people on reddit are doing a whole lot of yapping about age verification in Linux
I would generally agree that the whole approach of these laws is total dogshit and clearly a wedge issue to enable stricter surveillance laws in the future
at the same time though, the actual implementation and potentially having a portal which exposes the users age bracket seems totally reasonable as a way to implement parental controls... I'm also not totally against holding service providers to higher standards for data processing when it comes to minors, and hey if they're doing that why shouldn't adults get the same treatment?
what im totally miffed about though is why the fuck would you get mad at systemd for adding a birthDate field to userdb, what would you have them do? Would you rather every desktop environment had its own way to store this data??
An XDG portal for this also means you can *trivially* write a stub that always identifies you as an adult or even lets you pick per-app (heck maybe per website! that might be the new cursed way of avoiding trackers under late stage capitalism)
and yeah it sure would be shit if we get real-id laws in a few years, but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone. The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!
@cas I would ask why providers should make it easier to implement parental controls, given what those are so often used to do (namely, horrifying shit?)
@cas i am waiting for the moment when these folks who partake in this misguided shitstorm learn about the kind of PII the good old GECOS field on Linux/UNIX carries...
And once people are over that the next shock waits for them! There's a file in /etc/ that contains a hash (i.e. a unique identifier!) of your most personal, private, secret data: your password. And linux systems even kinda insist on you on providing that on first install! Can you believe that?
@jane @freya agreed, this was basically the point i was trying to get to. parental controls in Linux are absolutely a good feature to have, and the GNOME community have earnt a lot of respect from me for implementing this functionality. The ability to impose restrictions on non-sudo users (particularly children) is NOT a restriction of freedoms, I'd argue it's the opposite.
Knowing you can give your kids a device running a FOSS OS while being able to ensure they aren't accessing software they shouldn't is a good thing, give them the freedom to enjoy tech without looking over their shoulder
I mentioned here here:
https://social.vlhl.dev/notice/B4PU0aMRZdCXV8QAJk
but tl:dr I believe that a child young enough to need parental controls should not be left alone unsupervised w/ an internet device, and that teenagers should have already learnt discretion and have built a trust relationship with their parents
in a good world then, parental controls would just be guardrails for the former, but in the world we live in, i fear how much abuse, well, abusive parents might cause on the latter by forcing parental controls on their devices
> what would you have them do? Would you rather every desktop environment had its own way to store this data??
I'd rather they, and everyone, waits longer
system76 is trying to get US politicians to open exceptions for foss, laws in multiple states are contradictory, and in brasil there's lots of people trying to change that law as they see how bad it is
codifying an api for it now feels so premature and somewhat dangerous, bc what if what they implement is then not allowed in some other state or country?
trauma mention
a trust relationship is exactly the thing i am arguing for, i'm not sure how much you dealt with actual parenting and supervising children.
you're arguing against a cptsd survior, i had very a abusive parents. the reality is that we as a foss community should enable healthy foss tools, because the stalkerware will get developed anyway due to money incentives. and it will not rely on any age bracket stuff we had as the primary usecase for stalkerware is stalking partners.
re: trauma mention
Is it virtue signalling though?
Can't it be plain frustration about the state and trend of the world in this matter?
Yes, it might be barking up the wrong tree.
But I think what many people are looking for is acknowledgement of that frustration, a feeling of being heard at least within *their* community. At least within libre FOSS.
How to respond to that is a choice.
re: trauma mention
@navi so your arguing against a specific implementation? memories while growing up are heavily skewed, that was a really though thing to learn for me while taking care of a kid for a year. there were even moments were it made sense to lie or heavily skew the truth, a thing i couldn't have imagined before.
re: trauma mention
so far the only thing people convinced me could be okay, is screen timeout timers
what i get worried is, for a teenager, making it easy to allowlist-only or blocklist websites and content types, and making it easy to track everything they do with their devices
sure, there is other ways of doings those things, but the easier those tools are to enable and use, the more i saw them get abused
@cas honestly, having this be trivially by passable sounds like a wholly desirable outcome
> how are the requirements of law different to
> the requirements of (for example) a security minded individual,
> or an enterprise customer?
It sounds like you are assuming that the law is always good, that the state (making laws) is always good. I think taking a look around the world today makes it pretty clear that this is not the case. The state can be really bad, laws can be really bad.
