Rendered at 19:32:02 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
baldrunner2049 31 minutes ago [-]
I just don't get it,
if this is of such great importance for whatever, why isn't planted in bios/uefi? why not work with the hardware providers instead of trashing entire open source communities?
this just smells like something else entirely.
ameixaseca 2 days ago [-]
From the pull request:
> Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc.
The Brazilian law does NOT require this. This is a misconception, and likely based on an understanding of California's law being extrapolated to the Brazilian law.
They are almost complete opposites.
The Brazilian law (Lei 15.211/2025) puts the burden of age verification on *providers* of web platforms, app stores, or dumb terminals. Not on operational systems.
It also mentions "reasonable measurements" - which vary according to the type of content, platform, etc - and which are much less strict that anything written in California's or UK's laws regarding the same subject. It is far more based on individual risk assessment and purpose of the platforms themselves.
In all fairness, the Brazilian law is the most friendly to open source and the status quo. Even though I'm also worried about the long term results of this legislation, I'm somewhat relieved by the way it turned out.
bitwize 2 days ago [-]
I'm not sure how you would translate sistemas operacionais de terminais which is covered by the law, but to me it reads "terminal operating systems". If a terminal has its own OS, it is probably not "dumb" in any meaningful sense, and no one really uses terminals anyway except for retro enthusiasts. Even people still using, like, VM/MVS on a mainframe are connecting via a PC running a 3270 emulator.
Lei № 12.965 (2014) defines a terminal (which applies in Lei 15.211) as any internet-connected computer or device.
cauefcr 11 hours ago [-]
I read it as end user OS.
miohtama 2 days ago [-]
This should be the time for open-source developers to use their common sense to decide whether we should push back.
If California wants to create its own Protect the children operating system, it should bear the cost and responsibility for this alone, and not export any of the sketchy political agenda to the wider open source community.
bitwize 2 days ago [-]
It's the law. If you live in the United States, and a minor in California uses your OS that didn't check age, you could be liable for up to $2500 per occurrence. That can add up quickly if California schoolkids discover your OS does an end run around the law. When ruin is the alternative, compliance becomes non-negotiable.
iamnothere 2 days ago [-]
Many distros disagree and are not complying. It’s very likely that this (and all similar bills) will be overturned after legal challenges. Noncommercial projects especially have a strong 1A case and we have already beaten one of these bills. Keep fighting.
aleph_minus_one 2 days ago [-]
> It's the law
"There is no justice in following unjust laws." - Aaron Swartz (Guerilla Open Access Manifesto)
miohtama 2 days ago [-]
Nobody in their right mind can explain how locking down operating systems will protect children. It does not make sense. This is just another way to sneak in more mass surveillance and kill anonymous online presence, with most ridiculous excuses.
nvme0n1p1 2 days ago [-]
California laws apply to people living in California. Not the whole country.
gasull 2 days ago [-]
Let alone the world.
calvinmorrison 2 days ago [-]
At some point you have to pick a jurisdiction. It's impossible to support all jurisdictions laws as a company, much less as a FOSS project.
josefritzishere 2 days ago [-]
California can't govern outside California. Other states have discovered the legal limits of their soverignty quite recently. But it certainly argues against hosting in CA and furthermore, consulting an attorney.
bitwize 2 days ago [-]
If you have a connection to California, you can be sued in their courts. I don't know whether providing (not selling, that certainly counts) an OS to California residents from outside California counts as a connection, that's something you need to review with your legal team. One thing is certain though: you need legal counsel to do OS dev; the Terry Davis era has come to a close.
miohtama 2 days ago [-]
Then let Californians do their dirty work. They have no place in the broader open-source community or in the rest of the world. Nobody should care about them, except now about caring about blocking them.
The owner of the computer should decide what the computer does.
California is a soon failed bankrupted US state, and no one outside its borders cares what's going on there. Companies are leaving, people are leaving. Let them sink to the ocean with their idiotic laws.
wpm 2 days ago [-]
Except systemd isn't an OS. xdg-desktop-portal is not an OS. None of these projects need to flop over and acquiesce to this overreach.
surajrmal 1 days ago [-]
This is optional functionality which a subset of their important customers want. You will continue to have options that do not make use of this feature.
