It’s not a rumor, systemd merged a PR that explicitly said it was to allow handling the new age verification laws. Just because they aren’t actually verifying anything doesn’t mean that they didn’t merge code in direct support of the laws. And why in the world would this even be handled at systemd level anyway?
Systemd is present on the vast majority of Linix systems so it made the most sense to put it in systemd. It is an optional field so it is up to applications and distros on weither to use it for something. Age verification laws are legally binding so compliance is not optional.
If you have a problem with age verification call your local lawmaker. Don’t attack a bunch of devs who somehow got stuck in the middle.
Exactly, and some of the laws require just asking if the age is over a some pre-defined threshold, not sending the full date, for example “is the user over 18? Is the user over 15? 13?”
And just to be clear, I do think that “protecting the children” is just an excuse to push surveillance tech that was very convenient to use after the Epstein files. I am strongly against these laws and I am supporting ($$$) activist groups fighting against them. Do consider donating or getting involved too if you can.
But this specific change isn’t adding surveillance to Linux. It’s just a date of birth field that a parent can set. I can see why a parent would want it instead of using shady and intrusive “child control” software that takes over the computer.
You need to store the date of birth to update the user’s reported age automatically. It makes sense and puts the “protecting the children” responsibility back on parents instead of third parties that every website is now starting to use.
The systemd solution is not even reusable for actual verification because it can’t provide any cryptographic proof of the verification! It’s literally just a date.
That is (or is not) happening regardless of systemd involvement. This is just a place to store the value. Not having such a place in systemd would just mean it is stored in some other place. This doesn’t make it significantly easier to implement age verification nor would reverting it make it significantly harder. It’s just a field that may be used by people who are legally obligated to store or read that data.
Every rant about systemd is a wasted opportunity to yell at someone who deserves it, honestly. Focus on the people pushing age verification laws or doing age verification.
“Verify” is a strong word, if the age in there isn’t actually verified. If I say my realName is Nunya Bissnis, my location is Atlantis and my birthDate is 1970-01-01, who’s going to check if that’s at all accurate?
Maybe there should be a way to randomise it. Maybe there could be a script to automatically update my DoB entry to “Today - 18 years” every day. Or maybe there are some default values we could use that make it hard to track, like John Doe, 1970-01-01.
Or maybe we just don’t enforce entering anything. Given it’s not a thing in every jurisdiction, there needs to be a toggle to activate sharing it anyway. Be a shame if people found a way to trick the system.
Though the proposed Flatpak change works by responding to age brackets rather than specific dates. That would also obscure it a little, but be enough for parental controls. Whether those are reasonable is a different discussion I don’t feel like having at the moment.
Again, you’re right that it would help narrow it down, which might make it an arms race akin to security, where we’d have to keep finding ways to mess with the tracking, but there are more implementation layers that I imagine will be harder to enforce.
I also agree that it’s iffy, just as the realName and location fields, but it’s not quite as bad as all the newly-minted systemd haters make it out to be. If you’re an OG hater looking for more reasons, sure, be my guest.
I think it’s fairly reasonable for adults to want to ensure a 10-year-old doesn’t get mental health issues by being served hardcore BDSM porn unsupervised, or get scammed by a pig butcher on social media. Of course a curious 10-year-old can’t be trusted to enter their real birth date. So, adding this info to a root-managed userdb kinda makes sense. At this point there’s nothing to suggest that this age will be verified in any way, other than “the person entering it has write access to userdb”. So in the current form it’s just another tool for parents to control what their child sees (provided any apps actually use this field in the future).
However, I’d argue just the birth date is the wrong approach to this and it needs to be more granular.
The requirement to check age is on the provider. It is not the responsibility of the OS to store age and supply it freely to any service that wants it.
This data is stored as a non-privileged birth date.
This means any website can ask for your birth date. Then they store it, and use it for tracking. Private browser? HAH! Not your birth date!
This has N O T H I N G to do with “children.” It’s about Meta trying to escape moderation responsibility.
This is the right wing talking. Slowly putting identity into the OS for tracking. Don’t fall for it (unless you’re the right wing, and then fuck you)
Well, if you’re going that route, there are a whole bunch of other issues (apart from absolving parents from responsibility for their kids digital wellbeing). Either the provider just asks the user for their age (which is what we’re doing now, and it’s just 100% useless), or there would have to be some way to prove one’s age. Presumably it would be via a government-issued token of some kind, ideally as a ZK proof. While there are some european countries where this is somewhat feasible, for most of the world issuing every resident a smartcard which can attest if one is an adult or not is just not possible. So, you’d be forced to either give out gov-signed certificates of age as files (which will be easily reused by kids to access stuff which they shouldn’t), or you have a centralized server which can issue time-limited certificates on the fly based on some ID (which will tell the government that you wanna watch adult stuff), or you just have to upload your ID to the provider directly (I hope I don’t need to explain why this is bad).