1/?
@cas implementing birth date in systemd now is showing everyone how this kind of control is technically practical and can be extended and enforced. It'an entirely new torment nexus being implemented right now.
Seeing no problem here is VERY short sighted.
This cant be good.
@cas I usually agree with a lot of your takes, and the ones I don't are usually very minor, but I cannot in good conscience agree with this. Complying in advance is never the proper reaction to any change that could be used to oppress people. Life is not a vacuum. The rise of fascism in the United States and its increasing influence in the rest of the world makes it obvious that these age restriction laws are only for controlling information. Compliance means giving in to fascism.
re: trauma mention
@navi you should be arguing against technology being sold as a substitution for teaching and parenting. of course big tech with its "ask me later" doesn't teach consent.
this is isn't a technological problem, this is a societal problem and tolerating abusive parents. not asking children in school what they face at home, how they are allowed to use technology. only since the year 2000 have children the right for nonviolent parenting in germany.
"The last thing we want is for users in certain regions to wind up relying on implementations maintained by distros or random individuals, if we need to have this crap the least we could ask is that it's maintained by established and trusted people in the open source community!"
I trust most random individuals more than I trust Poettering's slopcoded garbage. systemd is not a community project and it never has been.
That aside, the first rule of data security is: _never_ collect, store, relay or distribute any data you don't need to, especially when it's personal information.
Have a fun headache with GDPR if you don't fall back to dummy data.
@cas As far as I understood it, the administrator will still be able to claim whatever they want as birth dates of their users. And it is âonlyâ required that websites et al. react appropriately to what the system says is the age of the current user.
If that is the case, I'd consider that the definitely better idea of how parental controls could look like. Unfortunately, on this side of the pond, they seem to rather go in the direction of actually checking government IDs which _is_ a surveillance nightmare.
Anyway I think you kind of missed the point I was trying to make: I am not critical of the code change itself, what I am critical of is the way it was presented.
To clarify precisely what I mean, it's the first sentence in this PR: https://github.com/systemd/systemd/pull/40954 which says:
"Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc."
I don't like that framing of the code change.
2/3
@cas saying "as required by recent laws" indicates a mindset that "what we do here is to implement laws. States make laws, we implement them. That is what this software is about: compliance with laws."
And I think such a mindset goes against the idea of free software.
> I hope i don't just come across as contrarian
I appreciate your answer, and I'm sorry I only answered parts of it!
@f4grx i'm sorry but this is just FUD. GNOME lets you set a profile photo for your user account but we aren't getting up in arms about how any unsandboxed software could upload it and run facial recognition.
@justsoup on the one hand, i think id generally fully agree with you here, but in this case i struggle to see how things would be better if systemd/xdg refused to comply. I think it would be contrarian and shallow from an implementation perspective to refuse to store the users DoB in systemd's case, or for XDG to refuse to define a flatpak portal API to get the user's age bracket, both of these are fairly reasonable features were they not motivated by legislation.
i'm glad folks like Jeremy from system76 are pushing back harder against this, and from an individual level I'd agree that we should not comply, but from an OS/distribution perspective it feels like a pretty milquetoast response to just throw up your hands and say "Sorry, if you live in Cali we can't give you our software"...
@ki damn i thought i had escaped the systemd haters this time
you quoted me lol, did i say "community project"?
@pid_eins @cas UNIX wasn't installed on end-user computers, the same way end-user computers would be surprised that --delete-tmpfiles removes their homedir. i am impressed that systemd now realizes it's also used on people's laptops and not just containers but UNIX never had to deal with this because it was expensive and proprietary. least trustworthy thing i've ever read and i have no idea why cas feels the need to defend it at length. postmarketos marketing for a pos
@hipsterelectron i think i'm missing several layers of context to understand your point here tbh?? /gen
@pid_eins @cas if you read IBM and the Holocaust you learn people who provided false data to the nazi census were actually considered heroes https://en.wikipedia.org/wiki/Ren%C3%A9_Carmille
@cas
calling out AI slop and toxic practices isn't just "systemd hate," especially when it comes to supporting fascism
> "trusted people in the open source community"
if systemd isn't a community project in your opinion, then it's not about "people in the open source community" anyway. And it really isn't. Glad we're on the same page regarding this point.
