Feels like something systemd can solve with a compile time flag. Either have it on or off depending on if you want to legally sell it in those areas or not and away you go.
if there is no malicious intent in adding this, they really should learn to read the room.
Far many more than someone.
Liberated systemd is a fork of mainline systemd started by Jeffrey Seathrún Sardina, a machine learning/AI researcher
I already have qualms about that.
Call me dreamy-eyed, but the reference to “machine learning” might mean this person has respect for what the technology is and has been for decades before the chatbot flood
After all, any and all age checks we have nowadays are a black box anyways
This is the only part I disagree with. Age verification is typically done via services like ID.me, Lexis Nexus, etc which do it via identity verification with documentation. The alternative method that most social sites have gone with is age prediction from a face scan, of which providers are more than happy to tout how they do it as differentiators. For the latter, there are even FOSS options.
I think what they mean is, with a black box we know the input, documents, and output, yes you can buy beer, but we don’t know the internals. How and for how long is the data stored, who is it shared with, who has access to it, how much meta data can they pull together to build a profile on you and so on.
The DOB field is different from name and address because it is a fixed attribute that never changes. Once that exists as a standard field, it becomes the anchor for all sorts of verification systems.
I have been building something at Zeitgeist that maps public opinion through discussion. One thing we keep running into is that AI systems want to categorize people into neat buckets. They will say “users under 18” vs “over 18” and move on. But real human disagreement does not work that way. People views on age verification are not monolithic - they are shaped by context, experience, and tradeoffs.
We are seeing this play out everywhere now. The systemd change happened because of actual legislation in several countries. It is not theoretical anymore. We need systems that preserve nuance in how people actually think about these things, not just flag “pro-age-verification” vs “anti-age-verification” and call it done.
I didn’t realize age verification had been put in yet? holy shit tat was fast
Well not really, they added a field so that they could store date of birth in the way they have a field to store “real name”.
So you can be sure my birthday is 4/20/1969 as sure as you can be that my name is Bimbo Baggins.
Note that for the California law at least, this is “good enough” and the OS never actually has to validate anything. In practice a person without admin access could have their birthdate out of control, well, until they run a patched browser that skips asking systemd and just always sends a desired bracket…
It kind of works to keep kids under 13 sending the signal with parental administration, but doesn’t do anything for more resourceful people you tend to find over 13.
I call BS! I have it on good authority that Bilbo Baggins is at least eleventy-one.
I’m not into this, but is it the nerd version of releasing forks and torches?
More like forks and patches
- Optional dob field added to distro
- Stupid people freak tf out
You give a millimeter and the powers that be will take a whole kilometer.
No compliance.
Even something as “small” as this needs to be met with prejudice.
Actually they’ll take a mile because its bigger and they hate the metric system also
Barbarians can’t even measure right. :V
In an ideal world, even that optional DOB field would have been blocked. Your first instinct on seeing techbros wanting to surveil us shouldn’t be “how we can comply”, but “how can I fight it”.
There’s no age verification in systemd. That field doesn’t verify anything
well, obviously. that happens on some external service.
But my clickbait!
Okay I’ve said this so many times but (open source) code is speech and thus protected by free speech laws. Also idk if anyone’s noticed but it’s pretty obvious ID verification is for mass surveillance and obbo purposes. Now why would this apply to software that we already know doesn’t spy on you? Until now, proprietary software and big tech platforms already spied on you, but it could - to an extent be pseudonymised. This isn’t about spying on people, they already do that, it’s about removing pseudonymisation - instead of your data being stored under: User #2044820 it’ll be your full govt name and address leaving no room for doubt or plausible deniability.
It is by every metric, useless to provide ID verification for software that collects no data, at best it would just give them a better idea of the demographic. Also it’s literally open source, the GPL prohibits disallowing people from forking/editing it and it prohibits restrictions on the way in which it can be edited, which is legally binding.
Called it
This is bs …
Instead of fighting the laws and the people behind it, ‘we’ (as in ‘the community’) infight about some minor commit?
