Mastodawn

dylanmtaylor 1d ago

people on reddit are doing a whole lot of yapping about age verification in Linux

I would generally agree that the whole approach of these laws is total dogshit and clearly a wedge issue to enable stricter surveillance laws in the future

at the same time though, the actual implementation and potentially having a portal which exposes the users age bracket seems totally reasonable as a way to implement parental controls... I'm also not totally against holding service providers to higher standards for data processing when it comes to minors, and hey if they're doing that why shouldn't adults get the same treatment?

what im totally miffed about though is why the fuck would you get mad at systemd for adding a birthDate field to userdb, what would you have them do? Would you rather every desktop environment had its own way to store this data??

An XDG portal for this also means you can *trivially* write a stub that always identifies you as an adult or even lets you pick per-app (heck maybe per website! that might be the new cursed way of avoiding trackers under late stage capitalism)

and yeah it sure would be shit if we get real-id laws in a few years, but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone. The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!

Ra (Freyja) (it/its)𒀭𒈹𒍠𒊩 4d ago

@cas I would ask why providers should make it easier to implement parental controls, given what those are so often used to do (namely, horrifying shit?)

jane400 - 628.4 fan 4d ago

@freya
your argument sound like an ad hominem.

one can also implement parental controls to be not creepy; without it turning into an audit of the child's every activity or doing gps tracking. reasonable parenting is working on limits in cooperation/input of the child.

new features i didn't expect and am happly suprised about this release in gnome: https://ubuntuhandbook.org/index.php/2026/01/gnome-50-will-support-bedtime-daily-screen-time-parental-controls/amp/

@jane @freya agreed, this was basically the point i was trying to get to. parental controls in Linux are absolutely a good feature to have, and the GNOME community have earnt a lot of respect from me for implementing this functionality. The ability to impose restrictions on non-sudo users (particularly children) is NOT a restriction of freedoms, I'd argue it's the opposite.

Knowing you can give your kids a device running a FOSS OS while being able to ensure they aren't accessing software they shouldn't is a good thing, give them the freedom to enjoy tech without looking over their shoulder

@cas @jane @freya You ARE supposed to supervise your kids. You know?

It is called "Parenting".

You let them break the computer. And if you catch them installing something nasty you tell them that they should not be doing that.

jane400 - 628.4 fan 4d ago

@ZanaGB @cas @freya yes. but at what point has the child learned enough? at what age is privacy more important? you can't supervise a child all day long unless your an "helicopter parent"

it's giving your kid training wheels with a bicycle so your sibling can take them on a small road tour, there isn't an exact day where a newborn turns into a kid turns into an teenager turns into an adolescent.

@jane @cas @freya

Y'all SERIOUSLY need to trust your kids more. They arent stupid.

Dunno about your local culture. But everyone here grew up knowing you never had to talk to strangers, nwver dibulge any information and stay away from anything that demands a paynent.

Kids are smarter than you remember. Tell them not to do something and why and 99% of the time they will follow through.

No, you will not get a free PS2. No, that raffle for the shiny creature is rigged against you. No. You may not have horse armour. That game looks sketchy but it comes from Steam you might have it. No i dont care all your friends are posting selfies they are going to get hurt and you cannot make an instagram.

One thing is not letting your kids have any agency (helicoptering) and the other is telling them gently they cannot have things and why.

You cannot leave IBM, Amazon, Google, Meta and Oracle decide how it is best to take the task of parenting. The owners of the platforms with addictive content aimed towards children do not have the besr intentions at mind with these policies. The best way to prevent kids from being in places they should not be is... Being literally around them every now and then to check what they are up to and simply... Dont let them go to those platforms.

F4GRX SÃ©bastien 4d ago

@ZanaGB @jane @cas @freya ❤️

jane400 - 628.4 fan 4d ago

@ZanaGB you're not getting the point. we're talking about someone having problems with parental controls in foss while @cas was talking about the different topic of age brackets api laws and people misunderstanding unrelated things.

we're not talking about big tech.

@jane @cas who do you think is behind these surveilance laws? And who do you think makes 5/7ths of freedesktop? Its all IBM/Amazon/Microsoft/Oracle reps there.

