cm00026d ago

Inside the Systemd Age Verification Debate: Developer Responds to Criticism

https://europe.pub/post/10762385

Inside the Systemd Age Verification Debate: Developer Responds to Criticism - Europe Pub

>Dylan M. Taylor is not a household name in the Linux world. At least, he wasn’t until recently. > >The software engineer and longtime open source contributor has quietly built a respectable track record over the years: writing Python code for the Arch Linux installer, maintaining packages for NixOS, and contributing CI/CD pipelines to various FOSS projects. > >But a recent change he made to systemd has pushed him into the spotlight, along with a wave of intense debate. > >At the center of the controversy is a seemingly simple addition Dylan made: an optional birthDate field in systemd’s user database.

Show threadandioop

One interesting thought I’ve had is actually that if we strip this signal to websites/apps and do not report an age range at all, but the vast majority of users DO, that actually gives us a more unique and trackable browser fingerprint.

As someone who is not a fan of adding the age field I’m curious what people think of this.

Mar 26 at 8:54pmWeb
Show threadquick_snail5d ago

This is stupid. We block fingerprinting.

Just because some people are fingerprint able doesn’t mean all of us should suffer and bend at the knee to unjust laws

Show threadFooBarrington5d ago
It’s not stupid insofar that it is an additional fingerprintable data point. But it’s obviously still much harder to fingerprint you if many users share the same value that you have, so it is invalid.
Show threadIrateAnteater5d ago
You can’t really “block” fingerprinting. You can obfuscate it a bit, but the fingerprinting process happens server side, not on your device. So whether or not your system sends whatever age verification signal becomes a part of its fingerprint.
Show threadfruitcantfly5d ago
It’s not just server-side: A lot of fingerprinting happens client-side, for example using a canvas to check what features your graphics card supports. You can see this in action via services like coveryourtracks.eff.org or amiunique.org
Cover Your Tracks

See how trackers view your browser

Show threadIrateAnteater5d ago
That’s not the fingerprinting happening client side, that’s just information supply. Fingerprinting is about what the server does with that information.
Show threadZink4d ago

Yeah, but the countermeasures are client-side because that’s what you can control. And some kind FOSS devs out there make it easy to start somewhere decent.

  • Sent from my LibreWolf
Show threadquick_snail5d ago

Of course you can block fingerprinting. See Tpr Browser. Everyone looks the same.

Or you can change your fingerprint every 30 seconds with a plugin like chameleon.

You know it works when evil sites all ban you because they can’t fingerprint you and track you between sessions anymore

Show threadIrateAnteater5d ago
That’s not blocking the fingerprinting, that obfuscating the data. The fact that you are doing that itself becomes part of the fingerprint being built. Services like Tor or Chameleon don’t stop the fingerprinting process running, they just make it more difficult (but not impossible) to tie the fingerprint to your actual identity.
Show threadquick_snail5d ago
It’s making the fingerprinting efforts useless. Sure, they can do it, but I’m blocking them from being able to uniquely fingerprint me.
Show threadquick_snail5d ago
It’s making the fingerprinting efforts useless. Sure, they can do it, but many of us are blocking them from being able to uniquely fingerprint and track us across the internet