Mastodawn

Niels De Graef Mar 20

people on reddit are doing a whole lot of yapping about age verification in Linux

I would generally agree that the whole approach of these laws is total dogshit and clearly a wedge issue to enable stricter surveillance laws in the future

at the same time though, the actual implementation and potentially having a portal which exposes the users age bracket seems totally reasonable as a way to implement parental controls... I'm also not totally against holding service providers to higher standards for data processing when it comes to minors, and hey if they're doing that why shouldn't adults get the same treatment?

what im totally miffed about though is why the fuck would you get mad at systemd for adding a birthDate field to userdb, what would you have them do? Would you rather every desktop environment had its own way to store this data??

An XDG portal for this also means you can *trivially* write a stub that always identifies you as an adult or even lets you pick per-app (heck maybe per website! that might be the new cursed way of avoiding trackers under late stage capitalism)

and yeah it sure would be shit if we get real-id laws in a few years, but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone. The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!

Ra (Freyja) (it/its)𒀭𒈹𒍠𒊩 Mar 20

@cas I would ask why providers should make it easier to implement parental controls, given what those are so often used to do (namely, horrifying shit?)

jane400 - 628.4 fan Mar 20

@freya
your argument sound like an ad hominem.

one can also implement parental controls to be not creepy; without it turning into an audit of the child's every activity or doing gps tracking. reasonable parenting is working on limits in cooperation/input of the child.

new features i didn't expect and am happly suprised about this release in gnome: https://ubuntuhandbook.org/index.php/2026/01/gnome-50-will-support-bedtime-daily-screen-time-parental-controls/amp/

@jane @freya agreed, this was basically the point i was trying to get to. parental controls in Linux are absolutely a good feature to have, and the GNOME community have earnt a lot of respect from me for implementing this functionality. The ability to impose restrictions on non-sudo users (particularly children) is NOT a restriction of freedoms, I'd argue it's the opposite.

Knowing you can give your kids a device running a FOSS OS while being able to ensure they aren't accessing software they shouldn't is a good thing, give them the freedom to enjoy tech without looking over their shoulder

witch_t *navi Mar 20

@cas @jane @freya

I mentioned here here:
https://social.vlhl.dev/notice/B4PU0aMRZdCXV8QAJk

but tl:dr I believe that a child young enough to need parental controls should not be left alone unsupervised w/ an internet device, and that teenagers should have already learnt discretion and have built a trust relationship with their parents

in a good world then, parental controls would just be guardrails for the former, but in the world we live in, i fear how much abuse, well, abusive parents might cause on the latter by forcing parental controls on their devices

witch_t *navi (@[email protected])

on "growing up tech literate, and parental controls" i was allowed to use the computer we had at the house at around 6yo my dad would install games for me, mom would watch videos with me but cru...

jane400 - 628.4 fan Mar 20

@navi @freya @cas my god, the point of parental controls is tbe potential to turn of browsers and the "internet"

jane400 - 628.4 fan Mar 20

@navi @freya @cas

a trust relationship is exactly the thing i am arguing for, i'm not sure how much you dealt with actual parenting and supervising children.

you're arguing against a cptsd survior, i had very a abusive parents. the reality is that we as a foss community should enable healthy foss tools, because the stalkerware will get developed anyway due to money incentives. and it will not rely on any age bracket stuff as the primary usecase for stalkerware is stalking partners.

witch_t *navi Mar 20

@jane @freya @cas

i speak out of the self experience i mentioned above, out of the need growing up of watching over my small brother, and out of the personal experience shared with me by friends while growing, who did have the parental controls in apple devices used against them, and that's all

jane400 - 628.4 fan Mar 20

@navi so your arguing against a specific implementation? memories while growing up are heavily skewed, that was a really though thing to learn for me while taking care of a kid for a year. there were even moments were it made sense to lie or heavily skew the truth, a thing i couldn't have imagined before.