If the reason is data privacy, why not also remove ‘realName’, ‘emailAdress’ and ‘location’? 🙄
They should also remove the phone number prompt that UNIX has had since before systemd even existed. Your phobe number is an optional part of the GECOS field and has been there for a very long time without anyone freaking out like this.
As far as I can tell the Name Email and location are all voluntarily provided by the user.
This is something that will be used whether you want it to or not (that makes it invasive) because of the laws around it (of course depending on where you are).
Having fields I can ignore as a user isn’t the same as this guided attempt by lawmakers to eventually get you to give ID and retina scans just to use a computer.
This is step 1. That is why people are freaking out about it.
And I know systemd isn’t doing this out of spite, but I do wish the scene would stand up for the user more… Just say no California or whatever other shit place decides to enact that and boom problem solved. Not their fault or problem anymore.
As far as I can tell the Name Email and location are all voluntarily provided by the user.
So is birthDate.
This is something that will be used whether you want it to or not (that makes it invasive) because of the laws around it (of course depending on where you are).
How? First and most importantly, systemd doesn’t do anything to enforce, require or verify the field.
Second, I control what is installed on my PC, that’s the ENTIRE POINT of using a FOSS OS. The FREEDOM to install whatever I want, or not. If there is an application that is using that field to enforce some bs law, then I simply won’t install it.
This isn’t Windows, there isn’t a Microsoft to force you to install software updates that you don’t want. You’re FREE to not install software that does things that you don’t like. This includes any hypothetical future software that would require this field or validate this field.
You control what you install on your pc and I’d be willing to bet that whatever open source OS it is, probably uses Systemd. Unless you’re a Unix person.
They have set this up in a way that yes, right now at 11:21pm UTC on March 24th it isn’t being enforced or required.
But because of the replies of some of the maintainers in their github about this very merge they are suggesting that as soon as it becomes hard law, it will be enforced by them.
Particularly the part where one was replying to a system76 developer who mentioned that they are in talks with state legislators right now, that these proposed laws are very possibly going to be overturned, and that open source software might not even be required to do this at all and that we should give it more tim before we do something like this and the reply was:
“It is possible that California law will be changed. But similar ideas are popping up in other contexts and it’s unlikely that they’ll all go away. This implementation is fairly generic and useful for other things besides age verification, so we shouldn’t decide whether to merge it or not based on a single law in any jurisdiction.”
This suggests that they are doing this because of laws and ideas like this that are coming into play. And that they didn’t want to wait on the confirmation of whether it was law or not, they did it anyway. Why? That’s not very open. That isn’t really taking a stand to support Linux or its users that is voluntarily getting ahead of the control mechanism that “similar ideas” are going to use.
They shouldn’t have done this. In mine, and many, many other peoples opinions as well.
You control what you install on your pc and I’d be willing to bet that whatever open source OS it is, probably uses Systemd.
They have set this up in a way that yes, right now at 11:21pm UTC on March 24th it isn’t being enforced or required.
It is using systemd, yes. It could be using openRC, sysvinit, runit, etc just as easily.
Systemd isn’t a requirement for Linux. It is simply the most useful init system currently. If that ever stops being the case then changing init systems or entire even distros is a fairly trivial task. If systemd were ever to require me to submit to a 3rd party verification of my age I’d just use a different init system.
There is nothing that any open source project can do that would force me to keep using their software if I don’t want to.
They shouldn’t have done this. In mine, and many, many other peoples opinions as well.
If your opinion represents a large group of people then you should have no trouble maintaining a fork.
You are right on that.
I hope that in the end this does end up all working out and I was just one of the crazy guys worried for no reason.
But either way I still think it is disappointing they did this so quickly and that they’re using a US push in law be such a deciding factor in originally pushing for it. It felt like that was the same way when they banned Russian maintainers. The USA and especially specific states shouldn’t have this much pull especially over open source community driven projects in my opinion.
