kikebenlloch
GrapheneOSBrazil's authoritarian age verification law became active this month. It won't be implemented by GrapheneOS. Complying would require integrating a mandatory process for each user where a third party service checks government identification and confirms a match using the camera.
It doesn't stop there. It would require keeping data for auditing and providing a token for connecting age verification checks by apps and websites to the data. The law is a privacy disaster and exposes minors to being exploited by leaking their age bracket to apps and websites.
GrapheneOS has no team members or operations in Brazil. São Paulo in Brazil is by far the biggest network hub within South America. Miami is also a major network hub for South America and is currently where our update server is for South America since it's dramatically cheaper.
We have a tiny VPS in São Paulo for our ns1 anycast DNS and a second for our website/network services. It probably isn't an issue and those can be removed if necessary. Santiago could be added for both instead but wouldn't work very well as a replacement for having São Paulo.
There aren't yet devices supporting GrapheneOS directly sold in South America. Brazil in particular has unusually high import duties/taxes which add up to around 100%. This has resulted in us not having a lot of users there but our Motorola partnership will start changing this.
People are going to have their personal info leaked by third party age verification services due to these laws. Children are going to be harmed by apps and websites changing their behavior to exploit them. It isn't going to stop minors finding pornography if they want to find it.
refraction 
@GrapheneOS this. Meta is lobbying for this heavily and they have systematically put minors in harm's way and exploited them for profit for years and they aren't gonna stop. they only want this to more effectively and thoroughly exploit people. they wouldn't spend large sums on this unless they thought it would serve them, not their users.
AlexanderMars
Thinkb4u@GrapheneOS And it definitely won’t stop the real crimes of CSA happening in the physical world.
LeonianUniverse😁@serrebi @GrapheneOS NO, when I was a kid, it was super easy to find, you know why, because I was looking for it and I did. Nothing will stop kids from finding it if they are curious to do so, its just the way it is. No age verification law is going to change that.
Richard ⬜🟩⬛@GrapheneOS Really? Will you be selling out-of-the-box grapheneOS devices in Brazil?
That's where i live!
@richardisaguyyyy We want to do that but the age verification law is going to prevent devices being sold with GrapheneOS in Brazil. It will be very easy to install it on future Motorola devices sold in Brazil via our web installer though. It's much easier and safer than doing something like installing Windows on a desktop.
@GrapheneOS That's so awesome! May i ask, will you support existing motorola devices that are rootable as well? For instance i own a moto edge 20
Sandelinos@richardisaguyyyy @GrapheneOS No. Existing Motorola devices don't fulfill Graphene's hardware requirements
Hani@GrapheneOS @richardisaguyyyy is it a done deal that the new OEM will be Motorola?
@cornflakes4dinner @richardisaguyyyy Motorola officially has a long term partnership with us. They're actively working on GrapheneOS support and meeting all of our requirements. The aim is to have support on devices launched in 2027 and things are proceeding towards it. They also want to use our code within their OS to improve it but that's a separate thing from GrapheneOS and interests their business users rather than being what our users are interested in.
https://motorolanews.com/motorola-three-new-b2b-solutions-at-mwc-2026/
Parth Parikh@GrapheneOS why not you support those chinese manufacturers then?
@parikhparth23 Devices need to provide the requirements for GrapheneOS. Motorola is working on implementing those requirements and official GrapheneOS support for devices in 2027.
NYCNerd@GrapheneOS I've been thinking... How do you all have the time and energy to do all this work (also technical, but especially chasing companies for this corporate partnership stuff) at a high level and give it away for free?
@nroth GrapheneOS is entirely funded by donations. Paying developers is our main expense by far followed by legal fees, auditing and accounting. Our other expenses such as servers are quite small since we're being very efficient including seeking out sponsorships from hosting providers. If every GrapheneOS user donated $20 per year that would be over 8 million dollars per year of donations. We don't get nearly that much yet but don't underestimate how much money we can raise via donations.
Could you share more infos about when and involved modells which this collaboration will start with?
Your Cunting Daughter 🧟♂️🤮@GrapheneOS interesting how a north american city such as Miami can serve as a network hub for south america. Geopolitics are an intricate yet interesting thing
Athos@murderkroger @GrapheneOS Miami has less latency to South America because of the subsea cables
@athos @murderkroger ISPs in South America can also bring traffic to Miami to pay cheap North American transit rates to send traffic to arbitrary destinations. The rates in North America and Europe are 1/10 of the cost of the rates in South America. They just need to get infrastructure to Miami and they have cheap transit to anywhere. It's not great that many of them do this because it causes high latency between South American locations if they aren't peered. It's not as bad as it used to be.
Sneezyis it a good idea to have a "age proxy" like the mechanism for filesystem access "spaces"?
when an app doesn't run unless the OS tells it the user is id-verified, then grapheneOS could say yes, the user is, even if the user hasn't done the process because they don't want to risk their biometric information
I'm no expert, just thinking aloud
Nazani@GrapheneOS Photo matching is going to be interesting in a country where plastic surgery is so popular.
Lance, Enjoying Copious Pollen@GrapheneOS That seems like the right call to me. It looks like I may soon become an international lawbreaker because I'm not going back to Android.