As someone with children, I see benefits in how age verification will help me manage my kids relationship with technology. Even if it was not the law, I would choose products with support. The point of open source is to allow for both options.
monksy 1 days ago [-]
Linux and OSS has customers?
egorfine 1 days ago [-]
Gasing the Jews was the law as well.
surajrmal 1 days ago [-]
The two couldn't be more unrelated. The idea that age verification in an OS is bad is a niche position by a select few. You don't hear dissenting views on hackernews because the majority here belong to that group and going against the grain is down voted. On the other hand, you're comparing it to killing humans. Making everything into a moral dilemma cheapens the argument. Just because you disagree with the law doesn't give you moral high ground to ignore it. I think cookie consent questions are terrible but I'd not dream of not adding one if compelled by law
egorfine 1 days ago [-]
This is an argument that the law sometimes is clearly in the wrong.
> The idea that age verification in an OS is bad is a niche position by a select few
I am pretty sure that's not true.
LiEnby 11 hours ago [-]
just because the state called their demands and threats a 'law' doesn't give them a "moral high ground" to force everyone to comply with their demands.
cluckindan 22 hours ago [-]
What if the OS had a mandatory ethnicity check?
Let’s ask IBM.
JellyYelly 2 days ago [-]
I don't mean to come across as a snob, or anything like that, but I find this PR really odd.
It's the authors first time contributing to this repo and it the feedback on the PR that was addressed is really odd, like some of it is super basic stuff, even if you're not familiar with the code base or the language.
Just an all round weird vibe.
mock-possum 2 days ago [-]
> “The clang-tidy test failures appear to be pre-existing and don't seem to be related to my code”
I’ve seen Claude reproduce nearly identical comments, wonder if that’s a couidence
rleigh 2 days ago [-]
Likely. Whenever I see that it usually means it itself created the test failures but won't admit to it!
egorfine 1 days ago [-]
Given that:
* LP had zero objections to merging this commit into systemd [1];
* Amutable CEO is confident they have a very robust path to revenue [2];
* It is Facebook that pushes age verification laws all around the world;
I sense that his new startup is exactly what we are afraid of: a way to prevent reverting of these patch and then actually enforce the upcoming mandatory KYC to use the computer.
It's incredibly useful for adtech if all apps on Linux can access the user birthdate.
Surely this is a total coincidence.
egorfine 1 days ago [-]
I wonder who this https://github.com/dylanmtaylor guy is. Comes out of the blue and posts PRs into lots of open source repositories for this feature that should repulse every self-respecting human being.
And not only that, but he engages in communication with people in tickets and ignores all constructive criticism.
monksy 1 days ago [-]
The author is not from the places where he claims that these are laws. The Californian law is not in effect.
Dylan M. Taylor's GH profile claims that he's from Durham, NC (which does not have this law). He also references to a draft to xdg-desktop-portal which has not been accepted. (Add parental controls to the Accounts portal: https://github.com/flatpak/xdg-desktop-portal/pull/1922)
I'm asking:
- What is this guy's personal interest in pushing this through? (It seems non-neccessary and is questionable at what the end goal)
- Who's political agenda is he sponsoring for this?
- Is he getting financially incentivized to do this?
curt15 20 hours ago [-]
In fact, he is trying to pave the road for these "age verification" laws in multiple projects:
> This is honestly some of the dumbest false equivalence I've ever read. Entering a birth date (that doesn't even have a check for truthfulness) during account setup when the system is first installed equals returning escaped slaves or turning in jews? I'm actually baffled by this comparison. And no, I don't particularly care about North Korean laws.
dirtikiti 2 days ago [-]
"protecting" children by providing specific ages to data harvesters.
as per usual, liberal policy doing the exact opposite thing they claim it does.
tylerritchie 2 days ago [-]
for the california legislation there were no "nay" votes. it's disapointing this performatively protective stance permeates both dominant right-of-global-center parties in America, but it is "all of them"
wpm 2 days ago [-]
Well yeah: Meta wrote the bill, Meta greases palms in their home state, Meta gets their bill unanimously passed.
lyu07282 2 days ago [-]
Pretty much the same laws in red and blue states yeah. It always gets confusing when Americans use the word liberal, everyone is a liberal, it never meant *your* liberty.
1 days ago [-]
burnt-resistor 2 days ago [-]
It's not a liberal policy, it's an illiberal one bending the knee to feudal techbros.
enoint 2 days ago [-]
It's quite conservative. Liberalism means I can use my device with no laws in between.
kmijyiyxfbklao 2 days ago [-]
Not conservative (there's nothing traditional about this) or liberal, just surveillance authoritarianism.
