinbou @sarahjamielewis rush to comply or what...put a disclaimer on Linux that says not valid in California.
If someone installs software not made for CA in CA whose fault is that.
Do they have to actively stop download or installs based on some geo restriction.
-
@simonzerafa @nazokiyoubinbou @sarahjamielewis rush to comply or what...put a disclaimer on Linux that says not valid in California.
If someone installs software not made for CA in CA whose fault is that.
Do they have to actively stop download or installs based on some geo restriction.
@ahasty @simonzerafa @sarahjamielewis Don't forget that by complying with that one law in that one area (which will likely be amended and thus making any compliance in advance rushed out now non-compliant anyway) they're violating laws in California and in other places...
Or they could just not rush to comply in advance and speak to a lawyer. I bet the EFF would be really glad to step in.
BTW, contrary to popular believe among those hitting accept on PRs, Claude is not actually an expert on legal matters (or anything else for that matter...)
-
The extent to which core linux projects are laying the groundwork for age verification is very concerning.
I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.
But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.
@sarahjamielewis The fact that they’re writing even one line of code for it is concerning already.
-
@ahasty @simonzerafa @sarahjamielewis Don't forget that by complying with that one law in that one area (which will likely be amended and thus making any compliance in advance rushed out now non-compliant anyway) they're violating laws in California and in other places...
Or they could just not rush to comply in advance and speak to a lawyer. I bet the EFF would be really glad to step in.
BTW, contrary to popular believe among those hitting accept on PRs, Claude is not actually an expert on legal matters (or anything else for that matter...)
@nazokiyoubinbou @simonzerafa @sarahjamielewis
It would be really fun to see a bunch of distros just say no to California. I do hate that these Devs feel like this should be a component of systemd of all things
-
@nazokiyoubinbou @simonzerafa @sarahjamielewis
It would be really fun to see a bunch of distros just say no to California. I do hate that these Devs feel like this should be a component of systemd of all things
@ahasty @simonzerafa @sarahjamielewis Agreed.
Systemd has stepped way outside of its scope. Really it has done so in a lot of things, but it's starting to get really extreme as it begins to collect private data about users that they're not even supposed to have direct control over...
IMO it's time to just dump systemd anyway. I suppose it's more of a fallen support beam that broke the camel's back than a straw, but the camel's back is broken and it's time to move on. Systems shouldn't have been built to be so interdependent on systemd which should not be doing all the stuff it's doing...
Really, if they want to comply, since doing so kind of violates laws elsewhere and often enough even the licenses in the distro, they have to make a California-specific distro...
-
@sarahjamielewis I fear that part of the reason for this is the developer mindset. They see a new problem that they can solve so they start working on it without thinking if they should build this in the first place.
@johan @sarahjamielewis This is why a maintainer's most important job is to say no.
-
@johan @sarahjamielewis This is why a maintainer's most important job is to say no.
@dalias @sarahjamielewis True but this happens a lot too in non FOSS environments. You have to really hope you have a product owner who thinks about whether the new feature is actually useful
-
@simonzerafa @sarahjamielewis If you want to see something interesting, try removing systemd from your distro. (Don't actually do it. Use dry-run or whatever equivalent you might have.) Just watch how much else gets removed with it...
Some people are actually doing it and it even removes stuff like Pipewire-Pulse. They're back down to Alsa and all the problems it presents...
@nazokiyoubinbou @simonzerafa @sarahjamielewis Still on OpenRC to this day. I've never once regretted not having systemd.
