Mastodawn

people on reddit are doing a whole lot of yapping about age verification in Linux

I would generally agree that the whole approach of these laws is total dogshit and clearly a wedge issue to enable stricter surveillance laws in the future

at the same time though, the actual implementation and potentially having a portal which exposes the users age bracket seems totally reasonable as a way to implement parental controls... I'm also not totally against holding service providers to higher standards for data processing when it comes to minors, and hey if they're doing that why shouldn't adults get the same treatment?

what im totally miffed about though is why the fuck would you get mad at systemd for adding a birthDate field to userdb, what would you have them do? Would you rather every desktop environment had its own way to store this data??

An XDG portal for this also means you can *trivially* write a stub that always identifies you as an adult or even lets you pick per-app (heck maybe per website! that might be the new cursed way of avoiding trackers under late stage capitalism)

and yeah it sure would be shit if we get real-id laws in a few years, but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone. The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!

dylanmtaylor 1d ago

Lennart Poettering

@cas i am waiting for the moment when these folks who partake in this misguided shitstorm learn about the kind of PII the good old GECOS field on Linux/UNIX carries...

And once people are over that the next shock waits for them! There's a file in /etc/ that contains a hash (i.e. a unique identifier!) of your most personal, private, secret data: your password. And linux systems even kinda insist on you on providing that on first install! Can you believe that?

Lennart Poettering 4d ago

@cas It's as if UNIX carries AN ENTIRE DATABASE of PII in /etc/ without any consideration for user's privacy! Unbelievable!

I think we all need to *demand* from Kernighan and Ritchie to immediately drop /etc/passwd and related files from UNIX, and stop helping the government with collecting this kind of data. It's really appalling that no one has called them out on this yet! The shock! The horror!

Lennart Poettering 4d ago

@cas i never trusted these people in the first place and boy was I right. I'll now move one of my machines to CrazyOS because it stores no PII at all. That will hurt Kernighan and Ritchie, Ha! CrazyOS will not store *any* PII, it's so good! It doesnt have a password (MS-DOS back in the day already had that, and it should be common sense), you just are let in right away. It's kinda annoying though that it has no $HOME to store data in, but of course that's cool, because that would be PII...

Lennart Poettering 4d ago

@cas right after installing CrazyOS I'll make a video of it and put it on TikTok, YouTube and Instagram of course (I really dig their services, I have accounts everywhere, ha!). Hey, did you hear the web folks have cookies! 🍪 Yummy! So good!

@pid_eins @cas I think the way the code change is motivated has some importance here.

Normally, in a FOSS project when some change is made it's to make things better for users. The change was requested by users, and doing the change makes users happy.

If instead you start motivating code changes with "we change this because of this-and-that law", then that does not feel right to me.

Perhaps many users do want the change, but in that case better refer to user demand instead of laws.

1/2

@pid_eins @cas I guess in some way it comes down to "who is the software for?"

A piece of libre software is for the users, it serves the user and does what the user wants (which may or may not be the same thing that lawmakers in some country want). It's not a tool for governments to enforce laws.

Of course, when there is a FOSS license users can always do what they want anyway. But saying that changes are because of laws risks giving the wrong impression.

Do you see what I mean?

2/2

@eliasr @pid_eins superficially sure that makes sense, if FOSS existed in a vacuum I'd be totally on board. But despite the efforts of many to create and share software while taking zero responsibility for the consequences of their actions, software still exists in the real world.

To be clear (though I think i said so in my post) im not in favour of governments imposing restrictions or requirements on software, these laws are arbitrary and almost as hard to define concretely as they are to enforce.

With that being said, if I may attempt to challenge your underlying assumptions here: how are the requirements of law different to the requirements of (for example) a security minded individual, or an enterprise customer?

I want to daily drive a Linux phone but I care a whole lot about security and implementation details basically mean to only way to implement a truly secure OS stack is to use proprietary "trusted apps" from Qualcomm to protect my OS encryption keys (think software backed TPM), I have no doubt in my mind that people may object to the idea of Linux loading proprietary trusted apps into the "secure world" to implement this functionality, but would you object to the kernel adding support for this because it might not be "what the users want"?

I guess im making two points here so i'll try to separate them:

1. At what point is a topic so technical that the opinion of an average user with minimal context shouldn't be trusted?
2. How do you in practice enforce that "libre" software is always serving "the users" without alienation and othering?

Like I personally am always pretty confused and occasionally frustrated by the systemd unit constraints system, did i want Requires= or BindsTo= or WantedBy= or Requisite= etc.... Similarly the fact that every openrc service file is a shell script is infuriating, does these mean these aren't libre projects?

And again, yes I think the laws are fucking dumb, i just think criticising systemd and XDG in particular is just virtue signaling here, not advocating for real change. I hope i don't just come across as contrarian, you're making a philosophical argument so I hope it's ok to respond in kind.

Wolf H. Art 4d ago

Is it virtue signalling though?
Can't it be plain frustration about the state and trend of the world in this matter?

Yes, it might be barking up the wrong tree.
But I think what many people are looking for is acknowledgement of that frustration, a feeling of being heard at least within *their* community. At least within libre FOSS.

How to respond to that is a choice.