Y'all keep forgetting SystemD is a god damn IBM product

jane400 - 628.4 fan 4d ago

@ZanaGB congratulations for delving into conspiracy theory! nobody is interested in the linux desktop, all of those players are into linux server.

Fine. We'll take the bait.

Here are some facts.

- SystemD (and most of FD.O) is an IBM product by virtue of the sheer weigh behind Red Hat's contributions to most to their codebases

- Most of the kernel patches are submited by IBM/RHEL, MicroSlop, Amazon, Google, Oracle, Meta employees.

- A lot of these "anti big tech", "for the children" surveilance laws are being lobbied by... These same companies who happen to be contributing most of the code to freedesktop dot org, and who own these very platforms.

- SystemD is the first project to rush to implement these surveilance specs.

These are just facts regarding the current situation.

This has nothing to do with the inane discourse unsavoury people and fascists alike love parroting ad nauseum, going against everything systemd has done due to being "monolithic corporate slop" and "not SysVInit"

And yet... Here we have a clear example of legitimate concerns being drowned by the wolf that cried "child" and their comrades trying to muddy the waters.

The corporate product with a lot of corporate weight behind it is the first to implement the corporate surveilance garbage onto its code way ahead of schedule.

... It is really not a conspiracy when you are seeing the thing happen in real time now is it?

jane400 - 628.4 fan 4d ago

@ZanaGB
Yes, Red Hat is a heavy weight in contributions but it's misleading to think in those terms.
https://fedoraproject.org/wiki/Red_Hat_contributions

So we look at governance, I cant find the link for stuff so I'll just the first result in my search engine. https://www.x.org/wiki/BoardOfDirectors/

Do note, that it makes sense to view the stuff gnome is doing and the gnome foundation as completely different things.
https://handbook.gnome.org/governance.html#maintainers
https://www.bassi.io/articles/2025/08/03/governance-in-gnome/

systemd is probably the clearest example for cooperate involvement, as it's not a desktop only component.
https://systemd.io/GOVERNANCE/

systemd isn't the first project to rush. it's not a spec to provide that, it sadly passed in california. and it maps cleanly to existing gecos field for passwd so isn't a new thing for linux. /etc/passwd is probably readable by everyone, so already fingerprinting compatible.
i myself will just geoblock non-europe in the future if i make my distro public.

You wanna think about corporate linux desktop? We already have that, it's called chromebook, android and steamos. https://agelesslinux.org/distros.html

There are far worse things already around for years. Like forcing a data sim-card in combination with a microphone in your car. You should be scared for a widevine-like module in trustzone to ensure you verified your age with a government. Not seeing certain domains in emails of contributors as a big conspiracy by big tech. It's so much easier to just force compliance by saying that "disabling secure boot" and "rooting" is prohibited in a country, only compliant operating systems will be allowed.
https://compliancehub.wiki/brazil-age-verification-law-operating-systems/

Red Hat contributions - Fedora Project Wiki

@jane And yet, in your brazil example, you see IBM and Canonical merely pondering about how to implement it. And they will probably drag their feet for months if not years. Giving time for that legislation to be reverted.

While the CA situation had PoC scaffolding... Within the week? For gnome, systemd and eOS at least, with the xdg portal being ready within a month.

And that very scaffolding will let laws like Brazil's and worse to take hold. Because the infraestructure is already here.

And we go back to the matter of whom is reaping the benefit of all this. But since nobody dared saying "fuck you, make me" and instead bent backwards so now we are in this fucking mess.

We aint scared of an extra field on /etc/passwd. We are scared of how quickly everyone jumped to implement it and how clear the signal every spineless developet at the big companies pushing these changes is of "yes please take this gun. We will even put our forehead in the barrel so you can't miss the shot.". Of how quickly everyone is ready to provide the infrastructure and incentive for worse things to come, instead of forcing Big Iron to eat shit and pay their god damn fines.

David Culley 2d ago

@jane @ZanaGB @cas This push for "age verification" and more surveillance comes at the initiative of Meta. We absolutely *are* talking about Big Tech.

