Mastodawn

Sarah Jamie Lewis

The extent to which core linux projects are laying the groundwork for age verification is very concerning.

I understand why some believe they are compelled to do so, and why others feel that it may be better to implement the most minimal conforming implementation in the hopes of fending off something worse.

But the line must be drawn such that no threat can obligate an OS to collect/store personal information - without that freedom, we face an uphill fight to protect general purpose computing.

Sarah Jamie Lewis Mar 21

IMO the most concerning part of these laws is still the obligations imposed on developers rather than the OS side.

But I didn't anticipate the speed to which system developers would move to implement and accept these awful proposals.

https://mastodon.social/@sarahjamielewis/116212470386958367

Calamity Joan 😷Mar 21

@sarahjamielewis

"Do not obey in advance" has fallen on deaf ears, apparently.

Kirtai 🏳️‍⚧️Mar 21

@sarahjamielewis
It's very corporate feeling.

★ Amy Star ★Mar 21

@sarahjamielewis don't worry, the lead dev made the technofascism machine review it for him :)

Kirtai 🏳️‍⚧️Mar 21

@AmyZenunim @sarahjamielewis
Ewww.

George Liquor, American Mar 21

@AmyZenunim @sarahjamielewis jfc

Karl Heinz Häsliprinz Mar 21

@sarahjamielewis ... The nightmarish idea of having to fork linux core.

@sarahjamielewis

I wonder why I'm not surprised that people like Pottering are complacent about this situation.

And it's no surprise that the core distros are complacent either, given how they've been infected by certain schools of thought...

Then there are those who still have the nerve to say that systemd isn't trying to take over all the functions of an OS...

Simon Zerafa Mar 21

@sarahjamielewis

It's a fairly binary option, comply with the law as written (as best as it can be interpreted anyway) or simply ignore it and see what happens.

If those who are considered to be in violation are prepared to accept the consequences then they should do so.

They would have my support for resisting a stupid and illogical law.

systemd for all of its many faults is making a beginning for those who wish to build a framework. It's not mandatory. I don't see how any version of Linux could force this issue.

For one, I am looking with interest at the Ageless Linux strategy which any version of Linux could adopt as a way to achieve malicious non-compliance.

@simonzerafa @sarahjamielewis I’m really annoyed how this is framed as „law compliance”.

Law doesn’t require an init system to do this shit. Law could be satisfied by a separate service left to rot by everyone else on the planet.

Glen T, heated, not stirred Mar 22

@slotos @simonzerafa @sarahjamielewis The law is very clear on what a computer program should not do when storing 'sensitive personal information'. If this ships to Australia you can be sure I'll be pointing that out in my complaint to the Privacy Commissioner.

@glent @simonzerafa @sarahjamielewis If you’re on a bleeding edge distro, you might have a case already.

Glen T, heated, not stirred Mar 22

@slotos @simonzerafa @sarahjamielewis That's not the best way to come at this. Purchase the OS, do a clean install. Make it easy for the regulator to understand.

Simon Zerafa Mar 22

@glent @slotos @sarahjamielewis

The US has already indicated that their previous child protection legislation, in this area won't be enforced, for compliance with the new age gating nonsense.

Austria, UK etc will do the same 🙄🤦‍♂️

The best solution so far is malicious compliance. User post-OS install modification or set a default date of 01/01/1970 and have done with it.

@sarahjamielewis i think what many of "us" (free software likers who are not involved in OS dev its self) have realized in this is how exposed to these demands it actually is.

for a long time i had a fantasy version about how these things are produced, maybe influenced from how open source worked in web development; a lot of light touches building something without much funding. but for linux so much of it is really done through paid development by people working at big companies, and they are quite unempowered to do anything about these decisions other than quit outright.

or maybe better said it's that there is no preexisting whisper network or informal understanding of solidarity on these issues among the people most deeply involved in implementation, so there's not really any muscle to be flexed and push back as a group?

@sarahjamielewis I fear that part of the reason for this is the developer mindset. They see a new problem that they can solve so they start working on it without thinking if they should build this in the first place.

Cassandrich Mar 21

@johan @sarahjamielewis This is why a maintainer's most important job is to say no.