The USA and especially specific states shouldn’t have this much pull especially over open source community driven projects in my opinion.
I completely agree.
I hope we see a bigger push for FOSS software in the EU as they try to reduce their dependency on US tech companies. If more countries treat software like we treat science where everyone contributes and everyone benefits then we’ll all be better off.
I think these laws will be similar to prohibition. They will try for a while, but then realize they can’t succeed. Governments can’t even handle cyber security, how will they handle this?
These laws are made by corporation like FB who wish to shift the blame away from itself for their transgressions. Australian and EU laws are banning social media for pre teens and kids. So instead of them developing ways to follow that law they are shifting that onus on to the operating system.
I think you underestimate the technology they have now especially in relation to an event that happened in the 1940’s.
Its like the Stasi but ten thousand times more sophisticated and every bit as motivated.
Maybe even more motivated, because it generates money for them when they have businesses do it (Palantir) and provides “value” to the markets. Because money and control is absolutely all they care about (in the USA)
Technologically, yes, they could easily identify non-compliance with how much data is being collected these days
Logistically though? How are they going to enforce this? Sue every open source project that circumvents this? Block downloads of it with a great firewall? Fine end users? It’s just not feasible
Realistically, they’re going to go after the OSes with the biggest market share. Google, Microsoft, and Apple will be forced to comply on new devices, and maybe they’ll try to make an example or two to get compliance in advance
It will be used to target certain individuals and “nail” their proverbial “balls to the wall” when they want to ruin your life for not complying.
A us court just convicted people as terrorists and one of the main reasons they cited is that they were using signal.
“This individual circumvented security measures enacted by the united States to keep people and the children™ safe from online threats both foreign and domestic. The individual conspired with multiple other people some of them from other countries, oops we meant foreign adversaries, to destroy or circumvent this framework we had in place”
Only thing I can mainly compare it to is how weed isn’t legal in a lot of places but they usually don’t care, until they suddenly do and your life is fucked.
Think of people like Ken Klippenstein and your Edward Snowdens (who used tails to leak a lot of their illegal spying shit btw which is us made btw where these laws are starting to gain traction the most [yes I see Brazil too])
It will be used to target individuals and destroy their lives through the process.
“Oh also since you’re not using the OS level biometric whatever we enacted this is an illegal machine and we are seizing it. Oh, you had whistleblower reports about government corruption? What government corruption Ken we didn’t find those files but we did find evidence if you being antifa”
And if you think I’m just some paranoid schizophrenic and this could never happen then you haven’t been paying attention.
And if everyone used E2E encryption for their private messaging like everyone who understands the topic has been pushing for decades, signal users wouldn’t stand out
The state cannot enforce this, it still relies on compliance in advance
I agree on everyone should be using E2E Encryption. Its an absolute disgrace that that was even mentioned in the court case at all as a possible link to terrorism.
I disagree that the state cant enforce this at least in a targeted way but, I really hope you are right in the end though.
I guess we will see.
FUCK THERE IS A WHOLE LOT OF STUPID USING LINUX. Lots of tin foil hat wearing morons making mountains out of molehills.There was no age verification support added. All that happened is a DOB field was put in so people can add their date of birth IF THEY CHOOSE TO so it can appear in their user account. It isn’t uploaded to anyone, it’s not checked by anyone, it is not mandatory to complete and you can leave the field blank.
Hard disagree. This represents the pot getting turned up on the frog.
I acknowledge you are factually correct. However, once this field exists, it enables later reference and/or mandatory dependencies.
There is no positive use case , but lots of possibly negative use cases. For that reason, it shouldn’t exist.
Do you really draw the line at a date of birth field, when every linux system has fields for full name and address for every user account?
However, once this field exists, it enables later reference and/or mandatory dependencies
Yeah, this is a devious plan that has been going on for years, when they added the
realNamefield!I get it, but I believe it to be a false equivalence. This change is not happening in isolation. There is currently a general trend towards de-anonymising users, and this DOB field is a step in that direction.