Zuckerberg spent ungodly amounts of money lobbying to push for this surveillance vanguard. Why do you think he wants this so badly? When has anything that Zuckerberg ever wanted been out of good intentions?

And yet people bend over backwards to comply in advance. From your bio, I assume you (jane) live in Germany. As a German you aren't even in the jurisdiction of Californian laws.

But you'll get the surveillance regardless through systemd even though your country doesn't even mandate it. Same as every other user of systemd worldwide, which is probably every single user of GNU/Linux who isn't able to compile Gentoo for themselves. (Telling me about NixOS or some niche distro is missing the point.)

People whose homecountry doesn't even mandate this should not have this shoved down their throat, irrespective of noncompliance or disobedience, and should remain empowered to choose a different component that doesn't have this integrated.

Stop complying to fascism in advance.

jane400 - 628.4 fan 2d ago

@davidculley @ZanaGB @cas i'm not affected by those laws as a user, but i am affected by all of those laws as a foss contributor. you can have a lawsuit in a juradisction you don't live in. i'm legally shipping a product/service. i don't think i said that big tech isn't behind those laws.

the solution for me is to either just ship it, as this systemd field is completely optional and looks to be gdpr compliant (and even maps cleanly to the field in /etc/passwd), or to take technical counter measures. this means either creating a "california edition" of the distro or to geoblock and prevent people from selecting a country or some sort of agreement during during setup.

i'm not complying in facism in advance, i just hate people who suddenly are infuriated because they don't look farther then their own two meters of the world.

https://netzpolitik.org/2024/ausweispflicht-wie-alterskontrollen-das-internet-umkrempeln-sollen/#4

you don't get surveillance through systemd? are you drinking bleach and think systemd-aged is real?
https://systemd.io/USERDB_AND_DESKTOPS/

Ausweispflicht: Wie Alterskontrollen das Internet umkrempeln sollen

Wer im Internet unterwegs ist, soll künftig immer öfter den Ausweis zücken oder sein Gesicht scannen lassen. Wo überall sind solche Alterskontrollen geplant, wer treibt das voran – und welche Grundrechte sind in Gefahr? Die wichtigsten Fragen und Antworten.

netzpolitik.org

@jane @davidculley @cas In our case. it has been more about "why is everyone willingly adding all the pieces needed for the worst possible outcome to be realized. As if nobody will get caught on the blast radius

jane400 - 628.4 fan 2d ago

@davidculley perhaps try to read the surroding context/thread before you start mansplaining.

F4GRX SÃ©bastien 4d ago

@ZanaGB @cas @jane @freya that is pure common sense.

@f4grx @cas @jane @freya it seems increasingly uncommon these days...

F4GRX SÃ©bastien 4d ago

@ZanaGB @cas @jane @freya unfortunately.

Tijgertje1987 4d ago

@ZanaGB @cas @jane @freya
If they manage to hack the Linux box to get sudo/root they have earned it to get the training wheels off

jane400 - 628.4 fan 4d ago

@Tijgertje1987 to continue the analogy: at that point it was already neglect to have still kept the training wheels :P

@Tijgertje1987 @cas @jane @freya it is not like it is not all that hard to figure how to boot into single-user mode (on anything non-systemdboot anyway)

Kids, if you are reading this, no need to thank this internet bunny for the tip ;)

jane400 - 628.4 fan 4d ago

@ZanaGB what's a boot? what do shoes have to do with it?

https://www.explainxkcd.com/wiki/index.php/2501:_Average_Familiarity

2501: Average Familiarity - explain xkcd

explain xkcd is a wiki dedicated to explaining the webcomic xkcd. Go figure.

witch_t *navi 4d ago

@cas @jane @freya

I mentioned here here:
https://social.vlhl.dev/notice/B4PU0aMRZdCXV8QAJk

but tl:dr I believe that a child young enough to need parental controls should not be left alone unsupervised w/ an internet device, and that teenagers should have already learnt discretion and have built a trust relationship with their parents

in a good world then, parental controls would just be guardrails for the former, but in the world we live in, i fear how much abuse, well, abusive parents might cause on the latter by forcing parental controls on their devices

witch_t *navi (@[email protected])

on "growing up tech literate, and parental controls" i was allowed to use the computer we had at the house at around 6yo my dad would install games for me, mom would watch videos with me but cru...