witch_t *navi Mar 20

@jane i argue against specific features, that are often included in "parental control"

so far the only thing people convinced me could be okay, is screen timeout timers

what i get worried is, for a teenager, making it easy to allowlist-only or blocklist websites and content types, and making it easy to track everything they do with their devices

sure, there is other ways of doings those things, but the easier those tools are to enable and use, the more i saw them get abused

F4GRX SÃ©bastien Mar 20

@navi @jane kids are smart. the more you censor, the more the teenager will use their friend's unlocked devices, and then you will see NOTHING.

jane400 - 628.4 fan Mar 20

@navi you should be arguing against technology being sold as a substitution for teaching and parenting. of course big tech with its "ask me later" doesn't teach consent.

this is isn't a technological problem, this is a societal problem and tolerating abusive parents. not asking children in school what they face at home, how they are allowed to use technology. only since the year 2000 have children the right for nonviolent parenting in germany.

@navi @jane @freya I think I could be persuaded either way on this topic tbh, it depends a whole lot on the family, the interests of the kid, their relationships, etc...

F4GRX SÃ©bastien Mar 20

@cas @jane @freya Edit: not even. This is all bad, period.

Previous toot: agree this is app stuff. Let kde and gnome do it. Let me install something else if need be. Let me remove it. I want none of it in fucking systemd.

@freya @cas ****THIS***

“Is it really so bad that oven makers enlarge their ovens to 40 pounds? There ARE other uses beyond cooking children, after all.”

Don’t look for Modest Proposals of tech shifts that enable Swift shifts into being abused. ‘Why not add the DOB field’ plus ‘might as well use it’ is a dystopic result from an innocent pair.

@freya @cas fuck, the worst part of getting old is encountering Adults that are passionate about internet ethics but are too young for Risks and cypherpunk listserv/ digests to have infused their thinking.

(Edited to add https://smolhaj.social/@jane, whose comments hint they really really need a deep dive into cultures that discuss WhatMightGoWrong. )

jane400 - 628.4 fan (@[email protected])

960 Posts, 540 Following, 167 Followers · Hi, I'm doing way too much software in trains! I'm a #LinuxMobile enthusiast, pushing for using standardized technologies on the Linux Desktop, reverse engineering various things (like DHL parcel lockers uwu) You can find me in hackspaces with long transit stops in Germany :3 #BahnBubble

smolhaj.social

@InkomTech ok i'll try to clarify, since i don't think your quite understand my position....

THESIS: I am fundamentally ideologically opposed to legislating age verification into operating systems, for all the obvious fucked up dystopian outcomes that inevitably leads to. Maybe I should have put that in all caps or something because people really seem to want to misrepresent my position.

ANTITHESIS: Should age verification legislation get passed, we should not throw our distro maintainers and middleware implementers under the bus by getting mad at them for following the law (i mean unless they come out and say they actually think the legislation is good, in that case fuck em).

SYNTHESIS: we can oppose age verification laws without going after implementers for trying to avoid exposing themselves to fines. it's a rock and a hard place for distro devs and im kinda shocked that people seem to unwilling to acknowledge that reality.

Thanks for the condescending comments (and extremely weird call out of Jane??), i hope your irc buddies got a kick out of it(???)

i predict you either don't respond or hit me with an ad hominem, prove me wrong!

Val Packett 🧉Mar 20

@cas online nerd spaces these days apparently have never read the word "fallacy" in "slippery slope fallacy"

Jon A. Cruz Mar 20

@cas well, I just have to think back to US authorities arresting a Russian programmer for things they did while in Russia, that were legal in Russia, and were a technically trivial end-around a simplistic DRM.

Once the law is on the books, it is a tool against any "circumvention", especially at the behest of large companies.

@cas Have the projects received guidance from actual lawyers? It doesn't seem like the text of the legislation is final in a lot of jurisdictions. I don't know if anybody knows what interpretation or enforcement might look like either. If the devs' hands get forced then it is what it is, but it feels like an own goal to pre-comply too early.

