Jax Bayne (they/he)11h ago
Jesus Michał "Le Sigh" 🏔 (he)

The discussion around "age verification" in systemd/XDG has been largely focused against the California law. But honestly, there's a much deeper problem there.

Firstly, the data collected. The question initially asked is "are you at least 18 years old?" However, that's not the data collected. In fact, the data collected is not even the age — it's the full birth date. It's a perfect example of collecting more data than you need, and a sensitive information too, and sharing it with any application that asks.

Secondly, the extended goal of "parental controls" used as a justification to collect more data. When you think about it, you realize how bad this is: it isn't the case of asking the user about their birth date (with the assumption that a kid will enter a fake date to workaround the limitations). It is effectively a tool for *parents* to impose restrictions on their children, which means that they are more likely to enter the real date to ensure that these restrictions work. And given how popular sharenting is today, do you really think they'd come up with a fake birth date that happens to roughly match their child's age?

This is simply irresponsible.

https://github.com/flatpak/xdg-desktop-portal/pull/1922

Draft: Add parental controls to the Accounts portal by davidedmundson · Pull Request #1922 · flatpak/xdg-desktop-portal

Applications need to filter content to match the age rating of the user. The rating restrictions tend to be location and domain specific without a common ground for where these groupings should be....

GitHub
Mar 22 at 8:37pmWeb
Show threadLinuxUserGD 3d ago
@mgorny
And the birth date could be implemented as an identifier for browser fingerprinting I guess
Show threadJdeBP3d ago

@mgorny

Actually, even that's not deep enough.

There are a couple of FediVerse people who have been talking to legislators about the forthcoming #ColoradoLaw to try to get it to not lump #Unix & clones in with the smart 'phone app stores that legislators (as can be seen from the Bill summaries and the California legislative record) thought that they were targetting.

The larger context is that this is version 2.0 legislation, currently pending in 4 states of the U.S.A., after the version 1.0 legislation in Utah, Texas, & Louisiana was blocked by the federal court for the Western District of Texas in January 2026 for being unconstitutional. Louisiana's Bill makes it explicit that it is repealing and replacing the prior Act.

So a version that doesn't lump Unix & clones in with the Microsoft/Google/Apple App Stores that 'App Store Accountability' nominally targets might be version 3.0.

https://mastodonapp.uk/@JdeBP/116268403720368221

https://www.mofo.com/resources/insights/251111-texas-targets-app-stores-with-new-accountability-law

@carlrichell
#AgeVerification #systemd #USLaw

Show threadrozie3d ago

@mgorny If you "only" store information "is 18 years old", that doesn't change much in the long run.

Birth date is weak as fingerprint for individuals (https://en.wikipedia.org/wiki/Birthday_problem). If the service stores "is 18 years old" every few days, it will also have information, when this changed and it's... birth date.

And even if it does not record the change itself, after a few years it will know the how many years at least person has.

I think the real question is if anonymity should be allowed...

Birthday problem - Wikipedia

Show threadrozie3d ago

@mgorny ...and this is not a simple question, as anonimity is pretty new. In general, we couldn't buy items or services without revealing our identity or without help of other people before the internet era. We still cannot go to the store wearing mask and but anything we like.

Will post a blog note on that soon.

Show threadBruce Simpson, Ph.D.2d ago
@mgorny Speaking of someone who was insta-banned from flatpak for raising a reasonable criticism with them on GitHub, this comes as no surprise to me. I kept full audit trail of my interactions with that project. Abandon flatpak. Use AppImage instead.