jane400 - 628.4 fan 4d ago

@navi @freya @cas my god, the point of parental controls is tbe potential to turn of browsers and the "internet"

jane400 - 628.4 fan 4d ago

@navi @freya @cas

a trust relationship is exactly the thing i am arguing for, i'm not sure how much you dealt with actual parenting and supervising children.

you're arguing against a cptsd survior, i had very a abusive parents. the reality is that we as a foss community should enable healthy foss tools, because the stalkerware will get developed anyway due to money incentives. and it will not rely on any age bracket stuff as the primary usecase for stalkerware is stalking partners.

witch_t *navi 4d ago

@jane @freya @cas

i speak out of the self experience i mentioned above, out of the need growing up of watching over my small brother, and out of the personal experience shared with me by friends while growing, who did have the parental controls in apple devices used against them, and that's all

jane400 - 628.4 fan 4d ago

@navi so your arguing against a specific implementation? memories while growing up are heavily skewed, that was a really though thing to learn for me while taking care of a kid for a year. there were even moments were it made sense to lie or heavily skew the truth, a thing i couldn't have imagined before.

witch_t *navi 4d ago

@jane i argue against specific features, that are often included in "parental control"

so far the only thing people convinced me could be okay, is screen timeout timers

what i get worried is, for a teenager, making it easy to allowlist-only or blocklist websites and content types, and making it easy to track everything they do with their devices

sure, there is other ways of doings those things, but the easier those tools are to enable and use, the more i saw them get abused

F4GRX SÃ©bastien 4d ago

@navi @jane kids are smart. the more you censor, the more the teenager will use their friend's unlocked devices, and then you will see NOTHING.

jane400 - 628.4 fan 4d ago

@navi you should be arguing against technology being sold as a substitution for teaching and parenting. of course big tech with its "ask me later" doesn't teach consent.

this is isn't a technological problem, this is a societal problem and tolerating abusive parents. not asking children in school what they face at home, how they are allowed to use technology. only since the year 2000 have children the right for nonviolent parenting in germany.

@navi @jane @freya I think I could be persuaded either way on this topic tbh, it depends a whole lot on the family, the interests of the kid, their relationships, etc...

F4GRX SÃ©bastien 4d ago

@cas @jane @freya Edit: not even. This is all bad, period.

Previous toot: agree this is app stuff. Let kde and gnome do it. Let me install something else if need be. Let me remove it. I want none of it in fucking systemd.

@freya @cas ****THIS***

“Is it really so bad that oven makers enlarge their ovens to 40 pounds? There ARE other uses beyond cooking children, after all.”

Don’t look for Modest Proposals of tech shifts that enable Swift shifts into being abused. ‘Why not add the DOB field’ plus ‘might as well use it’ is a dystopic result from an innocent pair.

@freya @cas fuck, the worst part of getting old is encountering Adults that are passionate about internet ethics but are too young for Risks and cypherpunk listserv/ digests to have infused their thinking.

(Edited to add https://smolhaj.social/@jane, whose comments hint they really really need a deep dive into cultures that discuss WhatMightGoWrong. )

jane400 - 628.4 fan (@[email protected])

960 Posts, 540 Following, 167 Followers · Hi, I'm doing way too much software in trains! I'm a #LinuxMobile enthusiast, pushing for using standardized technologies on the Linux Desktop, reverse engineering various things (like DHL parcel lockers uwu) You can find me in hackspaces with long transit stops in Germany :3 #BahnBubble

smolhaj.social

@InkomTech ok i'll try to clarify, since i don't think your quite understand my position....

THESIS: I am fundamentally ideologically opposed to legislating age verification into operating systems, for all the obvious fucked up dystopian outcomes that inevitably leads to. Maybe I should have put that in all caps or something because people really seem to want to misrepresent my position.

ANTITHESIS: Should age verification legislation get passed, we should not throw our distro maintainers and middleware implementers under the bus by getting mad at them for following the law (i mean unless they come out and say they actually think the legislation is good, in that case fuck em).

