kcxt4d ago

people on reddit are doing a whole lot of yapping about age verification in Linux

I would generally agree that the whole approach of these laws is total dogshit and clearly a wedge issue to enable stricter surveillance laws in the future

at the same time though, the actual implementation and potentially having a portal which exposes the users age bracket seems totally reasonable as a way to implement parental controls... I'm also not totally against holding service providers to higher standards for data processing when it comes to minors, and hey if they're doing that why shouldn't adults get the same treatment?

what im totally miffed about though is why the fuck would you get mad at systemd for adding a birthDate field to userdb, what would you have them do? Would you rather every desktop environment had its own way to store this data??

An XDG portal for this also means you can *trivially* write a stub that always identifies you as an adult or even lets you pick per-app (heck maybe per website! that might be the new cursed way of avoiding trackers under late stage capitalism)

and yeah it sure would be shit if we get real-id laws in a few years, but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone. The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!

dylanmtaylor1d ago
Show threadkcxt

in the replies i expand a bit more on my point that systemd/xdg refusing to comply would more or less force distros to do the work themselves (potentially to a worse standard) or refuse, and in either case have to face the blowback themselves. While we can and should criticise industry backed distros if they blatantly disregard the interests of their users, particularly when they have the power to push back against legislation like this.

However it seems absurd to me to expect small community driven projects to navigate this legislation themselves or have to take the heat for taking steps to protect the livelihoods of their maintainers by complying with this legislation, something they would have to expend more effort in doing if the projects they are built on (systemd, flatpak, GNOME, KDE) took the high road and refused to comply.

I think there is a pretty huge lack of understanding by a lot of even highly technical Linux users when it comes to how the software supply chain of their distro actually works.

Very relevant example:

https://mastodon.online/@danirabbit/116250765623660340

Danielle Foré (@[email protected])

When you tell me to just not implement age declaration, do you understand you’re asking me to risk thousands of dollars in fines? Which means realistically the only way for me to not follow the law is to close my business and stop making elementary OS. Do you think it makes sense for me to decide to have no income right now in the middle of massive tech layoffs in a purely symbolic act of protest? Do you really fully understand this is what you’re asking of me?

Mastodon
Mar 20 at 10:53amWeb
Show threadKevin Karhan 4d ago

@cas I still think #SystemD should refuse to comply and I will certainly #RefuseToComply with @OS1337 as a matter of principle!

Because #Cyberfascism is bad!

Show threadkcxt4d ago
@kkarhan @OS1337 power to you, honestly
Show threadKevin Karhan 4d ago
@cas na. It's just having basic principles!
Show threadpan3d ago
@kkarhan @cas and money to be able to pay the fines (?
Show threadKevin Karhan 3d ago
@pan @cas no, knowing that intellectual work cannot be forced out of someone and that such cyberfascism in any reasonable juristiction would start a civil war.
Show threadpak0st3d ago

@cas imo the conflict is that Facebook lobbied like crazy to pass the hot potato further down the stack. They serve (target) the bad content, they are to be held liable and they don't want to deal with the complication - "it's not us, the OS should verify the age of the user!"

When you look at it from this angle, yeap, compliance with an overreach is not what comes to mind.

Show threadRobot3d ago
@pak0st @cas i think it shouldn't be understated this is probably also really nice for their their ad buisiness.

It should probably also be mentioned that even quantized data can be used to derive the full unquantized info when it crosses a boundary (change between brackets between two days implies a birthday, and the bracket changed to directly shows the age in its minimum) which if an api is to be available at every app launch can be messy (especially in intended use cases where someone may add a accurate birthday without considering the implications)
Show threadRobot3d ago

@pak0st @cas even then to some this may seem semi benign, but a concerning amount of essential services do only use name+birthday as limited authentication (and individuals don't really have much say in this) such as, at least in the us, medical providers and hospitals.

These apis combined with the data broker industry *will* get people hurt.

I say "these apis" since while linux is probably not the biggest impacted population for this data collection by programs, these apis are legally mandated and so by nature quite similar and with much of the same risks.