Reject the age verification.
Feels like something systemd can solve with a compile time flag. Either have it on or off depending on if you want to legally sell it in those areas or not and away you go.
if there is no malicious intent in adding this, they really should learn to read the room.
The biggest defense for this I see is:
- it’s not bad now
- it’s not mandatory
- it will remain unused like the other fields that were previously there
- you can put anything in it
Then, tell me, why bother adding this in the first place, exactly at the time governments are looking toward full control of everybody’s computers? If it’s that innocent and useless, either someone really likes throwing shit up, or it won’t stop there.
And given the slate of other things that “didn’t stop there” in the past few years, you know, it cost nothing to be cautious. Especially if it’s “so useless you won’t even notice it’s there” after all.
Liberated systemd is a fork of mainline systemd started by Jeffrey Seathrún Sardina, a machine learning/AI researcher
I already have qualms about that.
Call me dreamy-eyed, but the reference to “machine learning” might mean this person has respect for what the technology is and has been for decades before the chatbot flood
yea but as to how this tech seems to me rn, leaves a really bad taste in my mouth.
Far many more than someone.
After all, any and all age checks we have nowadays are a black box anyways
This is the only part I disagree with. Age verification is typically done via services like ID.me, Lexis Nexus, etc which do it via identity verification with documentation. The alternative method that most social sites have gone with is age prediction from a face scan, of which providers are more than happy to tout how they do it as differentiators. For the latter, there are even FOSS options.
I think what they mean is, with a black box we know the input, documents, and output, yes you can buy beer, but we don’t know the internals. How and for how long is the data stored, who is it shared with, who has access to it, how much meta data can they pull together to build a profile on you and so on.
The DOB field is different from name and address because it is a fixed attribute that never changes. Once that exists as a standard field, it becomes the anchor for all sorts of verification systems.
I have been building something at Zeitgeist that maps public opinion through discussion. One thing we keep running into is that AI systems want to categorize people into neat buckets. They will say “users under 18” vs “over 18” and move on. But real human disagreement does not work that way. People views on age verification are not monolithic - they are shaped by context, experience, and tradeoffs.
We are seeing this play out everywhere now. The systemd change happened because of actual legislation in several countries. It is not theoretical anymore. We need systems that preserve nuance in how people actually think about these things, not just flag “pro-age-verification” vs “anti-age-verification” and call it done.
The DOB field is different from name and address because it is a fixed attribute that never changes
(Preface: I’m not really disagreeing with your larger point) This is not really correct though. I have a computer and I’m in my 50s. So it’s in 50 year old mode. Now my grandson who is 7 is in front of my computer. What utility is the fixed age that was gathered years ago in protecting the actual child user in that case?
Fair point. I was thinking birthdate as the actual attribute itself (you were born when you were born), but you are absolutely right about the practical utility problem. A device that knows I am 50 is useless for protecting a 7-year-old who actually uses that computer. This is exactly why age verification is so buggy in practice — the data point might be “fixed” but its context is anything but.
I’m not into this, but is it the nerd version of releasing forks and torches?
More like forks and patches
I didn’t realize age verification had been put in yet? holy shit tat was fast
Well not really, they added a field so that they could store date of birth in the way they have a field to store “real name”.
So you can be sure my birthday is 4/20/1969 as sure as you can be that my name is Bimbo Baggins.
Note that for the California law at least, this is “good enough” and the OS never actually has to validate anything. In practice a person without admin access could have their birthdate out of control, well, until they run a patched browser that skips asking systemd and just always sends a desired bracket…
It kind of works to keep kids under 13 sending the signal with parental administration, but doesn’t do anything for more resourceful people you tend to find over 13.
I call BS! I have it on good authority that Bilbo Baggins is at least eleventy-one.
Bilbo Baggins
Ah I see the confusion. That said their name was Bimbo Baggins. Different Baggins completely.
There’s no age verification in systemd. That field doesn’t verify anything
well, obviously. that happens on some external service.
But my clickbait!