LiEnby 11 hours ago [-]
> surveillance authoritarianism.
last i checked thats what their so called "traditional values" and "conservatism" were actually.
enoint 2 days ago [-]
In the past, children were not allowed their own phone. To be particularly cautious, smartphones have not proven a net good; and we're 20 years in.
calvinmorrison 2 days ago [-]
This should fit lennarts hubris well.
This developer should be blacklisted from all open source projects, permanently.
jprjr_ 2 days ago [-]
I cannot express how disappointed I am to see open source projects giving in to complying with age attestation laws.
I feel like complying really undermines any first amendment arguments. Software is a first amendment protected form of expression, giving in before getting any actual threats from the state makes your participation seem voluntary.
Systemd's participation puts the entire world into compliance with a California law
iamnothere 2 days ago [-]
BSDs don’t use SystemD, neither do some distros. After they have been exposed here as collaborators I suspect we will see freedom-respecting distros move away from them. I myself have been neutral to weakly positive on SystemD until now, as they put forward some decent solutions to longstanding problems, but from now on I intend to stop using their software entirely.
As it turns out, the people who warned against “professionalizing” and corporatizing Linux were correct.
burnt-resistor 2 days ago [-]
Just to be clear and specific, formal engineering processes and corporate selling out are two orthogonal properties that should never be conflated. Stuff millions of people use shouldn't be slapped together as a "hobby" without careful testing and change control processes. It also should get sufficient (crowd)funding so it can get the attention it deserves.
wolvoleo 1 days ago [-]
I disagree, I would much rather see my OS made by hobbyists like myself with the same goals as myself rather than big tech who definitely don't have the same goals and values.
It's one of the reasons I use BSD on my main machine. I think Linux has been infiltrated by big tech way too much.
bitwize 2 days ago [-]
No one actually complained about Linux becoming more "professional" in terms of meeting high engineering standards. Just about corporate control over the process. There was a study that found code with more F-bombs in the comments were actually more professional according to the engineering standard, in response to complaints from suits that swearwords in the code meant that Linux couldn't be taken seriously as professional software.
egorfine 1 days ago [-]
Given the LP history I am not surprised.
zeratax 2 days ago [-]
this is not attestation though? it's just parental controls, no?
burnt-resistor 2 days ago [-]
Techbros gonna techbro... bending the knee to fascists and privacy traitors. The next law will groom something else and eventually it will be tech requiring digital identification and approval to use the internet.
Ekaros 1 days ago [-]
They are the fascist. They are the private companies getting in cahoots with the state for their own gains. It was always about money and thus power for them. Never about freedom.
burnt-resistor 1 days ago [-]
The rich have gravitated that way throughout history, from Marcus Licinius Crassus to the Business Plot to Citizens United. Greedy people gaining power to advance their greed no matter the consequences and suffering of others has and will always be a problem because it's an incurable flaw of human nature that must be regulated. The separation between church and state and wealth is required for the maintenance of individual freedom.
It's scary how much global surveillance is closing in to become a reality with states passing these lesgilations, in the name of "protecting children", but it just serves to collect citizent personal data...
And now they are creeping into open source projects too. What once was thought as the bastion of absolute freedom from the state
aleph_minus_one 2 days ago [-]
> and now it's creeping into open source projects too. What once was thought as the bastion of absolute freedom from the state
It is indeed scary is how compliant the open-source projects have become to the "governmental overlords". Where has the hacker spirit gone?
monksy 1 days ago [-]
In my previous comment here.. I do question what's this guys motivation to do this. It's incredibly suspicious and I question the guys motives.
sazz 1 days ago [-]
The hope that humanity has learned something from wasting its time clicking away completely useless cookie pop-ups on websites has probably died once and for all.
mzajc 2 days ago [-]
Tangentially related, but does anyone know what Poettering's "cryptographically verifiable integrity" endeavor[0] is about yet?
It's about making sure you can't bypass systems like this-- or rather, that when you use your rights under the GPL to remove this privacy invading crud or just otherwise modify your software you'll be broadly banned from interacting with third party services.
Trusted is such a misnomer. I would trust my computer a lot less if it would answer to them.
egorfine 1 days ago [-]
Given that:
* LP had zero objections to merging this commit into systemd [1];
* Amutable CEO is confident they have a very robust path to revenue [2];
* It is Facebook that pushes age verification laws all around the world;
I sense that his new startup is exactly what we are afraid of: a way to prevent reverting of these patch and then actually enforce the upcoming mandatory KYC to use the computer.
What other benefit is there to remote attestation? Because their "verification" stamp is just that. It's certainly not got any benefit for the user.
egorfine 1 days ago [-]
> What other benefit is there to remote attestation?