SYNTHESIS: we can oppose age verification laws without going after implementers for trying to avoid exposing themselves to fines. it's a rock and a hard place for distro devs and im kinda shocked that people seem to unwilling to acknowledge that reality.

Thanks for the condescending comments (and extremely weird call out of Jane??), i hope your irc buddies got a kick out of it(???)

i predict you either don't respond or hit me with an ad hominem, prove me wrong!

Val Packett 🧉4d ago

@cas online nerd spaces these days apparently have never read the word "fallacy" in "slippery slope fallacy"

Jon A. Cruz 4d ago

@cas well, I just have to think back to US authorities arresting a Russian programmer for things they did while in Russia, that were legal in Russia, and were a technically trivial end-around a simplistic DRM.

Once the law is on the books, it is a tool against any "circumvention", especially at the behest of large companies.

@cas Have the projects received guidance from actual lawyers? It doesn't seem like the text of the legislation is final in a lot of jurisdictions. I don't know if anybody knows what interpretation or enforcement might look like either. If the devs' hands get forced then it is what it is, but it feels like an own goal to pre-comply too early.

@dvshkn i have no idea, but as far as i can tell the work so far is basically just laying the groundwork, nothing specific to the legislation

that being said, IANAL obviously but surely there has been prior art in this sense, at the end of the day are distros (that don't explicitly sell/ship their software in california in this case) even responsible for people who live there installing their software even if it doesn't follow local laws?

F4GRX SÃ©bastien 4d ago

@dvshkn @cas debian got one I think and it boils down to "just wait"

Lennart Poettering 4d ago

@cas i am waiting for the moment when these folks who partake in this misguided shitstorm learn about the kind of PII the good old GECOS field on Linux/UNIX carries...

And once people are over that the next shock waits for them! There's a file in /etc/ that contains a hash (i.e. a unique identifier!) of your most personal, private, secret data: your password. And linux systems even kinda insist on you on providing that on first install! Can you believe that?

Lennart Poettering 4d ago

@cas It's as if UNIX carries AN ENTIRE DATABASE of PII in /etc/ without any consideration for user's privacy! Unbelievable!

I think we all need to *demand* from Kernighan and Ritchie to immediately drop /etc/passwd and related files from UNIX, and stop helping the government with collecting this kind of data. It's really appalling that no one has called them out on this yet! The shock! The horror!

Lennart Poettering 4d ago

@cas i never trusted these people in the first place and boy was I right. I'll now move one of my machines to CrazyOS because it stores no PII at all. That will hurt Kernighan and Ritchie, Ha! CrazyOS will not store *any* PII, it's so good! It doesnt have a password (MS-DOS back in the day already had that, and it should be common sense), you just are let in right away. It's kinda annoying though that it has no $HOME to store data in, but of course that's cool, because that would be PII...

Lennart Poettering 4d ago

@cas right after installing CrazyOS I'll make a video of it and put it on TikTok, YouTube and Instagram of course (I really dig their services, I have accounts everywhere, ha!). Hey, did you hear the web folks have cookies! 🍪 Yummy! So good!

@pid_eins @cas I think the way the code change is motivated has some importance here.

Normally, in a FOSS project when some change is made it's to make things better for users. The change was requested by users, and doing the change makes users happy.

If instead you start motivating code changes with "we change this because of this-and-that law", then that does not feel right to me.

Perhaps many users do want the change, but in that case better refer to user demand instead of laws.

1/2

@pid_eins @cas I guess in some way it comes down to "who is the software for?"

A piece of libre software is for the users, it serves the user and does what the user wants (which may or may not be the same thing that lawmakers in some country want). It's not a tool for governments to enforce laws.

Of course, when there is a FOSS license users can always do what they want anyway. But saying that changes are because of laws risks giving the wrong impression.

Do you see what I mean?

2/2

@eliasr @pid_eins superficially sure that makes sense, if FOSS existed in a vacuum I'd be totally on board. But despite the efforts of many to create and share software while taking zero responsibility for the consequences of their actions, software still exists in the real world.

To be clear (though I think i said so in my post) im not in favour of governments imposing restrictions or requirements on software, these laws are arbitrary and almost as hard to define concretely as they are to enforce.