Okay I’ve said this so many times but (open source) code is speech and thus protected by free speech laws. Also idk if anyone’s noticed but it’s pretty obvious ID verification is for mass surveillance and obbo purposes. Now why would this apply to software that we already know doesn’t spy on you? Until now, proprietary software and big tech platforms already spied on you, but it could - to an extent be pseudonymised. This isn’t about spying on people, they already do that, it’s about removing pseudonymisation - instead of your data being stored under: User #2044820 it’ll be your full govt name and address leaving no room for doubt or plausible deniability.
It is by every metric, useless to provide ID verification for software that collects no data, at best it would just give them a better idea of the demographic. Also it’s literally open source, the GPL prohibits disallowing people from forking/editing it and it prohibits restrictions on the way in which it can be edited, which is legally binding.
- Optional dob field added to distro
- Stupid people freak tf out
You give a millimeter and the powers that be will take a whole kilometer.
No compliance.
Even something as “small” as this needs to be met with prejudice.
Actually they’ll take a mile because its bigger and they hate the metric system also
Barbarians can’t even measure right. :V
In an ideal world, even that optional DOB field would have been blocked. Your first instinct on seeing techbros wanting to surveil us shouldn’t be “how we can comply”, but “how can I fight it”.
This is bs …
Instead of fighting the laws and the people behind it, ‘we’ (as in ‘the community’) infight about some minor commit?
If the reason is data privacy, why not also remove ‘realName’, ‘emailAdress’ and ‘location’? 🙄
They should also remove the phone number prompt that UNIX has had since before systemd even existed. Your phobe number is an optional part of the GECOS field and has been there for a very long time without anyone freaking out like this.
As far as I can tell the Name Email and location are all voluntarily provided by the user.
This is something that will be used whether you want it to or not (that makes it invasive) because of the laws around it (of course depending on where you are).
Having fields I can ignore as a user isn’t the same as this guided attempt by lawmakers to eventually get you to give ID and retina scans just to use a computer.
This is step 1. That is why people are freaking out about it.
And I know systemd isn’t doing this out of spite, but I do wish the scene would stand up for the user more… Just say no California or whatever other shit place decides to enact that and boom problem solved. Not their fault or problem anymore.
As far as I can tell the Name Email and location are all voluntarily provided by the user.
So is birthDate.
This is something that will be used whether you want it to or not (that makes it invasive) because of the laws around it (of course depending on where you are).
How? First and most importantly, systemd doesn’t do anything to enforce, require or verify the field.
Second, I control what is installed on my PC, that’s the ENTIRE POINT of using a FOSS OS. The FREEDOM to install whatever I want, or not. If there is an application that is using that field to enforce some bs law, then I simply won’t install it.
This isn’t Windows, there isn’t a Microsoft to force you to install software updates that you don’t want. You’re FREE to not install software that does things that you don’t like. This includes any hypothetical future software that would require this field or validate this field.
You control what you install on your pc and I’d be willing to bet that whatever open source OS it is, probably uses Systemd. Unless you’re a Unix person.
They have set this up in a way that yes, right now at 11:21pm UTC on March 24th it isn’t being enforced or required.
But because of the replies of some of the maintainers in their github about this very merge they are suggesting that as soon as it becomes hard law, it will be enforced by them.
Particularly the part where one was replying to a system76 developer who mentioned that they are in talks with state legislators right now, that these proposed laws are very possibly going to be overturned, and that open source software might not even be required to do this at all and that we should give it more tim before we do something like this and the reply was:
“It is possible that California law will be changed. But similar ideas are popping up in other contexts and it’s unlikely that they’ll all go away. This implementation is fairly generic and useful for other things besides age verification, so we shouldn’t decide whether to merge it or not based on a single law in any jurisdiction.”
This suggests that they are doing this because of laws and ideas like this that are coming into play. And that they didn’t want to wait on the confirmation of whether it was law or not, they did it anyway. Why? That’s not very open. That isn’t really taking a stand to support Linux or its users that is voluntarily getting ahead of the control mechanism that “similar ideas” are going to use.
They shouldn’t have done this. In mine, and many, many other peoples opinions as well.
You control what you install on your pc and I’d be willing to bet that whatever open source OS it is, probably uses Systemd.
