It was also an option to not make a useless field. Not like this self reported dob is going to cut it for the existing age verification laws as is exists now. But I can be mad at people in a position of community production for not having a spine, too.

How is this supposed to be making the best of the situation anyway? It accomplished nothing but piss off the community and signify to authoritarians that open source developers are ready to bend over for them. Simply threaten unenforceable fines across the world and suddenly everything is hopeless. Better get ready to comply, its inevitable! Its pathetic. Ageless Linux might be performative bs, but at least its critical of this over reach instead of intentionally signalling compliance in advance.

Good system design doesn’t do things without me asking it to. I’ll gladly manually re enter my birth date for an external service if its required, which to be clear, should be as close to 0 times as possible. What, should I keep all my job application info in the initialization system too? Because a website I’m on might ask for it at some point? Don’t want to be too redundant.

Literally this field serves no purpose other than to build compliance with the surveillance state. No end user asked for this. Like I said, can’t imagine any end user making use of the existing systemd fields either. But those also didn’t get any attention because they weren’t made as a reaction to threats by a malicious regime.

it’s in one place that any third party can reference.

But why would I want that?

Even if you ignore the whole “this doesn’t verify anything” discussion, why would I want to give third parties easy access to personal and potentially sensitive information? I personally am not interested in simplifying data collection for corporate entities who definitely do not give a shit about the safety of my personal data, let alone hypothetical children. I do not know why this data collection needs or would be desired to be implemented within systemd, besides being a direct response to age verification laws saying its an OS providers responsibility to collect it. Arbitrary data collection by private entities is not “useful”. My personal data has no business being referenced by random asshats that ask for it. There are so few things in the world that “justify” needing my age that I would suggest it would be easier to make my birth date a permanent data point on my PC. Same goes for the other personal details that systemd already supports. Crazy to imagine anyone actually using those on a personal machine.

Thats part of the problem though. Supposedly catfriend1 gave researchxxl their signing keys, and researchxxl used these on their new github account. No one was aware that catfriend1 was not maintaining the repo anymore until users saw unexpected/unannounced updates and looked into the matter. This sparked a short lived discussion on F-Droid forums about what should be done when maintainer transfers are handled poorly like this. F-Droid admins decided that it wasn’t that big of an issue, which is problematic… this supposedly happened between two people meeting each other online and discussing it with each other. But its possible that catfriend1 is being blackmailed or otherwise coerced into handing off this data. This type of credential attack could happen with a compromised machine, without the victim ever realizing it in time. The fact that F-Droid treats this so casually is upsetting. Signed developer certificates protect you from MITM attacks, it does not protect you from the sources themselves being compromised.

Years ago, official development of an android app of syncthing was abandoned by the official developers. Most android users migrated to an already existing fork by a github maintainer catfriend1.

Catfriend1 unceremoniously disappeared, with their github repositories being taken over by a new user researchxxl. This was entirely unannounced and wasn’t really discovered until people with automatic updates enabled on *Obtanium noticed it.

researchxxl is not a known community member, and is being very reclusive when interacting with the syncthing community. Their github account was made specifically for the repository transfer, and their method of handling existing credentials is suspicious; looking no different than a hostile take over.

At this point in time, they are collaborating with Nexon, a user who worked with catfriend to publish syncthing fork builds to Google Play. They are more well known and trusted. If you can trust Nexon, and trust that end users in general are putting more scrutiny on the github source code after this whole situation, you can probably trust the recent releases for now.

Sorry for any details I may have gotten wrong. AFAIK, no one has taken the time to document all the things that have gone down. I would have linked to such a document otherwise. A lot of the discussion on this is happening in separate discussion threads, one of them being researchxxl’s github issue page, which they are censoring/deleting discussions from with(till recently) no oversight.

*Edit: this is also a poor summary. There is a lot of additional context that I don’t feel comfortable trying to encompass. Like why the official syncthing developers stopped their official android app, or catfriend1’s forum account coming back for a short time to try to explain their side of the story. Frankly, for how many people are using syncthing, I don’t think this story is getting enough attention.