Mastodawn

RE: https://social.treehouse.systems/@wwahammy/116264430375745593

I want everyone who says "this is the law, distros need to comply" I want you to explain a plausible set of circumstances to lead to the following:

* That the AG of California will sue a random Linux distro which has effectively no money
* Prove who the OS distributor actually is (is it the committers? Committers of what part? Their bank account with $12 in it?)
* Prove by preponderance of the evidence how many children used the OS in order to set the fines
* get a judge and jury to think this isn't a massive waste of their time
* That it isn't just a violation of the law but is a "negligent" or "intentional" violation
* all the while, the OS maker and everyone else having effectively zero knowledge of who uses it since there's no continuing relationship with users.

How does all of this happen?

Violet Madder 3d ago

I want everybody who even THOUGHT about saying that shit to sit down, take a good long hard look at their life, worldview, and way of thinking... and ask themselves why they looked at this whole twisted situation and felt the need to weigh in on the side of the bad guys as if there's any sense to it at all.

@wwahammy none of this is going to happen, not likely. Currently main Linux distros are graciously allowed to boot by Microsoft letting them use Microsoft-signed binary for the Secure Boot process. California AG could just facilitate uhm "cease of continuation" of this practice.

Eric Schultz 3d ago

@isagalaev why would the California AG do that? Seems like a waste of resources.

@wwahammy can't say. What I mean there's a simple technical way to coerce distros rather than a complicated legal one.

Eric Schultz 3d ago

@isagalaev it's not a non-zero risk and there's of course lots of issues with Microsoft controlling the SecureBoot crap. I don't think it's a major risk but really who knows?

@isagalaev @wwahammy Every PC out there has the option to disable secure boot, and BIOSs are very rarely updated. And even if California/the US or whoever passed a law to mandate always on secure boot, why would the mostly chinese and taiwainese motherboard manufacturers oblige ?
Ofc we need to fight back against all of this shit, but the PC should remain "free" for a while longer.

Tiota Sram 3d ago

@wwahammy also there's a simple and much better path to "compliance:"

https://kolektiva.social/@tiotasram/116265397059842400

Tiota Sram (@[email protected])

I've seen a bunch of "the CA age verification law is the best way to do a bad thing and so we shouldn't oppose compliance" takes, which others are rightly pointing out is a bad stance because it's blindingly obvious that compliance now sets the stage for compliance later and the clearly set up later is mandatory verification of age data. Even if you think that, for example, California's current "progressive" government won't go there, we're all currently seeing just how easy it is for a new government to pick up the oppressive tools the "good" government was using "restraint" with and put them to worse ends. On the other hand, I'll freely admit that distros *do* need a way to shield themselves from liability right now. The clear (to me; IANAL) correct solution is to say on your website "don't download this OS if you're in a jurisdiction where it's not legal for us to provide it."). Assuming this does put you in the clear liability-wise, it has several positive effects: - Stops zero people from downloading it. - Makes it clear that your project will not collaborate with fascists/oppressive regime enjoyers. - Means that when the next law makes verifying user ages mandatory (and/or explicitly requires using Palantir-adjacent services to do so) you've already got a strategy in place and there's no need for a "debate" in your "community" about compliance. - Gets users more practice with "the law is malicious/needlessly bureaucratic/oppressive; let's ignore it" which to be honest people in general clearly desperately need at this point. - Is the most effective political move if you want to resist the way things are going. Forcing the other side to explain why "California bans Linux" is good rhetorical strategy. Make *them* try to explain "well it's actually not so harmful since we let users set it themselves" and answer your follow-up "but what if next year the requirements change; I just refuse to go along with this slippery slope stuff and I'm not bothered if that means you want to *ban* me." #AgeVerification

kolektiva.social

1. The AG of California sues the biggest Linux distro because their real goal is destroying Linux, not age verification. The smaller ones will fall through legally questionable means, once the big ones who can resist are destroyed.
2. Debian has a committee, Redhat is a corporation, and they don't care who the OS distributor actually is. They'll incriminate some random Joe off the street, just to set a precedent, and then they can start sending threats and unlawfully raiding other organizations that distribute and maintain Linux. Because it'd probably hold up in court, so who'd risk fighting it!
3. Prove? All they have to do is get a jury who knows nothing about computers to feel like their children are in danger. And once they find a jury that mistakenly rules in their favor, that's precedent, so future juries who are saner or more prepared will be completely ignored since USA law is only based on precedent.
4. Easy for them to buy a judge. Their lawyers can finagle it to happen in the worst court and cherry pick the worst jury.
5. You don't think they intended to violate the law? They're trying to cook your children into stew! Are they guilty, or do you love dead children? Did we mention children?
6. Once the OS maker has been taken down, it doesn't matter who uses it, because all they can do is buy a proprietary OS, or have no computer. And a few will "break" the "law" but 99% of everyone else will get bullied into compliance, and those few will get locked out of everything in society, since the 99% won't even be aware that the locks are in place.