The history of social progress has shown us that progress never happens by complying with authoritarian laws in advance, quite the contrary. It has always been by resisting as a unified group against authoritarianism. Systemd isn't going for social progress, it's a tool for developing capitalist commercial solutions. They get criticisms primarily because of that, and complying to these laws is inline. They're not a friend in this situation so them doing shit is absolutely unsurprising
You don't need age verification to do parental control. You need guardians acting as actual guardians, educate themselves on what taking care of human beings is. Once again the children are not an excuse for adults' laziness
@rakoo i agree that systemd is pretty entrenched in capitalism, and i very much agree that complying in advance is super not great.
Where I struggle is with the prescriptive language that systemd or freedesktop shouldn't comply with these laws. This can only harm distros who are then forced to deal with the situation themselves and then what? Now they have to face the backlash based on their explicit decision to comply or not.
Linux distros refusing to comply would carry significantly more weight imho, and I'd advocate for pressuring Ubuntu, Fedora, Suse etc to refuse and make some noise about this. I just can't say the same for the much more legally and financially precarious distros out there
in the replies i expand a bit more on my point that systemd/xdg refusing to comply would more or less force distros to do the work themselves (potentially to a worse standard) or refuse, and in either case have to face the blowback themselves. While we can and should criticise industry backed distros if they blatantly disregard the interests of their users, particularly when they have the power to push back against legislation like this.
However it seems absurd to me to expect small community driven projects to navigate this legislation themselves or have to take the heat for taking steps to protect the livelihoods of their maintainers by complying with this legislation, something they would have to expend more effort in doing if the projects they are built on (systemd, flatpak, GNOME, KDE) took the high road and refused to comply.
I think there is a pretty huge lack of understanding by a lot of even highly technical Linux users when it comes to how the software supply chain of their distro actually works.
Very relevant example:
Note that the only software that face a backlash are those that comply with authoritarianism, not the others.
yep, that's why all distros, all kernels, all the bits that are concerned need to get together as one voice on this issue. The group takes care of the individuals. Now that systemd has complied, the ones that don't use it will bear all the pressure. And the ones that do use it won't go against systemd's decision because they still are alone.
If anything systemd has become a spof that allows this kind of things to happen
@rakoo I agree with your suggestions but i still feel like your analysis isn't fully grounded here. Pushing back is good, coming together to do so is amazing, but it's also not mutually exclusive with ensuring that distro maintainers don't get caught in the net and fined
i expanded a bit more here, id also suggest giving Danieles post I linked to a read
@cas I still think #SystemD should refuse to comply and I will certainly #RefuseToComply with @OS1337 as a matter of principle!
Because #Cyberfascism is bad!
@cas so basically:
"well, if we're going to slide into fascism and real-id laws, might as well make it user-friendly!"
nope, nope nope nope. Fight this shit every step of the way. Couldn't disagree more strongly with every single thing you've said.
Principles matter, my man. Sometimes they don't make sense, they don't fit in nicely with how an ideal world should be, sometimes they make things more difficult. That's the nature of boycotts, of refusal, of being led by your heart and not by your brain sometimes.
@ret yes fight this shit at every turn, but don't get mad at distros (particularly small and community driven ones) for not wanting to risk not complying. maintainers didn't sign up to risk their livelihoods against fascism and we shouldn't expect them to take on this liability
@cas nobody compelled systemd to do this. Some commenters on the original PR made that much clear.
Nothing/nobody compelled systemd to do this. It was a choice to make this easier for others. Greasing the wheels of this awful concept.
Compelled speech is also illegal in most places. Prohibited by the ECHR & U.S. Constitution. In the U.S., code is also speech.
@ret genuinely curious, if not this then how would you have distros like Debian or small ones like ElementaryOS handle this, assuming the law goes into effect and makes them ultimately responsible for complying with it?
by all means critique how systemd went about this i guess, but at the end of the day if the bar for distro maintainers is to risk fines or quit then are we not just letting the fascists win?
I just don't think implementation is the right platform to fight this issue, we need lobbying and political pressure
@cas this is open source, we're never going to have a billion dollar lobby or enough political pressure to change this stuff. But we can fight. If you live in the U.S., in California, and you are the main maintainer of a distro, then you have a decision to make about how to proceed. That's it. Anything beyond that, especially actions by European residents supporting this crap is purely proactive compliance with a law that doesn't affect them at all.