Meanwhile, what we are discussing right now is just a basic extension to parental controls. Notice how the field is not mandatory, you can just leave it empty, and I’d argue everyone who doesn’t have kids should just do that. As it is implemented right now, the machine administrator decides if they want to use this or not and what to set the date to. Even if some distro complies with the stupid law and make it mandatory in california (which I’d argue they shouldn’t), you can just enter 1970-01-01 and be done with it, because you decide what to put in that field during account creation.
This means any website can ask for your birth date. Then they store it, and use it for tracking. Private browser? HAH! Not your birth date!
Well, first of all, for now browsers don’t even support reading userdb at all, and there’s no way for website to request it. Then, I hope when it is implemented it will be hidden behind a website permission so that kids can decide if they want to share it or not (i.e. “this website wants to know you age: allow/deny”). For adults (if the california law gets implemented), I hope that “privacy” browsers will have a feature to return a random date (more than 18 years ago) every time if the field is not set in userdb, or you can just write a cronjob/systemd-timer that changes the date randomly every hour.
There is a question of random apps now having unfettered access to your child’s birthday. This is indeed an issue, and poettering’s approach of “just containerize it” is not very cool. It would be nice to have a way to gate userdb access behind a user prompt, similar to what I’m describing for browsers. I guess for now flatpaking everything you don’t 100% trust not to read userdb is the only option.
I don’t even know where this rumour came from.
It’s not a rumor, systemd merged a PR that explicitly said it was to allow handling the new age verification laws. Just because they aren’t actually verifying anything doesn’t mean that they didn’t merge code in direct support of the laws. And why in the world would this even be handled at systemd level anyway?
All of this was discussed in the PR.
Systemd is present on the vast majority of Linix systems so it made the most sense to put it in systemd. It is an optional field so it is up to applications and distros on weither to use it for something. Age verification laws are legally binding so compliance is not optional.
If you have a problem with age verification call your local lawmaker. Don’t attack a bunch of devs who somehow got stuck in the middle.
Well, how do I put it… compliance is optional
Ideally, we wouldn’t need to do age verification at all. But if it’s absolutely required, the most privacy-preserving way would be:
It’s not.
the current implementation allows reading the precise age
Exactly, and some of the laws require just asking if the age is over a some pre-defined threshold, not sending the full date, for example “is the user over 18? Is the user over 15? 13?”
And just to be clear, I do think that “protecting the children” is just an excuse to push surveillance tech that was very convenient to use after the Epstein files. I am strongly against these laws and I am supporting ($$$) activist groups fighting against them. Do consider donating or getting involved too if you can.
But this specific change isn’t adding surveillance to Linux. It’s just a date of birth field that a parent can set. I can see why a parent would want it instead of using shady and intrusive “child control” software that takes over the computer.
You need to store the date of birth to update the user’s reported age automatically. It makes sense and puts the “protecting the children” responsibility back on parents instead of third parties that every website is now starting to use.
The systemd solution is not even reusable for actual verification because it can’t provide any cryptographic proof of the verification! It’s literally just a date.
systemd is introducing birthDate as a user json field, if that’s what you mean with rumor.
The PR to revert that change was not merged:
https://github.com/systemd/systemd/pull/41179
Next the OS will have to verify this is correct
Be like grapheneos and say no to age verification
That is (or is not) happening regardless of systemd involvement. This is just a place to store the value. Not having such a place in systemd would just mean it is stored in some other place. This doesn’t make it significantly easier to implement age verification nor would reverting it make it significantly harder. It’s just a field that may be used by people who are legally obligated to store or read that data.
Every rant about systemd is a wasted opportunity to yell at someone who deserves it, honestly. Focus on the people pushing age verification laws or doing age verification.
It’s another domino fallen, another step towards absolute control
I don’t think that’s a reasonable assessment of this change
It was added with a note specifically that the implementation was related to a law that was described as stupid.
I think it’s pretty clear exactly what this was being put in for, and why two MSFT devs were ready to approve.
There’s no “it was just…” about this, it was step one of a coordinated plan that has not been abandoned.
Poettering doesn’t work for Microsoft.
Poettering only very recently left microslop
Yes, that’s another way of saying what I said…
The approver of the pull request does…
I agree, your point?
So apps can look at it and verify the users age? 🤔
“Verify” is a strong word, if the age in there isn’t actually verified. If I say my realName is Nunya Bissnis, my location is Atlantis and my birthDate is 1970-01-01, who’s going to check if that’s at all accurate?