There certainly are benefits and they are huge. Like, I can make sure my servers are untampered, I would love that.
Problem is, that technology, once unveiled, will be inevitably used for surveillance. Like, online KYC required to use a computer and you cannot patch this shit out because your Linux build is attested and no banking or government website will let you log in unless remote attestation passes.
Sort of like what they do on Android devices.
wolvoleo 1 days ago [-]
> There certainly are benefits and they are huge. Like, I can make sure my servers are untampered, I would love that.
But who decides what is untampered and can you still modify stuff yourself. I don't want my servers to be immutable for example. And only be 'allowed' to do what the vendor wants me to.
But anyway, that is not really remote attestation. That is local attestation because you can see it on your own server. It's only remote if it attests to someone else.
And yes exactly, the second point is exactly why I hate remote attestation so much. Hope we can hack around it for a while but eventually they will stick that stuff in hardware, I'm sure. That will make it a lot harder.
egorfine 1 days ago [-]
> eventually they will stick that stuff in hardware, I'm sure
That's the endgame, totally.
rcxdude 2 days ago [-]
Probably what it says on the tin, TBH. If you hold the keys, it can strengthen security a lot.
fdghrtbrt 1 days ago [-]
Could someone clarify for a linux newbie like me... In practical terms, what does this mean? I'm on Debian so presumably Debian will eventually pick this update, and then what? When I upgrade my system I'll get a prompt asking for my date of birth?
t312227 1 days ago [-]
hello,
as always: imho. (!)
idk the exact procedure which will apply to enter the birth-date on such a system, but if other comments are correct: just enter what you want!
there will be no real possibility to tie this to anything "legal" / to "enforce" any "official" check of lets say your passport or other governmental id.
and if in my personal opinion (!) the pretty crazy guy behind the systemd-project tries to introduce/enforce such a thing ...
then i think it'll be time to either fork the project or look at systemd-free linux distributions like devuan ~ a systemd-free fork of debian :)
Interesting solution and I really expected systemd would be were this age validation would be placed if distros what it.
But if this becomes a thing in Linux for the distro I use (doubtful), I will abandon Linux after 30+ years.
I am rather confident OpenBSD will ignore this law and I expect other BSDs will to. If not, back to DOS :)
Note, I have a BSD on a coupld of old laptops for testing reasons. I test what I write in the BSDs to help find issues, that works well.
coldacid 2 days ago [-]
You can always use a distro that doesn't use systemd or roll your own. Sure you lose the GNOME desktop environment, but if you ask me that's a net positive.
herewulf 1 days ago [-]
I have been successfully using the GNOME desktop environment for years on Guix System which uses Shepherd as its init. KDE is an option too.
Other, more traditional distros are out there that work fine with GNOME, etc with no problems.
jmclnx 2 days ago [-]
I agree, but this could be an issue with all distros based in the US. From my reading of these laws, I think the CA or NY or IL law could easily morph into a US National Law. So all US based distros may need to do something.
I saw an article that supporting these laws could cost a distro maintainer up to 10000 USD per year. Sadly I lost the link, but the article made a lot of sense to me. So, many small distos cannot afford even 1000/year, I think this law could kill almost all small Linux distros. That will probably leave only RHEL, SUSE and Ubuntu, maybe Debian, but they would need funds donated to them from Ubuntu.
If the distro is in another country like OpenBSD, they could just ignore the law(s). That of course assumes the "other" country does not replicate what is happening in the US.
Right now I am hoping these laws are declared unconstitutional, but to be honest, with support by companies like meta and twitter, I expect we will see a national law sometime in 2027.
So in the US, we could be looking at locked down OS, unless you want to break "the law".
iamnothere 2 days ago [-]
I also recommend looking into Radicle, which can be used to develop git-based projects (including issues etc) in a distributed manner. It even works over Tor. In the future development of truly free software may become more risky.
zoobab 2 days ago [-]
Instead of protesting, large corporations decided to ploy.
They cannot loose markets, like California or Brazil.
bravetraveler 2 days ago [-]
Where can I drop a file to always return 1969
chainingsolid 2 days ago [-]
I was thinking 1984, or if I can return a float, NaN.
bravetraveler 2 days ago [-]
Sure, not picky. A symlink to /dev/null for "I'm a grown-up/own this device" would be acceptable. Assumed one would put whatever value they wanted in the INI file :)
renewiltord 2 days ago [-]
It’s admin settable. So just sudo homectl it. You are presumably admin.
strideashort 24 hours ago [-]
Today it is.