So uhh, this is a big deal. Also US law sucks sweaty monkey balls. It's true that assuming proprietary software giants like Microsoft, Apple and Google always play by the rules and never do anything in bad faith, then that California law can't possibly become a problem. No punishment awaits them for lawbreaking and cheating the courts though, nothing but either reward, or people complaining about it online and doing nothing until the corporation gets to try again.

Eric Schultz 3d ago

@cy the AG of California doesn't care about Linux. It's not an issue they have ever thought about or considered.

I bet the guy holding their leash sure does.

Luke T. Shumaker 3d ago

@wwahammy I want everyone who says "this is the law, distros need to comply" I want you to stop mentioning Colorado SB26-051 as law. It's not law, and no one needs to comply. Maybe it will become law, but it hasn't yet. Stop using it to put wind in your misguided sails.

@wwahammy I agree. It also there are at least two obvious targets: Red Hat and Canonical. It’s unlikely you can get anything from them but they are convenient targets to harass for headlines.

Rachel Rawlings 3d ago

@wwahammy Ironic that when I do a search for the developer making the PR the only thing I can find is him being doxed on Endchan. So that's two horrible things I learned about in the last five minutes.

Also, Andrew Cuomo killed Usenet while he was Attorney General of New York.
https://arstechnica.com/uncategorized/2008/07/ny-attorney-general-gets-more-isps-to-block-alt-newsgroups/

NY attorney general gets more ISPs to block alt.* newsgroups

New York's Attorney General has turned his initial efforts against online …

Ars Technica

Joe Cooper 🇺🇦 🍉3d ago

@wwahammy while I agree the default answer to every invasion of privacy should always be, "fuck you, make me", I suspect this one will be enforced by the same companies that lobbied for it. So, Facebook, YouTube, streaming services, seem very likely to start blocking systems that don't report an age. I would just stop using those services (though some would be painful), but it'd be pretty disruptive for most folks, I think. Same story as DRM in Firefox.

Eric Schultz 3d ago

@swelljoe the California AG is the one who can enforce the law. It doesn't make sense for them to sue random distros.

Joe Cooper 🇺🇦 🍉3d ago

@wwahammy yeah, as I said, I don't think it'll be enforced by law. I think it'll be enforced by the same companies that lobbied for the law. You want to visit Facebook, YouTube, TikTok? Gotta have an OS that complies. And, they'll have the law to point at when people get angry about it. Obviously the big operating system vendors will comply, so the ostracization of open source users would suit the billionaires just fine.

Sobri | Zoe (she/her)2d ago

@swelljoe @wwahammy we can just spoof it pretty easily. I bet it wouldn't be too hard their web apps.

Joe Cooper 🇺🇦 🍉2d ago

@cutesobri @wwahammy sure, so far it's just serving whatever you tell it your age is. And, with open source I can replace every component that gathers/shares personal data. But, it's obviously laying the groundwork for forcing users to identify themselves to use the web.

Sobri | Zoe (she/her)2d ago

@swelljoe @wwahammy we have already started building outside infrastructure with Mastodon and with Peertube. Eventually, we will have the infrastructure outside of YouTube, these are the spaces to wear. They stop being used. As long as we have a policy of civil disobedience to bullshit laws we will win

Sobri | Zoe (she/her)2d ago

@swelljoe @wwahammy imagine how much of a pain it would be to try and sue every bastard on instance, or every peer to instance, or every instance of any federated elwork. It would be the biggest pain in the ass. And because it's open source, as long as the instance has a copy of the source code mountain compiled, it's really fucking hard to erase the source code by attacking a get repository. Also, get kinda socks. So, if we build something so we can make like distributed changes like the source cut is mirrored across many different places and we can change it in a few places and like figure out how to manage that but have it so distributed it's hard to delete or attack that would be really useful.

Woozle Hypertwin 2d ago

If, say, FB started requiring systems to report birthdate, they'd have to get that information through the browser -- which would then have to be implemented by multiple vendors, and what's to stop them from just allowing you to enter whatever birthday you like? (For that matter, what's to stop a system user from filling in whatever birthday they like?)

This requirement looks to me exactly like a typical political "be seen to be doing something, even if it's really stupid".

Pavel Machek 3d ago

@wwahammy There should be some kind of free speech argument saying that you can't add restrictions for free software developers like this. (After all.... source code is very close to speech.)