@cas
| Would you rather every desktop environment had its own way to store this data??
Uh, yes? Uniform implementation makes future grabs easier to conceive and therefore more likely.
As engineers, we all like nice, uniform solutions. Why? Easier to build on top of. Which in this case is something virtually no one wants.
@cas the fud is on your part. Having this info available is just the first step. Laws mandating its value in http headers prior to accessing data is next.
@cas you nailed it in the last sentence when you said "if we need to have the crap" We don't need this crap and embedding it in the cancer that is systemd makes it even harder to cut out.
But hey, you do you. Bend the knee to whomever you like.
I tried to make a new issue to ask about what steps they'd take to cover their asses when lawsuits start flying... and it was simply deleted. Not closed or answered, just ripped out.
A point that seems to go missing is that age verification is only effective when it's done at 'Point of Sale'. There is no reasonable way to enforce it without absolute and granular distinctions on a case by case basis.
It does not now, or at any point in time, belong at entry points like the OS itself.
@cas imo the conflict is that Facebook lobbied like crazy to pass the hot potato further down the stack. They serve (target) the bad content, they are to be held liable and they don't want to deal with the complication - "it's not us, the OS should verify the age of the user!"
When you look at it from this angle, yeap, compliance with an overreach is not what comes to mind.
@cas
My take on the age verification is that it is better we (like in the Linux community) have some control over how it is done then putting it in the hands of Apple and Google and bind it to iPhones and commercial android.
I as a user can always block or remove the software, or replace it with something where I can acknowledge any requests so I know who is asking and who is going to know (like iOS does with cross app information).
@pid_eins
What is your point, Lennart, if I may ask? I'm right now unable to grasp through the thick layers of irony here.
You mention a shitstorm and indirectly hint that cas could have, independent of willingness, become part of it.
What is the larger discourse that I am missing, despite PII, age verification and verified computing questions?
@cas
@pid_eins Bruh. Reconsider this thread. Itâs an outburst of hyperbole. It misrepresents privacy advocacy, and tbh is not clever.
@pid_eins most people arent entering any sort of information to be picked up in the GECOS field.
It's a serious concern, i understand theres alot of hurt going around, and that this cant be stopped within the bounds of linux when the state employs violence, but individuals are just that, not linux bound, and can pass into political life.. And ig people probably do think that centralised structures like systemd would have the most sway. And are probably hoping for a plan from such a centraliser.
@vepr_jako_pepr yeah, precisely, but why would you fill the birth date field then if you don't fill the gecos field either?
You know, the PR we merged only adds a field where the birthday *could* be stored, if you supply it. But that's entirely optional, and you have to go out of your way to provide it actually...
@cas tbh this whole thing is just reactionary ragebait.
@cas@treehouse.systems And if I want to run a desktop environment on a system that uses openrc? Will that not work now because the DE depends on systemd for age verification?
Fuck no, systemd should not add that, this is a wild take. Next up we'll have systemd-mousecursord so that not every DE has to draw the mouse cursor because that would be messy. :/
@kbruen systemd added a birthDate field to their userdb lol, this isn't implemented at the level your seem to think it is.
GNOME already hard depends on systemd for their newest releases, one of the GNOME devs published a nice blog post explaining exactly what functionality is needed which is missing from openrc/elogind.
At the end of the day, systemd provides a whole lot of pretty important functionality for a production system, I would be over the moon if we actually got alternative implementations with API compatibility but nobody seems to actually want to put the work in.
We announced that postmarketOS was switching to systemd by default over a year ago and laid out in intricate detail what we needed for openrc to be up to par and invited those who wanted alternatives to implement this stuff, so far very little progress has been made...
in the meantime elogind continues to get more and more broken :/
actually i wonder if systemd would be interested in providing a KMS console so we can finally get rid of CONFIG_VT and fbdev heh (kmscon is making good strides though)
If you introduce a birthdate field without the background of age verification laws no one would bat an eye.
People are mad because this is complying with laws they believe should not be complied with. By introducing the field right now, in a PR specifically mentioning the age verification laws you are making a political statement.
The privacy angle is not something people care about as far as I can see and I think it's disingenuous to act like that's the main concern.