A few years down the road it might not be.
In late 90s we would have laughed if somebody proposed this was going to be a thing, let alone that linux community will just go with it. Heck, I would not have believed systemd was going to happen.
And yet, here we are.
renewiltord 18 hours ago [-]
It’s open source. You can always just keep the field.
bravetraveler 2 days ago [-]
That's beside my 'point', but fine. I'm deliberately conflating things for humor, sorry it missed. I'll get serious/stop joking around. I have no interest in administrating this. Especially on a per-user basis (despite that being the only way this 'works', I'm generally opposed). I'd prefer a file to drop in /etc... like one would express preferences over, say, /usr.
It's entirely optional, I get that. I could 'just' not set anything. Spare your fingers. I want to poison it [or loudly opt out] without a lot of effort. This includes running N commands when a file to could effectively disable the signal.
Said differently: I don't want to configure the portal, I want to ~~break~~ mask it.
NekkoDroid 2 days ago [-]
> Said differently: I don't want to configure the portal, I want to ~~break~~ mask it.
Since this is sd-userdbd we are talking about unless the used backend provides the value it is unset by default. And if you manage your home directory using sd-homed unless you explicitly set it it is also unset by default.
bravetraveler 2 days ago [-]
I am aware, I kind of want a louder signal than doing nothing [which is a great option, I admit]. I quote myself:
> It's entirely optional, I get that. I could 'just' not set anything.
Why? Telemetry, mainly. I'd rather attestation [or whatever intends to use this] fail and make it apparently deliberate.
NekkoDroid 2 days ago [-]
Well, to get something to fail you need an implementation that can fail. And since nothing is using this so far there is nothing you can get to fail. In the end something that implements the actual communication would end up probably defaulting to "under 13" or whatever if it somehow fails to retrieve any value (or maybe not, who knows), so I wouldn't realistically see even without this, getting the attestation to "break" would end up unlikely.
bravetraveler 2 days ago [-]
Hypotheticals are truly exhausting! I had a wall of text and chopped most of it off. This started out as a joke and now it's dead, thanks.
The failure/assumption of under-13 or whatever, as a result of manipulation, is fine. I'm not actually trying to solution something though, jeez.
I find it more compelling to say, for instance, "x% of our users have chosen not to share their information"... rather than "y% have not set it". This category would almost surely be about as 'useful' (useless) as the 'do not track' header... and a concern for something other than systemd or even the portal (to a degree).
herewulf 1 days ago [-]
I think the loudest way you can protest is to use and support distros that do not have systemd. There are lots to choose from in 2026.
1 days ago [-]
SAI_Peregrinus 2 days ago [-]
Stick a service unit in `/etc/systemd/system/` that is a oneshot type with `WantedBy=multi-user.target`, and which runs the appropriate homectl command for each user listed in /etc/passwd (likely just in a shell script).
aleph_minus_one 2 days ago [-]
> Where can I drop a file to always return 1969
I am out of the loop: what is so special about 1969 concerning age verification?
bravetraveler 2 days ago [-]
I doubt I can do the observation justice, my mind went there thinking 'a moment before the Unix Epoch' and the more... well-traveled meme: 'haha funny number [dropping the leading 19]'. Any number would've worked just as well, it's not significant. I really just wanted to express my participation in this, if at all, likely won't be in good faith.
That said... an option for 'I could have declared an age/birth date but chose not to' seems preferable. I was talking about poisoning but this could be more productive. Any attestation would reasonably fail, sure, but it sends a potentially-meaningful signal [to someone].
aleph_minus_one 2 days ago [-]
> 'a moment before the Unix Epoch'
OK, "I am so old that already lived before the UNIX epoch even started" (or a year which breaks systems that cannot handle times before the UNIX epoch) sounds plausible. :-)
bravetraveler 2 days ago [-]
Fairly context dependent, however :) This attestation/verification topic (and 1969, presumably) keeps appearing in places where I doubt The Epoch is relevant!
t312227 1 days ago [-]
hello,
i'm always a fan of 1-JAN-1970
[eg. the "birth" of UNIX-like OSes unix-timestamp eg. "0" ;]
or
date -d @0
cheers
a..z
petee 2 days ago [-]
I had to check the date; is not April yet
btbuildem 1 days ago [-]
This is a dangerous precedent, and should be nipped in the bud, squashed, blended, spat on and flushed.
Acquiescing to (however veiled and excused) authoritarian overreach is not the way forward. The correct attitude towards this "Think of the Children but Really Think of the Advertisers' Profits" initiative is to let California (and other proponents) to figure out how they can do business without Linux or any other software that depends on it.