@dvshkn i have no idea, but as far as i can tell the work so far is basically just laying the groundwork, nothing specific to the legislation

that being said, IANAL obviously but surely there has been prior art in this sense, at the end of the day are distros (that don't explicitly sell/ship their software in california in this case) even responsible for people who live there installing their software even if it doesn't follow local laws?

F4GRX SÃ©bastien Mar 20

@dvshkn @cas debian got one I think and it boils down to "just wait"

Lennart Poettering Mar 20

@cas i am waiting for the moment when these folks who partake in this misguided shitstorm learn about the kind of PII the good old GECOS field on Linux/UNIX carries...

And once people are over that the next shock waits for them! There's a file in /etc/ that contains a hash (i.e. a unique identifier!) of your most personal, private, secret data: your password. And linux systems even kinda insist on you on providing that on first install! Can you believe that?

Lennart Poettering Mar 20

@cas It's as if UNIX carries AN ENTIRE DATABASE of PII in /etc/ without any consideration for user's privacy! Unbelievable!

I think we all need to *demand* from Kernighan and Ritchie to immediately drop /etc/passwd and related files from UNIX, and stop helping the government with collecting this kind of data. It's really appalling that no one has called them out on this yet! The shock! The horror!

Lennart Poettering Mar 20

@cas i never trusted these people in the first place and boy was I right. I'll now move one of my machines to CrazyOS because it stores no PII at all. That will hurt Kernighan and Ritchie, Ha! CrazyOS will not store *any* PII, it's so good! It doesnt have a password (MS-DOS back in the day already had that, and it should be common sense), you just are let in right away. It's kinda annoying though that it has no $HOME to store data in, but of course that's cool, because that would be PII...

Lennart Poettering Mar 20

@cas right after installing CrazyOS I'll make a video of it and put it on TikTok, YouTube and Instagram of course (I really dig their services, I have accounts everywhere, ha!). Hey, did you hear the web folks have cookies! 🍪 Yummy! So good!

@pid_eins @cas I think the way the code change is motivated has some importance here.

Normally, in a FOSS project when some change is made it's to make things better for users. The change was requested by users, and doing the change makes users happy.

If instead you start motivating code changes with "we change this because of this-and-that law", then that does not feel right to me.

Perhaps many users do want the change, but in that case better refer to user demand instead of laws.

1/2

@pid_eins @cas I guess in some way it comes down to "who is the software for?"

A piece of libre software is for the users, it serves the user and does what the user wants (which may or may not be the same thing that lawmakers in some country want). It's not a tool for governments to enforce laws.

Of course, when there is a FOSS license users can always do what they want anyway. But saying that changes are because of laws risks giving the wrong impression.

Do you see what I mean?

2/2

@eliasr @pid_eins superficially sure that makes sense, if FOSS existed in a vacuum I'd be totally on board. But despite the efforts of many to create and share software while taking zero responsibility for the consequences of their actions, software still exists in the real world.

To be clear (though I think i said so in my post) im not in favour of governments imposing restrictions or requirements on software, these laws are arbitrary and almost as hard to define concretely as they are to enforce.

With that being said, if I may attempt to challenge your underlying assumptions here: how are the requirements of law different to the requirements of (for example) a security minded individual, or an enterprise customer?

I want to daily drive a Linux phone but I care a whole lot about security and implementation details basically mean to only way to implement a truly secure OS stack is to use proprietary "trusted apps" from Qualcomm to protect my OS encryption keys (think software backed TPM), I have no doubt in my mind that people may object to the idea of Linux loading proprietary trusted apps into the "secure world" to implement this functionality, but would you object to the kernel adding support for this because it might not be "what the users want"?