Iron Bug@GrapheneOS >Complying would require integrating a mandatory process for each user where a third party service checks government identification and confirms a match using the camera.
that's sick. this is the absolute break of any privacy and this should be avoided by all software developers.
that's sick. this is the absolute break of any privacy and this should be avoided by all software developers.
@GrapheneOS @lxo
looks llike Brasilian government requirements to software are much worse than we expected.
this is not just a breaking privacy for some third-party service, it's deanonimizing and tracking users by whatever sites and servers in an unknown circle.
looks llike Brasilian government requirements to software are much worse than we expected.
this is not just a breaking privacy for some third-party service, it's deanonimizing and tracking users by whatever sites and servers in an unknown circle.
Alexandre Olivato be fair, there's no requirement of using a third-party service, but the long delay in regulating the procedures for age assessment made room for the "market" to come up with various bad ways to accomplish that. it sucks to be us.
on the good side, the law is quite strict in that the information cannot be used for other purposes. I guess lawmakers didn't know about Cambridge Analytica, or didn't care, or something.
what's worst, IMHO, is that the law pretty much rules out freedom-respecting software, and this is the case not only for minors, and though its supporters promise age verification isn't about identification, they don't seem to have considered that the law mandates parental supervision through online services, so identification is necessary to connect children with the parents/guardians, and parental supervision encompasses allowing communications with the minors, so everyone else must also be identified. it's terrible terrible terrible.
on the upside, the rules for app stores that require parent approval for minors to install programs are so broad that they apply to websites that offer javascript code for download, so we should (if the law catches) see browsers shipping with javascript disabled, and web sites used by minors being refitted to work without javascript.
I've been blog-posting a lot about it, in pt_BR:
https://blog.lx.oliva.nom.br/tags/ECA-Digital
CC: @[email protected]
on the good side, the law is quite strict in that the information cannot be used for other purposes. I guess lawmakers didn't know about Cambridge Analytica, or didn't care, or something.
what's worst, IMHO, is that the law pretty much rules out freedom-respecting software, and this is the case not only for minors, and though its supporters promise age verification isn't about identification, they don't seem to have considered that the law mandates parental supervision through online services, so identification is necessary to connect children with the parents/guardians, and parental supervision encompasses allowing communications with the minors, so everyone else must also be identified. it's terrible terrible terrible.
on the upside, the rules for app stores that require parent approval for minors to install programs are so broad that they apply to websites that offer javascript code for download, so we should (if the law catches) see browsers shipping with javascript disabled, and web sites used by minors being refitted to work without javascript.
I've been blog-posting a lot about it, in pt_BR:
https://blog.lx.oliva.nom.br/tags/ECA-Digital
CC: @[email protected]
Matúš@GrapheneOS What about instead of responding to the age bracket by providing a age bracket, you could provide back string that just says ñao ñao amigao?
COMMANDer@GrapheneOS why are you so based?
Jeffrey, he/him@GrapheneOS looks like Brazil, with Robert DeNiro, is about to become a documentary
Assimilateborg@GrapheneOS just set everyone's birth date to 1970-jan-01
Joenio Marques da Costa@GrapheneOS the Brazil's age verification law isn't authoritarian, it's a huge misconception naming it authoritarian, who name it like that is spreading fakenews and FUD.
@joenio It's an extremely authoritarian law infringing on fundamental human rights. It's a mass surveillance law with protecting children as an excuse. It clearly doesn't exist to protect children since it leaks their personal data to apps and websites. Minors will still be able to easily find pornography on the internet. They'll also be at risk of being specifically targeted due to apps and websites being informed they're children. It will even leak their birth date on the day they age out.
Kow@GrapheneOS @joenio it's optimistic to assume it will wait till they're 18 to freely give out birth dates.
@Kow @joenio California's law defines multiple age brackets:
* under 13
* 13 to under 16
* 16 to under 18
* 18 or older
This means it will leak a child's birth date to apps and websites on their 13th birthday.
There are ways to reduce the harm such as deferring age bracket updates to January 1 but those approaches likely wouldn't be accepted by parents and children. What's actually going to happen is leaking the birth dates of minors to apps and websites.
Mateusz@joenio I would love to hear your rebuttal to GOS answer, so far you threw accusations with no supporting arguments. @GrapheneOS
Xtreix@joenio @GrapheneOS It's 100 % authoritarian, it's 100 % bad, and it's 100 % useless, absolutely zero FUD here.
Xenia0040@joenio The great green dragons shall come for us all and devour us whole. My mother is Hilary Clinton. God is actually 2 very fancy letter openers. 2 + 2 = 5. Oceania has always been at war with Eastasia. I am levitating on command. Anyone who ways otherwise is spreading fakenews.
Notice how both our comments have exactly the same amount of reasoning shown to support our points.
Notice how both our comments have exactly the same amount of reasoning shown to support our points.
DekOfTheYautja@GrapheneOS what will happen in UK? And California/Colorado? You don't have any operations in these areas either?
@DekOfTheYautja Toronto is the only location where the GrapheneOS Foundation operates. Having contractors elsewhere isn't our own direct operations as they're not employees but rather are their own businesses. We don't have any contractors in Brazil regardless.
If Canada passes a similar law then we'll need to contest that in court and plan out moving GrapheneOS elsewhere in case it becomes necessary. It would be an enormous pain and would disrupt things a lot but we'll do what's necessary.