Ridley @ WATCH LYCORECO1d ago
I see so many people making a huge deal out of linux stuff adding support for the california age thing, and I'm like. you know basically every online service has been required to ask for your age since 1998? this is literally just "at account creation, the device owner can set an age field. to whatever they want. and then apps can query that instead of asking themselves."
you can set it to the unix epoch if you want
Show thread✧✦Catherine✦✧1d ago
@rcombs yeah i really don't get it
Show thread✧✦Catherine✦✧
@rcombs everyone knows young people will lie about their age. this enables them to lie about their age very easily. why the fuck would you put up a fuss about it
Mar 21 at 2:41amWeb
Show threadCassandrich1d ago
@whitequark @rcombs I think there are two aspects here. One is the matter of unknown and untrusted folks inserting themselves into projects eagar to comply in advance. This expresses a disempowerment of communities and a surrender of editorial control to a fascist government. From this perspective, it's the statement of values that matters more than any practical effect.
Show thread✧✦Catherine✦✧1d ago
@dalias @rcombs how is it "in advance" if there are laws about it today?
Show threadCassandrich1d ago
@whitequark @rcombs Is that a serious question? There is no law that says that we as the authors of a program have to modify it to behave in a certain way. If there is, it's unconstitutional. Even if it weren't, we wouldn't comply. It's complying in advance if nobody is holding a gun to your head or putting handcuffs on your wrists. Governments do not decide what we can write.
Show threadCassandrich1d ago
@whitequark @rcombs Even as a Linux business not up for civil disobedience, it's complying in advance if you don't go to court, either waiting for the state to take you to court, or preemptively suing to block enforcement. You wait until a court rules that you have to comply to do it (and then you deal with the fact that the upstream FOSS projects won't comply, so you have to maintain your own patches to comply, and you can use that hardship to help your case in court) rather than just agreeing to do it to begin with.
Show threadRidley @ WATCH LYCORECO1d ago
@dalias @whitequark it is absolutely absurd to demand this course of action (at great expense and risk) of a business whose lawyers say "yes this is most likely constitutional, yes you're required to comply"
Show threadRidley @ WATCH LYCORECO1d ago
@dalias @whitequark like, even if you *did* intend to take this to court, the correct de-risk is clearly to implement the extremely simple required API in advance, so you can roll it out quickly and not end up in contempt if the court case doesn't go your way
Show thread✧✦Catherine✦✧1d ago
@rcombs @dalias also it's not "civil disobedience" if your ass is not on the line
Show threadCassandrich1d ago
@rcombs @whitequark No, you don't get contempt for taking reasonable time to comply with a court order.
Show threadRidley @ WATCH LYCORECO1d ago

@dalias @whitequark you may well get the fine if the court rules against you and you'd been out of compliance the entire time without a preliminary injunction in place (and who knows if a court would grant one for this)

this is not risk any business should be expected to take

Show threadEric Schultz1d ago
@rcombs @dalias @whitequark where are these businesses related to desktop Linux that are going to be sued by the California AG and in which the AG can prove with a preponderance of the evidence the number of children affected by negligent violations? The fine depends on that.
Show threadRidley @ WATCH LYCORECO1d ago

@wwahammy @dalias @whitequark the most obvious candidate is Valve? and I'd expect it'd be very possible to come up with cases for Canonical and perhaps Framework

the preponderance of the evidence standard simply means "more likely than not", and any competent AG is going to be able to convince a judge or jury that at least a few thousand kids have probably used Steam Decks in California

Show threadEric Schultz1d ago

@rcombs @dalias @whitequark Valve, totally agree on, they'd be screwed and I get why they'd comply.

I don't see how they could plausibly count the other ones and more relevant, why would the AG of California use its limited resources to do so? It doesn't make sense.

Show threadCriss "The Crisses" Xes1d ago

@wwahammy @rcombs @dalias @whitequark

Agelesslinux.org

An installer to strip age verification (out of systemd for example), reply to requests with noncompliance, and distributing tiny devices with anti-age-verification distro at events… in other words someone baiting a court case specifically to make a point. Probably wants a swift ride to SCOTUS. 👍

Show thread✧✦Catherine✦✧1d ago

@dalias @rcombs it is my understanding that the UK Online Safety Act is this law and the UK government is very much ready to put you in jail for not following it

exactly how they want you to comply is... i'm not sure anyone really understands that clearly, but i don't think it is a matter of debate whether the law exists.

