Yes but I’ll try to expand on that for anyone not in the know.

In general there’s been a wealth of info about users but you didn’t necessarily need info in there. Like GECOS where you can store the full name, phone numbers, etc.

These are simply fields made available but not required. Systemd is making it available but your OS itself doesn’t need to use it at all.

Now I personally very much disagree with all this age verification BS but systemd isn’t really doing anything extreme here nor unprecedented.

Yeah it’s insane. I wrote up a complaint in another thread but I think the OP realised how terrible it was because it was deleted by the time I hit submit. That particular post was utter trash, not even attempting to maintain a reasonable tone or look at the situation dispassionately. Its lede literally read:

Dylan, useful idiot with commit access, pushed age verification PRs to systemd, Ubuntu & Arch, got 2 Microslop employees to merge it, called it ‘hilariously pointless’ in the PR itself, then watched Lennart personally block the revert. Unpaid compliance simp.

And frankly, the author of that sort of hit piece should be ashamed of himself. Far, far more than Dylan should.

It’s such a dumb thing to whinge about. Age verification is not a bad thing! What’s bad is age verification that is implemented in a way that either requires, or significantly increases the chances of people’s privacy being violated. Requiring people to upload photo ID directly to sites, or to third-party “trusted age verification partners”. Or trusting bullshit AI face-detection age verification.

Age verification that’s implemented by asking parents to…y’know, actually *parent*, and helping them to do that by giving them tools like OS-level parental controls, enforced through operating system and browser APIs that we mandate apps and websites use, *is the way to go*. The OS should expose to apps, and browsers expose to websites, only the simple answer to the question: “is the current user of a legal age to access this content?” as a boolean value, based on information stored in the OS by parents setting it. No fancy technology. No privacy invasion. Just simply giving parents the tools to help them do their job.

There are more complicated technical solutions that could be used. Things involving repeated hashes or blind digital signatures. But these are only appropriate if we pre-suppose that the government needs to strictly enforce it by requiring IDs or other sensitive information be used to age verify. And these solutions help minimise the risk by eliminating the connection between the age verification and which sites are being accessed (so the verifier can’t see what sites the verifyee is viewing, and the sites can’t see who the person being verified was, only that they were verified). And you don’t need to go even that far. Because the best solution is right down on the user’s device, with a simple setting that parents can set.