The only real question is, do I want my computer storing more, or less, personally identifying information. Given that I don’t trust the intended use, or ANY use which is later enabled by this, my answer is ‘less’.
So, how about we start freaking out when someone starts making these fields required, instead of right away?
because it’s too late at that point, which is the whole point and issue!
if the field is necessary, but the data is useless, then it shouldn’t be there. if the data becomes required then it should not be there. so the result, it should not be there
because it’s too late at that point, which is the whole point and issue!
A PR is when the discussion is supposed to happen. It’s an open source project, nothing happens “too late” to discuss. You see that change in the pull request, you can start moaning about it.
if the field is necessary, but the data is useless, then it shouldn’t be there
Who defines what’s “useless”? You? On what authority?
the discussion happens right now, because i said so, because others are talking about it. and the data is useless when anything can be put in, it’s not used for anything, and it can’t be verified. it fails all three tests in determining usefulness
You do know that this is a slippery slope argument, right?
You would have to demonstrate that there is an intention there to require third party services to validate the age of users using Linux… Or that there is an intention to do so by systemd and the broader open source developers.
I don’t think it will be easily possible to lock out every Linux system from the internet that doesn’t implement some kind of hardware DRM mechanism to make sure that the user cannot just change the date of birth with root permissions.
I do understand that, but I think you are applying a post hoc rationalisation to the change.
For example, examining the change through the lens of intended use -> you can’t as there is no such use of the field today - it’s tomorrow’s use that is potentially problematic.
I don’t want to wait until a bad actor applies the field, I want to stop the field from existing.
This change is not happening in isolation. There is currently a general trend towards de-anonymising users, and this DOB field is a step in that direction.
The only real question is, do I want my computer storing more, or less, personally identifying information. Given that I don’t trust ANY use which may be later enabled by this change, my answer is ‘less’.
Maybe this is the issue. I have no problems with parents setting the age of the children in their account in order limit their access to certain content.
And there clearly exists a use-case for that.
My main issue is when it comes to third-party age/identity verification services. Age or identity verification in the hands of private for-profit companies is bad.
I’d rather give parents the tools to set individual restrictions locally on their devices, then pushing for a global internet based age filter.
No, they don’t.
You , as the party making the accusation of fallacy would be required to prove that the expectation of escalation is unreasonable or that the intention was not there.
edit: asking for an explanation of their thoughts around the issue is fine, but a requirement it is not.
Why do people so often invert the burden of proof?
If someone says “Picking your nose will cause brain-cancer in 40 years.” Then they have the burden to proof that. Nobody has the burden to disprove that.
They made the accusation that this is a step to make this age fields mandatory, and controlled by third-party age verification services, so they have the burden to proof that there is way to do that.
I find it highly unlikely, because most people using Linux systems at home have admin privileges. Which makes this whole point moot, since they can fake whatever they like to the software running on top.
Why do people so often invert the burden of proof?
I know, right ?
If someone says “Picking your nose will cause brain-cancer in 40 years.” Then they have the burden to proof that. Nobody has the burden to disprove that.
Absolutely, and if you’d asked for proof of their accusation you’d be correct in this instance.
They made the accusation that this is a step to make this age fields mandatory, and controlled by third-party age verification services, so they have the burden to proof that there is way to do that.
They did and you could ask them to make a case for that, you didn’t.
You provided your own accusation:
You do know that this is a slippery slope argument, right?
And proceeded to tell them that they are required to provide proof to dispute your new accusation.
You would have to demonstrate that there is an intention there to require third party services to validate the age of users using Linux… Or that there is an intention to do so by systemd and the broader open source developers.
Which is what i was addressing specifically when i said:
You , as the party making the accusation of fallacy would be required to prove that the expectation of escalation is unreasonable or that the intention was not there.
I find it highly unlikely, because most people using Linux systems at home have admin privileges. Which makes this whole point moot, since they can fake whatever they like to the software running on top.
It makes the field itself mostly a non issue in the single isolated context of “does this field, on it’s own, constitute age verification”.