OSS is a bastion of freedom -- real freedom, freedom FROM, not American Freedom (freedom to abuse and exploit others). We must defend it. DO NOT COMPLY.
nazgulsenpai 2 days ago [-]
Will unincorporated distros who don't comply be illegal to use in the areas passing these laws? This isn't "obscenity" -- isn't there a first amendment argument for these projects?
Bernstein v. United States set a precedent that has not yet been overturned.
nazgulsenpai 2 days ago [-]
Thanks that's encouraging
anotherhadi 2 days ago [-]
Pretty good implementation imo
Spivak 2 days ago [-]
Yeah, it's the most basic thing you could do that's not intrusive to the rest of the system. userdb is a local directory and most directories, like LDAP, have a DoB field. Even if these laws fizzle out the change would still be potentially useful for other things like parental controls apps.
wannabe_loser 15 hours ago [-]
SystemD has been overreaching
noobermin 2 days ago [-]
The context is that this is in response to California in the US potentially passing a law that requires age verification on the operating system level.
Meta gives money to the Heritage Foundation? Wild.
iAMkenough 1 days ago [-]
That's not how I read this:
> Meta spent a record $26.3 million on federal lobbying in 2025, deployed 86+ lobbyists across 45 states, and covertly funded a group called the Digital Childhood Alliance (DCA) to advocate for the App Store Accountability Act (ASAA). But the operation extends beyond Meta.
> The Heritage Foundation funds three of six named DCA coalition organizations, staffs the advocacy pipeline from Capitol Hill to state legislatures, and has merged leadership with another coalition member.
zeratax 2 days ago [-]
there is no verification happening though
iamnothere 2 days ago [-]
There is in New York, Brazil, and probably other places too. Attestation is a foot in the door and will become verification when it is shown to be ineffective. And unless the law is defeated, it will provide precedent for further legislative intrusion into personal computing.
egorfine 1 days ago [-]
First they have to build infrastructure for the future mandatory KYC. So, age field comes first, then comes new Poettering startup to deny you modifications of your Linux, and finally you are not allowed to use a computer unless you present your ID.
treesknees 2 days ago [-]
Because systemd isn’t an operating system. It’s just providing a mechanism for the OS to store/lookup the user’s birthday. It’s up to individual distros to do the verification (should the law stand and OS vendors choose to comply)
curt15 1 days ago [-]
It boggles the mind how so eagerly open source projects are trying to pave the way for these laws.
wolvoleo 1 days ago [-]
True but I'm very much opposed to building the underpinnings for this stuff. If you build it they will use it.
wolvoleo 1 days ago [-]
Besides, my OS has no business knowing my date of birth whatsoever. All it should know is the account name I gave it which of course doesn't have to match my real name.
acuozzo 2 days ago [-]
How would this work for multiuser accounts? Mu kids all share the same account on the family computer.
icar 2 days ago [-]
Having this in userdb is not bad per se. We already have a bunch of PII in there.
stuaxo 2 days ago [-]
I like the analogy of data as oil: polluting when it gets out.
I'd like to severely limit the amount of PII on the system.
> Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc.
The Brazilian law does NOT require this. This is a misconception, and likely based on an understanding of California's law being extrapolated to the Brazilian law.
They are almost complete opposites.
The Brazilian law (Lei 15.211/2025) puts the burden of age verification on *providers* of web platforms, app stores, or dumb terminals. Not on operational systems.
It also mentions "reasonable measurements" - which vary according to the type of content, platform, etc - and which are much less strict that anything written in California's or UK's laws regarding the same subject. It is far more based on individual risk assessment and purpose of the platforms themselves.
In all fairness, the Brazilian law is the most friendly to open source and the status quo. Even though I'm also worried about the long term results of this legislation, I'm somewhat relieved by the way it turned out.
Lei № 12.965 (2014) defines a terminal (which applies in Lei 15.211) as any internet-connected computer or device.
If California wants to create its own Protect the children operating system, it should bear the cost and responsibility for this alone, and not export any of the sketchy political agenda to the wider open source community.
"There is no justice in following unjust laws." - Aaron Swartz (Guerilla Open Access Manifesto)
The owner of the computer should decide what the computer does.
California is a soon failed bankrupted US state, and no one outside its borders cares what's going on there. Companies are leaving, people are leaving. Let them sink to the ocean with their idiotic laws.
As someone with children, I see benefits in how age verification will help me manage my kids relationship with technology. Even if it was not the law, I would choose products with support. The point of open source is to allow for both options.