They have set this up in a way that yes, right now at 11:21pm UTC on March 24th it isn’t being enforced or required.
It is using systemd, yes. It could be using openRC, sysvinit, runit, etc just as easily.
Systemd isn’t a requirement for Linux. It is simply the most useful init system currently. If that ever stops being the case then changing init systems or entire even distros is a fairly trivial task. If systemd were ever to require me to submit to a 3rd party verification of my age I’d just use a different init system.
There is nothing that any open source project can do that would force me to keep using their software if I don’t want to.
They shouldn’t have done this. In mine, and many, many other peoples opinions as well.
If your opinion represents a large group of people then you should have no trouble maintaining a fork.
You are right on that.
I hope that in the end this does end up all working out and I was just one of the crazy guys worried for no reason.
But either way I still think it is disappointing they did this so quickly and that they’re using a US push in law be such a deciding factor in originally pushing for it. It felt like that was the same way when they banned Russian maintainers. The USA and especially specific states shouldn’t have this much pull especially over open source community driven projects in my opinion.
The USA and especially specific states shouldn’t have this much pull especially over open source community driven projects in my opinion.
I completely agree.
I hope we see a bigger push for FOSS software in the EU as they try to reduce their dependency on US tech companies. If more countries treat software like we treat science where everyone contributes and everyone benefits then we’ll all be better off.
I think these laws will be similar to prohibition. They will try for a while, but then realize they can’t succeed. Governments can’t even handle cyber security, how will they handle this?
These laws are made by corporation like FB who wish to shift the blame away from itself for their transgressions. Australian and EU laws are banning social media for pre teens and kids. So instead of them developing ways to follow that law they are shifting that onus on to the operating system.
I think you underestimate the technology they have now especially in relation to an event that happened in the 1940’s.
Its like the Stasi but ten thousand times more sophisticated and every bit as motivated.
Maybe even more motivated, because it generates money for them when they have businesses do it (Palantir) and provides “value” to the markets. Because money and control is absolutely all they care about (in the USA)
Technologically, yes, they could easily identify non-compliance with how much data is being collected these days
Logistically though? How are they going to enforce this? Sue every open source project that circumvents this? Block downloads of it with a great firewall? Fine end users? It’s just not feasible
Realistically, they’re going to go after the OSes with the biggest market share. Google, Microsoft, and Apple will be forced to comply on new devices, and maybe they’ll try to make an example or two to get compliance in advance
It will be used to target certain individuals and “nail” their proverbial “balls to the wall” when they want to ruin your life for not complying.
A us court just convicted people as terrorists and one of the main reasons they cited is that they were using signal.
“This individual circumvented security measures enacted by the united States to keep people and the children™ safe from online threats both foreign and domestic. The individual conspired with multiple other people some of them from other countries, oops we meant foreign adversaries, to destroy or circumvent this framework we had in place”
Only thing I can mainly compare it to is how weed isn’t legal in a lot of places but they usually don’t care, until they suddenly do and your life is fucked.
Think of people like Ken Klippenstein and your Edward Snowdens (who used tails to leak a lot of their illegal spying shit btw which is us made btw where these laws are starting to gain traction the most [yes I see Brazil too])
It will be used to target individuals and destroy their lives through the process.
“Oh also since you’re not using the OS level biometric whatever we enacted this is an illegal machine and we are seizing it. Oh, you had whistleblower reports about government corruption? What government corruption Ken we didn’t find those files but we did find evidence if you being antifa”
And if you think I’m just some paranoid schizophrenic and this could never happen then you haven’t been paying attention.
And if everyone used E2E encryption for their private messaging like everyone who understands the topic has been pushing for decades, signal users wouldn’t stand out
The state cannot enforce this, it still relies on compliance in advance
I agree on everyone should be using E2E Encryption. Its an absolute disgrace that that was even mentioned in the court case at all as a possible link to terrorism.
I disagree that the state cant enforce this at least in a targeted way but, I really hope you are right in the end though.
I guess we will see.
Instead of fighting the laws and the people behind it
We can’t use the system to change the system.