@dalias @sarahjamielewis True but this happens a lot too in non FOSS environments. You have to really hope you have a product owner who thinks about whether the new feature is actually useful

Fluffy Kitty Cat Mar 23

@johan @sarahjamielewis they only.l thing they should be working on is circumventing age verification

@fluffykittycat @sarahjamielewis I agree but that’s not an interesting engineering challenge so they won’t

Alex Lohr (RIP Natenom)Mar 21

@sarahjamielewis I think the best way to go is to make this a) fully optional and b) as loosely coupled to the system as possible. Next, we need to look into licensing to ensure that if we provide a system meant for the rest of the world w/o age verification, that we can get any legal costs back from users who used it in a country w/ age verification.

@sarahjamielewis The fact that they’re writing even one line of code for it is concerning already.

craignicol Mar 21

@sarahjamielewis given how many Linux machines have no human users for their entire lifecycle that does seem like a solution to a problem that will never exist.

@sarahjamielewis as uncommon as this scenario may be, but I hate that it adds a barier for people who tinker with OSs and publish them online. I hate the feeling that it's assuming that OS development has to be centrilized so that those central entities can be held accountable, I'm affraid that it would set a precedent for adding regulating open source passion driven projects

maya_b 🇨🇦Mar 21

@sarahjamielewis

there's also a line to be drawn - appliances often have a small rtos in them, I saw a firmware gig for a gaming mouse that used zephyr - so will we need age verification to make popcorn in a microwave? (my microwave already has a mandated child safety door lock which is super annoying)

never mind that all these age verification mechanisms will be circumvented by any determined 12 yr old (or younger)

Brian Allbee Mar 21

@sarahjamielewis for whatever it might be worth, this particular effort looks to have been rolled back.

So far.

https://github.com/systemd/systemd/pull/41179

Edit: as noted later, this doesn't seem to be the case after all -- the request was closed, not merged. 🤬

Revert "userdb: add birthDate field to JSON user records (#40954)" by paramazo · Pull Request #41179 · systemd/systemd

This reverts commit acb6624, reversing changes made to ba1caf0. Revert "userdb: add birthDate field to JSON user records (#40954)" After extensive community discussion, legal review and c...

GitHub

Rosa Aeterna Mar 21

@BrianAllbee @sarahjamielewis That PR looks to have been closed rather than merged, with Poettering seeming to be clear in his opinion that they're overreacting.

Brian Allbee Mar 21

@rosaaeterna @sarahjamielewis yah, I missed that. My fault, I won't even blame the UI on my phone. 😉

Drew 🇵🇭Mar 22

@rosaaeterna @sarahjamielewis @BrianAllbee Well fuck #Poettering and, as of now, fuck #systemd.

Evelyn Estelle Mar 21

@BrianAllbee @sarahjamielewis For me the merge of the revert seems closed, so despite it saying that "we agreed" it looks like the revert did not go trough.

Brian Allbee Mar 21

@dragonfi @sarahjamielewis well, crap. I missed that.

Good catch.

Q. Edwards Mar 21

@sarahjamielewis I don't know if you're familiar with Steam. It requires a sort of age verification to view a video games page. You have to select a birth date to comply with regulations similar to what's happening here. Most folks just scroll down to 1945 or something insane allowing them to view the content and also screwing up any real data. I think this will be the compromise moving forward unless some sort of visual age verification or ID turns out to be a requirement.

Fluffy Kitty Cat Mar 23

@the_q @sarahjamielewis they will. They'll scare us with the "dangers" of "insufficiently strict age verification"

Fluffy Kitty Cat Mar 23

@the_q @sarahjamielewis and by "dangers" they mean "my kid I'd trying to do conversion therapy on saw something trans-affirmative" and "my kid saw footage of the genocide I'm doing"

@sarahjamielewis
I can't find myself objecting to a ~/YOB file.

John Timaeus Mar 21

@quoidian @sarahjamielewis

I can. That means that all apps need to be able to read from my home directory

@johntimaeus @sarahjamielewis
most apps do read and write, perhaps not execute, in the home directory, don't they?

John Timaeus Mar 21

@quoidian @sarahjamielewis

Most, yes. Typically interacting with sub directories that are easily tightened with selinux.

To be compliant with the CA law, by my understanding *every* application would need to access the birthday data.