> The idea that age verification in an OS is bad is a niche position by a select few
I am pretty sure that's not true.
Let’s ask IBM.
It's the authors first time contributing to this repo and it the feedback on the PR that was addressed is really odd, like some of it is super basic stuff, even if you're not familiar with the code base or the language.
Just an all round weird vibe.
I’ve seen Claude reproduce nearly identical comments, wonder if that’s a couidence
* LP had zero objections to merging this commit into systemd [1];
* Amutable CEO is confident they have a very robust path to revenue [2];
* It is Facebook that pushes age verification laws all around the world;
I sense that his new startup is exactly what we are afraid of: a way to prevent reverting of these patch and then actually enforce the upcoming mandatory KYC to use the computer.
[1] https://github.com/systemd/systemd/pull/40954#issuecomment-4...
[2] https://news.ycombinator.com/item?id=46785048
Surely this is a total coincidence.
And not only that, but he engages in communication with people in tickets and ignores all constructive criticism.
Dylan M. Taylor's GH profile claims that he's from Durham, NC (which does not have this law). He also references to a draft to xdg-desktop-portal which has not been accepted. (Add parental controls to the Accounts portal: https://github.com/flatpak/xdg-desktop-portal/pull/1922)
I'm asking:
- What is this guy's personal interest in pushing this through? (It seems non-neccessary and is questionable at what the end goal)
- Who's political agenda is he sponsoring for this?
- Is he getting financially incentivized to do this?
- https://github.com/archlinux/archinstall/pull/4290
- https://gitlab.freedesktop.org/xdg/xdg-specs/-/merge_request...
- https://github.com/canonical/ubuntu-desktop-provision/pull/1...
- https://github.com/canonical/ubuntu-desktop-provision/pull/1... -
This isn't just some guy that's overzealous.
Apparently this has escalated: https://www.reddit.com/r/privacy/comments/1rz8i4r/dylan_usef...
Theres a lot of smoke here.
Off his rocker: https://github.com/canonical/ubuntu-desktop-provision/pull/1...
> This is honestly some of the dumbest false equivalence I've ever read. Entering a birth date (that doesn't even have a check for truthfulness) during account setup when the system is first installed equals returning escaped slaves or turning in jews? I'm actually baffled by this comparison. And no, I don't particularly care about North Korean laws.
as per usual, liberal policy doing the exact opposite thing they claim it does.
last i checked thats what their so called "traditional values" and "conservatism" were actually.
This developer should be blacklisted from all open source projects, permanently.
I feel like complying really undermines any first amendment arguments. Software is a first amendment protected form of expression, giving in before getting any actual threats from the state makes your participation seem voluntary.
Systemd's participation puts the entire world into compliance with a California law
As it turns out, the people who warned against “professionalizing” and corporatizing Linux were correct.
It's one of the reasons I use BSD on my main machine. I think Linux has been infiltrated by big tech way too much.
https://www.historyhit.com/marcus-crassus/
https://en.wikipedia.org/wiki/Business_Plot
And now they are creeping into open source projects too. What once was thought as the bastion of absolute freedom from the state
It is indeed scary is how compliant the open-source projects have become to the "governmental overlords". Where has the hacker spirit gone?
[0]: https://news.ycombinator.com/item?id=46784572
* LP had zero objections to merging this commit into systemd [1];
* Amutable CEO is confident they have a very robust path to revenue [2];
* It is Facebook that pushes age verification laws all around the world;
I sense that his new startup is exactly what we are afraid of: a way to prevent reverting of these patch and then actually enforce the upcoming mandatory KYC to use the computer.
[1] https://github.com/systemd/systemd/pull/40954#issuecomment-4...
[2] https://news.ycombinator.com/item?id=46785048
There certainly are benefits and they are huge. Like, I can make sure my servers are untampered, I would love that.
Problem is, that technology, once unveiled, will be inevitably used for surveillance. Like, online KYC required to use a computer and you cannot patch this shit out because your Linux build is attested and no banking or government website will let you log in unless remote attestation passes.
Sort of like what they do on Android devices.
But who decides what is untampered and can you still modify stuff yourself. I don't want my servers to be immutable for example. And only be 'allowed' to do what the vendor wants me to.
But anyway, that is not really remote attestation. That is local attestation because you can see it on your own server. It's only remote if it attests to someone else.
And yes exactly, the second point is exactly why I hate remote attestation so much. Hope we can hack around it for a while but eventually they will stick that stuff in hardware, I'm sure. That will make it a lot harder.