I guess im making two points here so i'll try to separate them:

1. At what point is a topic so technical that the opinion of an average user with minimal context shouldn't be trusted?
2. How do you in practice enforce that "libre" software is always serving "the users" without alienation and othering?

Like I personally am always pretty confused and occasionally frustrated by the systemd unit constraints system, did i want Requires= or BindsTo= or WantedBy= or Requisite= etc.... Similarly the fact that every openrc service file is a shell script is infuriating, does these mean these aren't libre projects?

And again, yes I think the laws are fucking dumb, i just think criticising systemd and XDG in particular is just virtue signaling here, not advocating for real change. I hope i don't just come across as contrarian, you're making a philosophical argument so I hope it's ok to respond in kind.

Wolf H. Art Mar 20

Is it virtue signalling though?
Can't it be plain frustration about the state and trend of the world in this matter?

Yes, it might be barking up the wrong tree.
But I think what many people are looking for is acknowledgement of that frustration, a feeling of being heard at least within *their* community. At least within libre FOSS.

How to respond to that is a choice.

> how are the requirements of law different to
> the requirements of (for example) a security minded individual,
> or an enterprise customer?

It sounds like you are assuming that the law is always good, that the state (making laws) is always good. I think taking a look around the world today makes it pretty clear that this is not the case. The state can be really bad, laws can be really bad.

1/?

Anyway I think you kind of missed the point I was trying to make: I am not critical of the code change itself, what I am critical of is the way it was presented.

To clarify precisely what I mean, it's the first sentence in this PR: https://github.com/systemd/systemd/pull/40954 which says:

"Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc."

I don't like that framing of the code change.

2/3

userdb: add birthDate field to JSON user records by dylanmtaylor · Pull Request #40954 · systemd/systemd

Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc. The xdg-desktop-portal project is addi...

GitHub

@cas saying "as required by recent laws" indicates a mindset that "what we do here is to implement laws. States make laws, we implement them. That is what this software is about: compliance with laws."

And I think such a mindset goes against the idea of free software.

> I hope i don't just come across as contrarian

I appreciate your answer, and I'm sorry I only answered parts of it!

@eliasr @pid_eins i think that's fair. I certainly don't think all legislation is inherently morally good, but neither is it morally bad.

still though im not a huge fan of prescribing motivations on maintainers

degenerating degenerate Mar 20

People are justified to raise an eyebrow about waving this through without any kind of compulsion. It affects the "Overton window" and enables the next steps that were too far away without it.

@pid_eins
What is your point, Lennart, if I may ask? I'm right now unable to grasp through the thick layers of irony here.

You mention a shitstorm and indirectly hint that cas could have, independent of willingness, become part of it.

What is the larger discourse that I am missing, despite PII, age verification and verified computing questions?
@cas

@pid_eins Bruh. Reconsider this thread. It’s an outburst of hyperbole. It misrepresents privacy advocacy, and tbh is not clever.

Katzengöre Fence Mar 20

@pid_eins @cas the ones that yap about it have no idea who those 2 people are I belive

d@nny disc@ mc² Mar 20

@pid_eins @cas UNIX wasn't installed on end-user computers, the same way end-user computers would be surprised that --delete-tmpfiles removes their homedir. i am impressed that systemd now realizes it's also used on people's laptops and not just containers but UNIX never had to deal with this because it was expensive and proprietary. least trustworthy thing i've ever read and i have no idea why cas feels the need to defend it at length. postmarketos marketing for a pos

d@nny disc@ mc² Mar 20

@pid_eins @cas if you read IBM and the Holocaust you learn people who provided false data to the nazi census were actually considered heroes https://en.wikipedia.org/wiki/Ren%C3%A9_Carmille

René Carmille - Wikipedia

@hipsterelectron i think i'm missing several layers of context to understand your point here tbh?? /gen

@pid_eins @cas I've actually had a bunch of teachers at uni who told us about PII in /etc/ and asked us if Linux was GDPR-compliant. We didn't had a definitive answer (it was mostly "no"), but neither did they.