With that being said, if I may attempt to challenge your underlying assumptions here: how are the requirements of law different to the requirements of (for example) a security minded individual, or an enterprise customer?

I want to daily drive a Linux phone but I care a whole lot about security and implementation details basically mean to only way to implement a truly secure OS stack is to use proprietary "trusted apps" from Qualcomm to protect my OS encryption keys (think software backed TPM), I have no doubt in my mind that people may object to the idea of Linux loading proprietary trusted apps into the "secure world" to implement this functionality, but would you object to the kernel adding support for this because it might not be "what the users want"?

I guess im making two points here so i'll try to separate them:

1. At what point is a topic so technical that the opinion of an average user with minimal context shouldn't be trusted?
2. How do you in practice enforce that "libre" software is always serving "the users" without alienation and othering?

Like I personally am always pretty confused and occasionally frustrated by the systemd unit constraints system, did i want Requires= or BindsTo= or WantedBy= or Requisite= etc.... Similarly the fact that every openrc service file is a shell script is infuriating, does these mean these aren't libre projects?

And again, yes I think the laws are fucking dumb, i just think criticising systemd and XDG in particular is just virtue signaling here, not advocating for real change. I hope i don't just come across as contrarian, you're making a philosophical argument so I hope it's ok to respond in kind.

Wolf H. Art 4d ago

Is it virtue signalling though?
Can't it be plain frustration about the state and trend of the world in this matter?

Yes, it might be barking up the wrong tree.
But I think what many people are looking for is acknowledgement of that frustration, a feeling of being heard at least within *their* community. At least within libre FOSS.

How to respond to that is a choice.

> how are the requirements of law different to
> the requirements of (for example) a security minded individual,
> or an enterprise customer?

It sounds like you are assuming that the law is always good, that the state (making laws) is always good. I think taking a look around the world today makes it pretty clear that this is not the case. The state can be really bad, laws can be really bad.

1/?

Anyway I think you kind of missed the point I was trying to make: I am not critical of the code change itself, what I am critical of is the way it was presented.

To clarify precisely what I mean, it's the first sentence in this PR: https://github.com/systemd/systemd/pull/40954 which says:

"Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc."

I don't like that framing of the code change.

2/3

userdb: add birthDate field to JSON user records by dylanmtaylor · Pull Request #40954 · systemd/systemd

Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc. The xdg-desktop-portal project is addi...

GitHub

@cas saying "as required by recent laws" indicates a mindset that "what we do here is to implement laws. States make laws, we implement them. That is what this software is about: compliance with laws."

And I think such a mindset goes against the idea of free software.

> I hope i don't just come across as contrarian

I appreciate your answer, and I'm sorry I only answered parts of it!

@eliasr @pid_eins i think that's fair. I certainly don't think all legislation is inherently morally good, but neither is it morally bad.

still though im not a huge fan of prescribing motivations on maintainers

Jordan Petridis 4d ago

@pid_eins @cas What a a gift, I couldn’t ask for a better honeypot

degenerating degenerate 4d ago

People are justified to raise an eyebrow about waving this through without any kind of compulsion. It affects the "Overton window" and enables the next steps that were too far away without it.

@pid_eins
What is your point, Lennart, if I may ask? I'm right now unable to grasp through the thick layers of irony here.

You mention a shitstorm and indirectly hint that cas could have, independent of willingness, become part of it.

What is the larger discourse that I am missing, despite PII, age verification and verified computing questions?
@cas

@pid_eins Bruh. Reconsider this thread. It’s an outburst of hyperbole. It misrepresents privacy advocacy, and tbh is not clever.

@pid_eins @cas the ones that yap about it have no idea who those 2 people are I belive

d@nny disc@ mc² 4d ago

@pid_eins @cas UNIX wasn't installed on end-user computers, the same way end-user computers would be surprised that --delete-tmpfiles removes their homedir. i am impressed that systemd now realizes it's also used on people's laptops and not just containers but UNIX never had to deal with this because it was expensive and proprietary. least trustworthy thing i've ever read and i have no idea why cas feels the need to defend it at length. postmarketos marketing for a pos