That's the endgame, totally.
as always: imho. (!)
idk the exact procedure which will apply to enter the birth-date on such a system, but if other comments are correct: just enter what you want!
there will be no real possibility to tie this to anything "legal" / to "enforce" any "official" check of lets say your passport or other governmental id.
and if in my personal opinion (!) the pretty crazy guy behind the systemd-project tries to introduce/enforce such a thing ...
then i think it'll be time to either fork the project or look at systemd-free linux distributions like devuan ~ a systemd-free fork of debian :)
* https://devuan.org
just my 0.02€
But if this becomes a thing in Linux for the distro I use (doubtful), I will abandon Linux after 30+ years.
I am rather confident OpenBSD will ignore this law and I expect other BSDs will to. If not, back to DOS :)
Note, I have a BSD on a coupld of old laptops for testing reasons. I test what I write in the BSDs to help find issues, that works well.
Other, more traditional distros are out there that work fine with GNOME, etc with no problems.
I saw an article that supporting these laws could cost a distro maintainer up to 10000 USD per year. Sadly I lost the link, but the article made a lot of sense to me. So, many small distos cannot afford even 1000/year, I think this law could kill almost all small Linux distros. That will probably leave only RHEL, SUSE and Ubuntu, maybe Debian, but they would need funds donated to them from Ubuntu.
If the distro is in another country like OpenBSD, they could just ignore the law(s). That of course assumes the "other" country does not replicate what is happening in the US.
Right now I am hoping these laws are declared unconstitutional, but to be honest, with support by companies like meta and twitter, I expect we will see a national law sometime in 2027.
So in the US, we could be looking at locked down OS, unless you want to break "the law".
They cannot loose markets, like California or Brazil.
A few years down the road it might not be.
In late 90s we would have laughed if somebody proposed this was going to be a thing, let alone that linux community will just go with it. Heck, I would not have believed systemd was going to happen.
And yet, here we are.
It's entirely optional, I get that. I could 'just' not set anything. Spare your fingers. I want to poison it [or loudly opt out] without a lot of effort. This includes running N commands when a file to could effectively disable the signal.
Said differently: I don't want to configure the portal, I want to ~~break~~ mask it.
Since this is sd-userdbd we are talking about unless the used backend provides the value it is unset by default. And if you manage your home directory using sd-homed unless you explicitly set it it is also unset by default.
> It's entirely optional, I get that. I could 'just' not set anything.
Why? Telemetry, mainly. I'd rather attestation [or whatever intends to use this] fail and make it apparently deliberate.
The failure/assumption of under-13 or whatever, as a result of manipulation, is fine. I'm not actually trying to solution something though, jeez.
I find it more compelling to say, for instance, "x% of our users have chosen not to share their information"... rather than "y% have not set it". This category would almost surely be about as 'useful' (useless) as the 'do not track' header... and a concern for something other than systemd or even the portal (to a degree).
I am out of the loop: what is so special about 1969 concerning age verification?
That said... an option for 'I could have declared an age/birth date but chose not to' seems preferable. I was talking about poisoning but this could be more productive. Any attestation would reasonably fail, sure, but it sends a potentially-meaningful signal [to someone].
OK, "I am so old that already lived before the UNIX epoch even started" (or a year which breaks systems that cannot handle times before the UNIX epoch) sounds plausible. :-)
i'm always a fan of 1-JAN-1970
[eg. the "birth" of UNIX-like OSes unix-timestamp eg. "0" ;]
or
date -d @0
cheers a..z
Acquiescing to (however veiled and excused) authoritarian overreach is not the way forward. The correct attitude towards this "Think of the Children but Really Think of the Advertisers' Profits" initiative is to let California (and other proponents) to figure out how they can do business without Linux or any other software that depends on it.
OSS is a bastion of freedom -- real freedom, freedom FROM, not American Freedom (freedom to abuse and exploit others). We must defend it. DO NOT COMPLY.
Bernstein v. United States set a precedent that has not yet been overturned.
> Meta spent a record $26.3 million on federal lobbying in 2025, deployed 86+ lobbyists across 45 states, and covertly funded a group called the Digital Childhood Alliance (DCA) to advocate for the App Store Accountability Act (ASAA). But the operation extends beyond Meta.
> The Heritage Foundation funds three of six named DCA coalition organizations, staffs the advocacy pipeline from Capitol Hill to state legislatures, and has merged leadership with another coalition member.
I'd like to severely limit the amount of PII on the system.