Show threadCassandrich1d ago
@whitequark @rcombs That law is about online service providers not operating systems you run on your computer. It's not related to this.
Show threadnatan1d ago
@dalias @whitequark @rcombs Brazil's law requires OSes to implement age APIs
https://www.planalto.gov.br/ccivil_03/_ato2023-2026/2025/lei/L15211.htm (^F "Application Programming Interface")
Show thread✧✦Catherine✦✧1d ago
@natanbc @dalias @rcombs if this is not done, which party is the liable one?
Show threadCassandrich1d ago
@whitequark @natanbc @rcombs This isn't an answer in terms of case law there, but in general, we have long held that writing FOSS is expression, and that while building products (physical things, preinstalled systems, maybe automated installations? etc.) out of it might be subject to laws and regulations, nobody can tell us what we can or cannot write upstream. This is a principle we should continue to fight for. If we lose it we will regret that.
Show thread✧✦Catherine✦✧1d ago
@dalias @natanbc @rcombs this is the most america-centered thing i've read this month
Show thread✧✦Catherine✦✧1d ago
@dalias @natanbc @rcombs you obviously can just ignore non-US law as a US resident and that's valid and sometimes strategically useful, but in a case like this it starts to sound awfully like shifting liability to people who are in a worse situation to begin with
Show threadRidley @ WATCH LYCORECO1d ago
@dalias @whitequark @natanbc okay? but clearly a lot of downstream consumers are going to need the facility, so providing a standard (optional!) interface for it is prudent as an upstream infrastructure maintainer, to avoid obvious painful fragmentation?
Show threadEric Schultz1d ago
@rcombs @dalias @whitequark @natanbc why do I, as a user of Linux, want to make that easy? That's actually the opposite of what I think is the best idea.
Show threadnatan1d ago
@whitequark @dalias @rcombs From my reading, the OS provider would be held liable. The law does allow a simple warning at first, but it's up to a court and intent counts, so not implementing it intentionally would likely remove that option from you (^F "Art. 35" for the relevant part)
Show thread✧✦Catherine✦✧1d ago
@natanbc @dalias @rcombs right, that makes sense, but who is "the OS provider" legally speaking, if let's say you download Debian from ftp.debian.org? is it the org that runs ftp.debian.org? is it the individual developers of the software? is it the person who gave you the link?
Show threadnatan1d ago
@whitequark @dalias @rcombs No idea, the law barely even mentions OSes, I doubt they ever considered anything other than Windows/macOS when writing that part of it. There's some room for arguing in court in the case of a Linux distro or similar on the basis of social purpose, but that's still lawyers and $$$
Show threadchozu v1.2.01d ago
@whitequark @dalias @rcombs specifically the california law goes into effect on "January 1, 2027", according to https://lwn.net/Articles/1062112/, and that was at least what triggered this being discussed widely online
California's Digital Age Assurance Act and Linux distributions

A recently enacted law in California imposes an age-verification requirement on operating-syste [...]

LWN.net
Show threadCassandrich1d ago
@whitequark @rcombs The other aspect I've seen someone else express better than I can, but I don't have the link handy. Basically, that this is a "boiling the frog" situation. Incrementally demanding more control to take away anonymity and access for people without proof of identity/age, with each incremental push seemingly having very little practical impact beyond the previous.
Show threadkhm1d ago
facebook, google, tiktok, etc are tired of losing money to COPPA fines and this is their method of shifting the liability back onto the user

immediate and unquestioning compliance is critical to ensuring that even if the laws get fixed or repealed, they can continue to claim in court they're not liable for violating children's rights because these systems 'are everywhere'

CC: @[email protected] @[email protected]
Show threadcinap_lenrek15h ago
i wish people would have taken your suggested attitude towards secureboot...

now we live in a world where bootloader projects are dependent on and fearful of microsoft revoking their computer license. and google is just unilaterally killing installing unsigned programs on the computer. linux folks, freedesktop and systemd scrambeling to build the shadowrun dystopia...

and its always in the name of security.

CC: @[email protected] @[email protected] @[email protected]
Show threadAlice Averlong🏳️‍⚧️1d ago

@whitequark @rcombs yeah, I've been lying about my age online since I was 24!

(in 1998. I was born in 1984)

Show threadSpider1d ago
@foone @whitequark @rcombs I’ve been born on 1901-1-1 for a long time. Unless it was 2-2-1922 for some stupid reason. It was a bad year to be born but I’m generally of age.
Show thread/usr/local/goth @ home1d ago
@whitequark @rcombs I still remember the advice on the Internet was never share your real name, age, and where you live.
Show thread✧✦Catherine✦✧1d ago

@ladytel @rcombs people can now one-shot you if you don't blur your wifi network name in every single screenshot without fault :(

ship's kind of sailed now that we have these gigantic geolocated machine identifier databases

Show thread/usr/local/goth @ home1d ago
@whitequark @rcombs yeah it's a real shame :/
Show threadchozu v1.2.01d ago
@whitequark @rcombs because people who should know better are uncritically treating the law as sacred (which is a similar error to treating license text as code rather than trying to understand legal process and so on) and caring about things like "the best way to empower parents" (even in the context of absolute minimal legal compliance! quote is from https://lwn.net/Articles/1062112/)

I agree that the concrete thing is relatively meaningless so perhaps I still have too much remnant naive faith that people who should do actually know better (which is saying something since I hardly have a lot of that to begin with)
California's Digital Age Assurance Act and Linux distributions

A recently enacted law in California imposes an age-verification requirement on operating-syste [...]

LWN.net
Show threadchozu v1.2.01d ago
@whitequark @rcombs there's a kind of person who can't think of anything worse than "that's _illegal_!"

there's a kind of person that will implement anything they can find (see e.g. various open source graphics stuff where hdcp was implemented or argued about, probably widevine in browsers is a similar thing), bonus points if you get "but it's a _standard_!"

there's a kind of person who believes that children do not deserve rights etc

these recent discussions feel like the confluence of these things, even if the actual concrete changes are not meaningful, and maybe that's just trivial in the sense that it's just reminding me that the world is a certain way, and it was already like that, but I think that empowering those kinds of people is worth complaining about, and I do not want people who want to "empower parents" to feel welcome in my vicinity