âIs it really so bad that oven makers enlarge their ovens to 40 pounds? There ARE other uses beyond cooking children, after all.â
Donât look for Modest Proposals of tech shifts that enable Swift shifts into being abused. âWhy not add the DOB fieldâ plus âmight as well use itâ is a dystopic result from an innocent pair.
@freya @cas fuck, the worst part of getting old is encountering Adults that are passionate about internet ethics but are too young for Risks and cypherpunk listserv/ digests to have infused their thinking.
(Edited to add https://smolhaj.social/@jane, whose comments hint they really really need a deep dive into cultures that discuss WhatMightGoWrong. )
@InkomTech ok i'll try to clarify, since i don't think your quite understand my position....
THESIS: I am fundamentally ideologically opposed to legislating age verification into operating systems, for all the obvious fucked up dystopian outcomes that inevitably leads to. Maybe I should have put that in all caps or something because people really seem to want to misrepresent my position.
ANTITHESIS: Should age verification legislation get passed, we should not throw our distro maintainers and middleware implementers under the bus by getting mad at them for following the law (i mean unless they come out and say they actually think the legislation is good, in that case fuck em).
SYNTHESIS: we can oppose age verification laws without going after implementers for trying to avoid exposing themselves to fines. it's a rock and a hard place for distro devs and im kinda shocked that people seem to unwilling to acknowledge that reality.
Thanks for the condescending comments (and extremely weird call out of Jane??), i hope your irc buddies got a kick out of it(???)
i predict you either don't respond or hit me with an ad hominem, prove me wrong!
> I would be over the moon if we actually got alternative implementations with API compatibility but nobody seems to actually want to put the work in.
https://git.pinkro.se/Rose/gardenhouse/gardenerdb.git/ > userdb
https://git.pinkro.se/Rose/gardenhouse/gardenlock.git/ > tpm2 tools
https://git.pinkro.se/Rose/gardenhouse/seedfiles.git/ > tmpfiles
https://git.pinkro.se/Rose/gardenhouse/stem.git/ > ukify
https://git.pinkro.se/Rose/gardenhouse/sysext.git/
https://git.pinkro.se/Rose/gardenhouse/sysupdate.git/
https://git.pinkro.se/Rose/gardenhouse/sysuserd.git/
( @rose is awesome)
my problem with systemd APIs is that they're awful
i am working on a session manager, and power manager, that then combined with seatd, can provide the last bits missing from logind
then rose will make a login1 shim that uses all 3 (i were gonna do it but dbus is pain so i'm glad she's cool with doing it)
> but systemd or XDG standing on "principle" and refusing to implement this API is absolutely not going to lead to better outcomes for anyone
enough backlash has certainly made laws change or go away, so this is really not an argument to make.
@ilja developers can get mad and throw shit while also implementing the stupid feature, the reasons to do both seem pretty justified unless (as i've said many times in this thread) we think distro maintainers who may be in a precarious financial situation already should expose themselves to the risk of a fine because that would fit your ideology better
- replies
- 0
- announces
- 0
- likes
- 0
@cas Maintaining this would be a clear signal that you are to be distrusted.
C'mon, how hard is it to show even the *smallest* bit of resistance to fascism?
@harmoniousanger please see my second post in this thread
im just advocating for harm reduction not fucking furthering the aims of fascism
@be @cas People should seriously research who Hannah Arendt was, what her concept of the Banality of Evil means, and what she had to say about the Nazi Adolf Eichmann.
Eichmann ensured that all the trains were always on time that transported the Jews and other people to be exterminated to Auschwitz. He ensured that everything train-related went as smoothly as possible. Even though he knew what would happen to the Jews in Auschwitz.
As programmers we want to be proud of the code we write. But if the intentions of the powers that govern us are clearly nefarious, we don't have to give our 100% or write the cleanest, most beautiful code we can.
@cas you sprinted to an objectionable synthesis. Jurisdictionally, disregard distant places with unreasonable laws. Challenge on basis of undefined defendant when an amalgam of FOSS code with countless contributors across countless jurisdictions LACKS a function. Demand judicial clarification on the premise. Seek contradictory mandates in sympathetic jurisdictions. Raise the challenge, dammit.
Condescension implies false sense of a high ground. Iâm saying weâve spent decades on these issues; donât undo that by sprinting to a concession.