Called it
I find that move extremely funny, since it’s purely made for sensationalism and nothing else. I mean, if you hate how systems implemented age verification, then why don’t you remove its identity verification too, i.e. also optional fields for stuff like your address an e-mail that most users don’t even fill out.
There is no mechanism verifying what birth date you type in - you can type whatever date you want and systems doesn’t care.
I’d say no matter where you stand with age verification, this is the best solution to handle the situation. After all, any and all age checks we have nowadays are a black box anyways. There is no real knowing how other systems are checking ages, and there is AFAIK no real government mandated rules on how it is verified. They could make you scan your ID’s front, back, nuclear composition and dietary preferences and give you a result that is almost, but not quite, entirely unlike a proper age verification procedure.
If the government wants to introduce age verification, they have to do it themselves - build an API that handles the age verification, similar to how the digital ID in Germany works, as an example. If they want proper age verification, they also have to take the blame themselves if things go wrong.
You know I remember when age verification was a thing on porn sites.
No big deal, I was like 12 and could easily say “yupp, I was born April 20th, 1969” and there was no problem.
Now, in several states that has escalated to you showing your ID.
Do you think this is the end game? Systemd made it clear with this move that any kind of US law passed will be able to be honored by their architecture. They didn’t take a stand that you would expect from pretty much the entire Linux community as a whole.
And see the funny part is where you talk about “if the government wants age verification they have to do it themselves” they pretty much do in USA its called your social security number. Banks, auto dealerships, landlords etc use it all the time and its very effective.
By not taking a strong stance against what is happening here you are paving the road brick by brick to having to provide full on SSN and very plausibly retina scans or something similar in the not so distant future before you can even login to your computer or phone.
I don’t understand, how people here are missing that. Fuck we are on Lemmy because we see how shit worked with things like reddit and others. Things always escalate when control and greed are the primary motivators.
This will escalate. And when it does I want you to remember that people were rightfully making a HUGE FUCKING DEAL about when systemd started doing this because by then you will be able to see clearly how it led to whatever surveillance wet dream they are absolutely going to force on us. It will be clear, and this will be step 1 .
I don’t think that systemd is really bending the knee too hard on this one. Actually, I think this move is actually a great way to render any sort of age verification, when using systemd, inert. Because, let’s think about it: it’s an optional field, in a JSON file that NEEDS to be editable at all times. If a distro decides to implement any serious age verification, it will have to store the data, namely the date of birth, somewhere. The /home folder would be wrong, as the user could edit that at all times. The userdb on the other hand can be restricted, meaning that the user can only edit it with user privileges. So if a government questions the seriousness of this verification method, distros can just claim that it is the administrative duty of the parent to prevent their children accessing things they shouldn’t, and that the Linux kernel itself provides the proper tool to do it without constant supervision. Yet systemd cannot enforce any stricter rules because service users, especially root, are not real people and thus cannot have any age verification. The only solution would be to tie these accounts to a person. This would cause an outrage at companies, considering that this role would most likely be the CEO or CIO, and if that device is stolen their identity could be linked to a crime, and I doubt any police station would bother trying to retrieve that laptop.
So this change will most likely be the maximum systemd can do without breaking distros for corporations, while at the same time allow classic Linux users, who most likely give themselves admin rights, a way to render any verification null and void by editing this optional field on their own.
EDIT: Also, being mad at an organisation trying to meet the laws in order to be usable will solve nothing. As you said yourself: a strong stance is needed. So complaining about systemd and trying to make them revert it will do nothing, because there will always be someone who bends the knee. If you want to do something, organize or join a protest and go to the streets, show that the law is for the people, not to be used as an oppression tool.
No no no, NOT “meeting the law” this has not been made law in USA yet which is the law they referenced when mentioning this merge.
You should read the thread in github.
A system76 developer said he’s in talk with state representatives, that this might even be overturned, and that it might not even affect open source software at all and one of the systemd maintainers said and I quote:
“It is possible that California law will be changed. But similar ideas are popping up in other contexts and it’s unlikely that they’ll all go away. This implementation is fairly generic and useful for other things besides age verification, so we shouldn’t decide whether to merge it or not based on a single law in any jurisdiction.” -keszybz
That seems like bending the knee pretty fucking hard man.