> how are the requirements of law different to
> the requirements of (for example) a security minded individual,
> or an enterprise customer?

It sounds like you are assuming that the law is always good, that the state (making laws) is always good. I think taking a look around the world today makes it pretty clear that this is not the case. The state can be really bad, laws can be really bad.

1/?

Anyway I think you kind of missed the point I was trying to make: I am not critical of the code change itself, what I am critical of is the way it was presented.

To clarify precisely what I mean, it's the first sentence in this PR: https://github.com/systemd/systemd/pull/40954 which says:

"Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc."

I don't like that framing of the code change.

2/3

userdb: add birthDate field to JSON user records by dylanmtaylor · Pull Request #40954 · systemd/systemd

Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc. The xdg-desktop-portal project is addi...

GitHub

@cas saying "as required by recent laws" indicates a mindset that "what we do here is to implement laws. States make laws, we implement them. That is what this software is about: compliance with laws."

And I think such a mindset goes against the idea of free software.

> I hope i don't just come across as contrarian

I appreciate your answer, and I'm sorry I only answered parts of it!

@eliasr @pid_eins i think that's fair. I certainly don't think all legislation is inherently morally good, but neither is it morally bad.

still though im not a huge fan of prescribing motivations on maintainers

Jordan Petridis 4d ago

@pid_eins @cas What a a gift, I couldn’t ask for a better honeypot

degenerating degenerate 4d ago

People are justified to raise an eyebrow about waving this through without any kind of compulsion. It affects the "Overton window" and enables the next steps that were too far away without it.

@pid_eins
What is your point, Lennart, if I may ask? I'm right now unable to grasp through the thick layers of irony here.

You mention a shitstorm and indirectly hint that cas could have, independent of willingness, become part of it.

What is the larger discourse that I am missing, despite PII, age verification and verified computing questions?
@cas

@pid_eins Bruh. Reconsider this thread. It’s an outburst of hyperbole. It misrepresents privacy advocacy, and tbh is not clever.

@pid_eins @cas the ones that yap about it have no idea who those 2 people are I belive

d@nny disc@ mc² 4d ago

@pid_eins @cas UNIX wasn't installed on end-user computers, the same way end-user computers would be surprised that --delete-tmpfiles removes their homedir. i am impressed that systemd now realizes it's also used on people's laptops and not just containers but UNIX never had to deal with this because it was expensive and proprietary. least trustworthy thing i've ever read and i have no idea why cas feels the need to defend it at length. postmarketos marketing for a pos

d@nny disc@ mc² 4d ago

@pid_eins @cas if you read IBM and the Holocaust you learn people who provided false data to the nazi census were actually considered heroes https://en.wikipedia.org/wiki/Ren%C3%A9_Carmille

René Carmille - Wikipedia

@hipsterelectron i think i'm missing several layers of context to understand your point here tbh?? /gen

@pid_eins @cas I've actually had a bunch of teachers at uni who told us about PII in /etc/ and asked us if Linux was GDPR-compliant. We didn't had a definitive answer (it was mostly "no"), but neither did they.

@pid_eins @cas I don't think anyone is mad about the PII angle of things.
If you introduce a birthdate field without the background of age verification laws no one would bat an eye.
People are mad because this is complying with laws they believe should not be complied with. By introducing the field right now, in a PR specifically mentioning the age verification laws you are making a political statement.

The privacy angle is not something people care about as far as I can see and I think it's disingenuous to act like that's the main concern.

@pid_eins @cas personally I don't feel strongly that complying with these laws is wrong, but I do think you are misrepresenting/misunderstanding the other side of the argument

@pid_eins @cas the mockery really doesn't help...

penguin42 3d ago

@pid_eins @cas I even have some sympathy for the big companies wanting to get this from the OS; they know there's no way that they can implement age verification on website access - kids will find a way arounf it and they'll still get blamed; this pushes the problem away from them.

unable to decrypt message 3d ago

@penguin42 @pid_eins @cas I have no sympathy for them. They should stop making products that are harmful to children, or people of any age. This astroturf campaign is a giant distraction to avoid holding them accountable for the harms they cause.

penguin42 3d ago

@be @pid_eins @cas But it's the same problem that the smaller sites are saying they can't comply with either.

vepř jako pepř 3d ago

@pid_eins most people arent entering any sort of information to be picked up in the GECOS field.

It's a serious concern, i understand theres alot of hurt going around, and that this cant be stopped within the bounds of linux when the state employs violence, but individuals are just that, not linux bound, and can pass into political life.. And ig people probably do think that centralised structures like systemd would have the most sway. And are probably hoping for a plan from such a centraliser.

Lennart Poettering 3d ago

@vepr_jako_pepr yeah, precisely, but why would you fill the birth date field then if you don't fill the gecos field either?

You know, the PR we merged only adds a field where the birthday *could* be stored, if you supply it. But that's entirely optional, and you have to go out of your way to provide it actually...

LiComAce 2d ago

@pid_eins @cas Tracks aren't built unless trains are planned to run on them.

@pid_eins @cas I use non-unique machine ID of whonix, I use "qwerty" as password, "user" as user and "localhost" as hostname" and Ubuntu so I'm not unique, no one can fingerprint me, losers /s