It’s really a declaration, or an assertion.
Doesn’t matter if it’s accurate. Now they have more unique data points to help track your digital footprint.
Good point.
Maybe there should be a way to randomise it. Maybe there could be a script to automatically update my DoB entry to “Today - 18 years” every day. Or maybe there are some default values we could use that make it hard to track, like John Doe, 1970-01-01.
Or maybe we just don’t enforce entering anything. Given it’s not a thing in every jurisdiction, there needs to be a toggle to activate sharing it anyway. Be a shame if people found a way to trick the system.
Though the proposed Flatpak change works by responding to age brackets rather than specific dates. That would also obscure it a little, but be enough for parental controls. Whether those are reasonable is a different discussion I don’t feel like having at the moment.
Again, you’re right that it would help narrow it down, which might make it an arms race akin to security, where we’d have to keep finding ways to mess with the tracking, but there are more implementation layers that I imagine will be harder to enforce.
I also agree that it’s iffy, just as the realName and location fields, but it’s not quite as bad as all the newly-minted systemd haters make it out to be. If you’re an OG hater looking for more reasons, sure, be my guest.
If someone populates it and if apps do it. The “debate” is whether this is something systemd should or should not have done.
It is not something systemd needs. The platform requesting age needs to get it directly from the user.
i am told by a very reliable dipshit that everything in this thread is maga disinformation
Eh, this would make it 100% useless though.
I think it’s fairly reasonable for adults to want to ensure a 10-year-old doesn’t get mental health issues by being served hardcore BDSM porn unsupervised, or get scammed by a pig butcher on social media. Of course a curious 10-year-old can’t be trusted to enter their real birth date. So, adding this info to a root-managed userdb kinda makes sense. At this point there’s nothing to suggest that this age will be verified in any way, other than “the person entering it has write access to userdb”. So in the current form it’s just another tool for parents to control what their child sees (provided any apps actually use this field in the future).
However, I’d argue just the birth date is the wrong approach to this and it needs to be more granular.
The requirement to check age is on the provider. It is not the responsibility of the OS to store age and supply it freely to any service that wants it.
This data is stored as a non-privileged birth date.
This means any website can ask for your birth date. Then they store it, and use it for tracking. Private browser? HAH! Not your birth date!
This has N O T H I N G to do with “children.” It’s about Meta trying to escape moderation responsibility.
This is the right wing talking. Slowly putting identity into the OS for tracking. Don’t fall for it (unless you’re the right wing, and then fuck you)
Well, if you’re going that route, there are a whole bunch of other issues (apart from absolving parents from responsibility for their kids digital wellbeing). Either the provider just asks the user for their age (which is what we’re doing now, and it’s just 100% useless), or there would have to be some way to prove one’s age. Presumably it would be via a government-issued token of some kind, ideally as a ZK proof. While there are some european countries where this is somewhat feasible, for most of the world issuing every resident a smartcard which can attest if one is an adult or not is just not possible. So, you’d be forced to either give out gov-signed certificates of age as files (which will be easily reused by kids to access stuff which they shouldn’t), or you have a centralized server which can issue time-limited certificates on the fly based on some ID (which will tell the government that you wanna watch adult stuff), or you just have to upload your ID to the provider directly (I hope I don’t need to explain why this is bad).
Meanwhile, what we are discussing right now is just a basic extension to parental controls. Notice how the field is not mandatory, you can just leave it empty, and I’d argue everyone who doesn’t have kids should just do that. As it is implemented right now, the machine administrator decides if they want to use this or not and what to set the date to. Even if some distro complies with the stupid law and make it mandatory in california (which I’d argue they shouldn’t), you can just enter 1970-01-01 and be done with it, because you decide what to put in that field during account creation.
Well, first of all, for now browsers don’t even support reading userdb at all, and there’s no way for website to request it. Then, I hope when it is implemented it will be hidden behind a website permission so that kids can decide if they want to share it or not (i.e. “this website wants to know you age: allow/deny”). For adults (if the california law gets implemented), I hope that “privacy” browsers will have a feature to return a random date (more than 18 years ago) every time if the field is not set in userdb, or you can just write a cronjob/systemd-timer that changes the date randomly every hour.
There is a question of random apps now having unfettered access to your child’s birthday. This is indeed an issue, and poettering’s approach of “just containerize it” is not very cool. It would be nice to have a way to gate userdb access behind a user prompt, similar to what I’m describing for browsers. I guess for now flatpaking everything you don’t 100% trust not to read userdb is the only option.
What drugs are you on?
I only mean the verification is clearly in the app that uses it then.
Because most people apparently don’t know the difference between a system manager and an operating system.