The point most people are trying to make is that it’s a part of a larger context.
How do commercial distros prevent getting blocked if not through this?
I think you might be replying to wrong conment
We are more than mere frogs in a pot though. We have made note of this. We outraged. We argued and counter argued. We will not forget so easily, no matter the view point on it.
If nothing comes of it, some of us can say “I’ve told you…”
If the next step gets implemented and the field becomes mandatory, some of us can say “See!! Froggies”
If it becomes mandatory and a further implementation also adds the framework to submit the data to some idp service, then we can get the pitchforks out.
I’m not really sure you can argue birthdate is the thin edge of the spear when the standard Linux user database already had fields for location, email, phone number, and real name. None of which have been used for anything up to this point, and systemd-homed is not as widely used.
I get it, but I believe it to be a false equivalence. This change is not happening in isolation. There is currently a general trend towards de-anonymising users, and this DOB field is a step in that direction.
The only real question is, do I want my computer storing more, or less, personally identifying information. Given that I don’t trust the intended use, or ANY use which is later enabled by this, my answer is ‘less’.
I conceptually agree with your second paragraph but I fail to see how the existing unused fields are somehow less dangerous or a “false equivalence” to a new unused DOB field which is significantly harder to use to deanonymize someone than their name, address, and phone number.
FUCK THERE IS A WHOLE LOT OF STUPID USING LINUX
we wanted the year of the linux desktop… well the first raft of windows refugees seem to be a bunch of these overzealous privacy types who think they’re now a bunch of 1337 h4x0rs because they figured out how to get an nvidia driver working on mint… they have more paranoia than actual tech knowledge, and their only contribution to the community is sowing dissent, and shouting about something as trivial as an optional data field.
The debian subreddit is downvoting an actual DEBIAN DEVELOPER when they tried to explain the situation
If i put on my tin foil hat, i’d say these people are being deliberately influenced to sow chaos in foss communities
- Fork a project that you have a problem with;
- Write a strong worded manifesto;
- Revel in those sweet sweet internet clicks;
- Try to gather a team of seasoned engineers to keep and evolve the project;
- Most likely fail, look for the next controversy, repeat.
Yes, but what’s wrong with this? If you gather engineers that are capable to maintain it - what is the downside? Systemd could always have used a bit of competition, I think most of us can agree. Most of the forks of systemd will fail, but most of all projects fail after some time. I don’t think this situation will harm systemd ultimately and it shouldn’t.
There’s nothing wrong with forking a project, IF you can and intend to maintain it – hell, that’s the whole basis of FOSS.
Forking it to make a point with no intention to maintaining it is just an easy way to gather clicks and stir drama.
IMHO the effort is better spent fighting the politicians that are shoving this down our throats, or should we fork all the tech that gets affected by bad political decisions?
Try to gather a team of seasoned engineers to keep and evolve the project;
What is there to evolve? Just keep it up to date with the mainstream project while applying this one patch. This is as useful as the signatures that prohibit use of comments to train LLMs.
What is there to evolve? Just keep it up to date with the mainstream project while applying this one patch. This is as useful as the signatures that prohibit use of comments to train LLMs.
That sounds super easy on paper. In practice nobody is going to do this long-term.
The kind of people who get massively upset about this are not the kind of people that are going to make a long term commitment to actually doing anything. Forking systemd is performative activism, that’s it.
I know, 100% agree. It’s not a lot of work but people will quickly find another thing to get angry about and move on. Trying to fork systemd over this feature is completely pointless.
Forking projects to put a different coat of paint on them is just silly. It’s still the same project, it’s just got your sticker on it now. You still dependent on upstream decisions. If things change too much for your liking, you have a growing patch management issue on your hands, and that’s not fun. But hey, you’re free to do it, that’s the beauty of FOSS.
Reminds me of the Linux distros that just fork Debian, stick a new theme and logo, create a website and voilá. Nah, mate, it’s still Debian.