Which then raises the next stupid question raised by this stupid legislation:
What is an application?
Does it include vi, less, and curl? All of these can be used to browse the Internet. What about image rendering software?
What if I 'sudo /usr/bin/google/chrome'?
When was root born?

The whole thing is completely dum-dum idiocy, pushed on lawmakers under the "think of the children" banner by techbros who dream of a day when all compute is rented by the minute.

Zazzoo 🇨🇦Mar 21

@sarahjamielewis Can't wait until we start seeing encryption locks on motherboards /s

fhenshib Mar 21

@sarahjamielewis A problem is that opposition is necessary, but no single person or project can be blamed for feeling forced to comply. Backlashes can hit hard.
Developers and distros should agree on a shared, strong response. Such as: "If the law passes, we will stop distributing to the USA and prevent users there from using our illegal software through updates that will brick their devices, including servers". "Malicious" compliance along those lines could raise corporate lobbying for repeal.

Orca 🌻 | 🎀 | 🪁 | 🏴🏳️‍⚧️Mar 21

@sarahjamielewis
systemd's development has been guided by huge conglomerates, targetting use cases in cloud, large clusters and hyperscalars, for at least a few years already.
They're not "compelled to do so", they're doing what spineless corporations do all the time: offering compliance happily in advance.

Lars Marowsky-Brée 😷Mar 21

@sarahjamielewis Expecting corporations or commercial entities (which includes the Linux Foundation) to resist government regulations is bound to disappoint.

The people to blame are those that passed the laws.

@sarahjamielewis I knew I'd regret systemd at some point. Time to go back to init scripts. (Yes, I know the problem is much bigger and more widespread than systemd, but it's pissing me off in particular because it's not even the OS or a distro, and yet they're rushing to comply)

@sarahjamielewis the only valid action is to #RefuseToComply and ban the #Cyberfascists who push that shite publicly!

Make them known for that so noone will ever hire or accept them in their projects!
- Refuse to work with/for them (in the same company/project) until they have undone harm caused WIT INTEREST!

https://infosec.space/@kkarhan/116270391364999713

Kevin Karhan :verified: (@[email protected])

@[email protected] thus the only valid reaction is to *proactively refuse to comply* and *actively sabotage such #cyberfascist efforts! - I mean, what's next? - #Russia's #Roskomnadnozr demanding *"#KYC"* of #Users for using #WiFi chipsets? - *"P.R."* #China's *"Cybersecurity Administration"* demanding system-wide blocking of #VPN & @[email protected] / #Tor? Just like noone should comply with that #cyberfascism, so should noone comply with #US-based cyberfascism either! - Use #Monero and give #ITAR the finger… - Refuse to finance #terrorism by refusing to create taxable revenue for U.S. corporations! I certainly won't comply with cyberfascism in @OS1337 and any *"#AgeVerification"* is #fascist bullshit under false pretense that needs to be outlawed!

Infosec.Space

@sarahjamielewis

It is worrying how powerful one useful idiot can be.

https://www.sambent.com/the-engineer-who-tried-to-put-age-verification-into-linux-5/

The Engineer Who Tried to Put Age Verification Into Linux

Dylan, useful idiot with commit access, pushed age verification PRs to systemd, Ubuntu & Arch, got 2 Microslop employees to merge it, called it 'hilariously pointless' in the PR itself, then watched Lennart personally block the revert. Unpaid compliance simp.

Sam Bent

@sarahjamielewis and... colour me surprised:

https://www.gadgetreview.com/reddit-user-uncovers-who-is-behind-metas-2b-lobbying-for-invasive-age-verification-tech

Any open source project that's jumping on board the age verification train better be rethinking that decision.

Reddit User Uncovers Who Is Behind Meta’s $2B Lobbying for Invasive Age Verification Tech

Meta funneled $2B through nonprofit shells to push age verification laws targeting Apple and Google while exempting its own platforms from surveillance requirements.

Gadget Review

Fluffy Kitty Cat Mar 23

@sarahjamielewis normalization is dangerous and sets up the next step. We know age verification is designed to hurt LGBT kids, no meet to debate. Don't comply in advance. Make them sue and embarrass themselves

https://agelesslinux.org/index.html join the resistance

Ageless Linux — Software for Humans of Indeterminate Age