@pavel @wwahammy this is fairly well-trodden territory. They can’t force open-source devs to implement anything, really.

But they CAN regulate what can be SOLD. So the “right” way for RH/Canonical/whoever to comply would be to only ship the required capabilities in Enterprise Desktop versions of their OS. (Arguably they don’t sell an OS at all, but that would be hard to convince a jury of, I bet.)

Then fight any attempt to enforce more than that.

Pavel Machek 2d ago

@calcifer @wwahammy I'm not US expert, and some coverage suggested this applied to "Johny developer places ISO images for download" situation. It is well possible coverage should have been more careful.

Eric Schultz 2d ago

@pavel @calcifer IANAL, but as I read the law, it regulates "operating system providers" which specifically includes any person or entity who develops an operating system for a general-computing device.

Sure sounds like it applies to any developer.

@wwahammy @pavel they clearly *intend* that coverage yes. But this sort of shenanigan has been tried before and has not stood up to challenges, precisely because it’s a free speech issue. It’s likely they made the law as broad as possible knowing full well the courts would limit it.

Pavel Machek 2d ago

@calcifer @wwahammy For the record, creating law that goes against constitution .... dunno, is that even legal? Sounds very wrong to me.

@pavel @wwahammy it is wrong, but it’s also how the system is designed so it’s not novel or surprising. Legislatures pass laws that conflict with higher laws (including the constitution) all the time. The judiciary acts as a check on that power.

Legislatures almost always have the ability to ask the judiciary to weigh in on proposed law, but they’re not required to do so.

Yes this whole thing is problematic, but also unlikely to change

@pavel @wwahammy for an example, legislatures have spent decades trying different variations on anti-abortion laws to test the boundaries of Roe v Wade — and they did this long before the conservative court that overturned such precedent was in power.

@wwahammy personally if I was living in California and working on an OS I would not like to fuck around and find out.

Even winning a court case is likely to be expensive, I would expect. And even if winning is possible I wouldn’t want to gamble my life savings on it.

Obviously I don’t like it, but that doesn’t mean it’s unreasonable to take it seriously.

And I think it would be particularly unreasonable of me to demand that others bear the risk of non-compliance, given that it’s not me who’s getting sued. If someone who is at risk of legal consequences themselves is willing to refuse to comply, then great! But I have no right to expect that of anyone.

Simon Zerafa (Status:

They will go after a larger distro or system vendor with a reputation and a modest bank balance first.

System 76 or similar so they can scare everyone else into following along with their stupid legislation.

The better short term option is to ban everyone in California (and other jurisdictions with such stupid laws) from using the OS. No sales, supply and no ongoing support. Explain clearly why.

Then go for malicious compliance in the way that Ageless Linux is presenting.

Eric Schultz 3d ago

@simonzerafa I would be beyond shocked if they targeted any one other than Valve. There's no gain.

But I agree on the malicious compliance plan.

Simon Zerafa (Status:

Valve have already indicated they will fight. Would they take on that challenge given they have deep pockets?

Small and medium-sized first without lots of resources to fight back 😕

Eric Schultz 3d ago

@simonzerafa why would the California AG bother suing the small ones though? It's a lot of work for no gain.

Andrew Furrow 2d ago

@wwahammy thank you for saying it.

I’m very sick of seeing corpo-sponsored repos staging code to comply with this horse shit.

Frankly I don’t want to use anything that complies.

Move your code outside the jurisdiction and resume life.

If you disagree with me on this, fuck off forever, you’re not needed.

dr 🛠️🛰️📡🎧

blobfoxcomputer

@wwahammy wow. talk about rushing pell mell to pre-comply with fascists

Mre. Dartigen [maker mode]2d ago

@wwahammy I'm thinking that the most likely scenario is that someone got some questionable legal advice (either through the grapevine, or from a lawyer not in the least bit familiar with the software/OS side of things), panicked, and then their panic has been amplified. And/or too aggressively covering their butts.

Granted, I'm not a lawyer either. But I'd want to see the opinions from some actual lawyers who are also familiar with how Linux distros work and how software development works, who can give a clearer picture of whether this is ridiculous over-compliance likely to cause more trouble than good (which is what it seems like to me) and what anyone involved in development would actually need to do (if anything at all) to be compliant.

(If it's not the case though, then I'd also want to hear what the options are. Because this just screams being set up to find out just how expensive it can be to comply with privacy laws - especially if you're an individual or not making any money out of it. And the penalties for breaching privacy laws can also be pretty scary.)

⁂ Fish Id Wardrobe 2d ago

@wwahammy it's probably *against* the law here (UK) and in europe. the law being GDPR, depending on the details