@pid_eins @cas I don't think anyone is mad about the PII angle of things.
If you introduce a birthdate field without the background of age verification laws no one would bat an eye.
People are mad because this is complying with laws they believe should not be complied with. By introducing the field right now, in a PR specifically mentioning the age verification laws you are making a political statement.

The privacy angle is not something people care about as far as I can see and I think it's disingenuous to act like that's the main concern.

@pid_eins @cas personally I don't feel strongly that complying with these laws is wrong, but I do think you are misrepresenting/misunderstanding the other side of the argument

@pid_eins @cas the mockery really doesn't help...

penguin42 Mar 20

@pid_eins @cas I even have some sympathy for the big companies wanting to get this from the OS; they know there's no way that they can implement age verification on website access - kids will find a way arounf it and they'll still get blamed; this pushes the problem away from them.

vepř jako pepř Mar 20

@pid_eins most people arent entering any sort of information to be picked up in the GECOS field.

It's a serious concern, i understand theres alot of hurt going around, and that this cant be stopped within the bounds of linux when the state employs violence, but individuals are just that, not linux bound, and can pass into political life.. And ig people probably do think that centralised structures like systemd would have the most sway. And are probably hoping for a plan from such a centraliser.

Lennart Poettering Mar 20

@vepr_jako_pepr yeah, precisely, but why would you fill the birth date field then if you don't fill the gecos field either?

You know, the PR we merged only adds a field where the birthday *could* be stored, if you supply it. But that's entirely optional, and you have to go out of your way to provide it actually...

LiComAce 6d ago

@pid_eins @cas Tracks aren't built unless trains are planned to run on them.

@pid_eins @cas I use non-unique machine ID of whonix, I use "qwerty" as password, "user" as user and "localhost" as hostname" and Ubuntu so I'm not unique, no one can fingerprint me, losers /s

Brick Duck 3d ago

@pid_eins @cas What a bad faith misrepresentation.

@cas I mean, they did recently open themselves to "AI" coding, so trusted is a bit of a stretch.

@gourd eh don't get it twisted, claude didn't event reply to the review request on the birthDate MR

(for real though yeah constructive criticism is good, but don't be reductive about it)

medium rare bird Mar 20

@cas this is a canonical example of "complying in advance"

F4GRX SÃ©bastien Mar 20

@migratory @cas definitely a very bad look.

witch_t *navi Mar 20

@cas

> what would you have them do? Would you rather every desktop environment had its own way to store this data??

I'd rather they, and everyone, waits longer

system76 is trying to get US politicians to open exceptions for foss, laws in multiple states are contradictory, and in brasil there's lots of people trying to change that law as they see how bad it is

codifying an api for it now feels so premature and somewhat dangerous, bc what if what they implement is then not allowed in some other state or country?

haui ☭ 🇵🇸Mar 20

@navi
From a political perspective the government is like thick oil or tar.

You can push it with great effort (mass action) but the most important part is that you stand firm to stem the flow. The capitalists control the tables legs.

To comply with bad tendencies will make it easier later to implement worse laws since that is its historically materialist direction at the moment.

I suggest not fighting over this but partner with the eff or fsf for politics, and just do implementation
@cas

Wouter Verhelst 6d ago

@navi
Encoding a date of birth is so generic, and will be at the base of literally anything that tries to do any type of age related stuff that it's quite the stretch to call it "premature"...

What you do with that encoded date of birth and how you expose that, sure.

But storing it? Come now.
@cas

Vile Lasagna Mar 20

@cas honestly, having this be trivially by passable sounds like a wholly desirable outcome

F4GRX SÃ©bastien Mar 20

@VileLasagna @cas the mere existence of the system, bypassable or not, is extremely problematic. These half assed layws have to be fought against.

Vile Lasagna Mar 20

@f4grx @cas I agree these have to be fought against but malicious compliance is a way of doing it