What they have done is proven that they can bully and harass open source software into submission. They should have waited until FORCED to do something like this but it seems like they’re beyond eager to lick anyone’s boots USA or otherwise.
Linux distros are not US entities bound to US law the last I checked (of course you have your Redhats and etc. And I guess maybe their Fedora distro might fall under us jurdistiction since its developed by red hat but I’m not sure because of being open sourced licensed.
They’ve bent the knee before with banning Russian and I think Chinese Linux kernal maintainers before which was also fucking bullshit.
The USA shouldn’t be able to swing its dick around and force the whole world into submission but boy it sure seems to get to every single year more and more and more.
And a lot of people here support it its so sad.
Anyway I’m getting off track with this but seriously no, they should have taken a stand not only for all of us but for Linux as a whole because systemd is a part of Linux as a whole.
If forced, I understand. This was not forced. This was suggested, merged welcomed and the thread locked as soon as any pushback happened.
Doesn’t seem very open anymore to be honest.
My line in the sand is when a distro/app starts enforcing entry of birth date data. Having a database field to store it, or even an optional prompt for it isn’t the point where I bin it.
This is the most sane take I’ve read in this entire debacle. Between arguing the semantics of attestation vs verification and whether we need five hundred forks and PRs, I’m glad to read this.
The biggest mistake the original PR did was not make it more clear it’s not directly because of the laws themselves, it’s to support higher level systems that may want to or need to comply. Systemd is no more complying with any present or future laws than a keyboard manufacturer is violating the law if the user uses it to type racially motivated hate speech.
Good distros will push default a dob of 1970-1-1, mark my fucking words.
That’s still forcing a DOB, which is the line I won’t cross.
When you make a new user using
adduserdo you leave your full name, number, and room number?Blank is blank, epoch is functionally the same as leaving it blank. Especially if it becomes industry standard.
They’re not the same though. Your method will enable the system to interact meaningfully with an age gated internet. Blank will not. And I won’t be interacting with an age gated internet…
I would but I’ve always been opposed to systemd anyway.
But for me it’s a slippery slope I don’t think we should even get on.
Yeah I hated systemd since before it was cool to hate systemd again.
But for me it’s a slippery slope I don’t think we should even get on.
I agree. But the start of the slope isn’t my exit point. My exit point is just before the slope gets too steep to get off.
That’s the thing about slippery slopes. You don’t really know where the point you slip is.
I do. We’re on it already. The whole system is slipping towards an age gated internet, and there is nothing we can do to stop it. That’s the slope. There’s nothing I can do to stop it, whether I’m I stay on or get off.
I don’t believe that dropping my whole OS over a database field will change anything. It won’t stop the devs who are concerned about their legal liability from being doing what they need to do to protect themselves. Some devs will comply, some will walk away from OSS, and some won’t comply. But the bigger the project, the more corporate sponorship it relies on, the more certain it is going to be in the “comply” category, and the truth of that won’t change because users push back.
Which is to say, I don’t believe standing up and rejecting a DB field as a matter of principle will change anything, except to make my life harder.
My line in in the sand isn’t about changing the course of the path we’re on, it’s about my own personal interactions with the system. And being forced to provide my age to interact with the internet is the bit I won’t do. So I will stay with the inevitable creep towards that state until the last possible moment, in the hopes that somehow, I’m wrong, and we avoid this privacy nightmare we’re heading towards. If and when it becomes impossible to interact without providing that data, then that’s where I step off, even if it costs me half the internet.
I’m curious about GNU Shepard but still haven’t gotten around to swapping. Does anyone have experiences to share?
That is a valid point. Of course it still would be rather anonymised, but it could always be a ‘frog in the pot’ type situation, where most drastic changes are introduced very slowly. My main concern at the end of the day is how much info will be required to be given to services and how much data will be actually stored. If it’s anonymised, then I don’t see much of a threat. If a service requires me to fully identify for an age check, that’s an entirely different thing, especially considering the last of Discord’s data leaks.
I agree with all that you’ve said. But why add it now? Why haven’t they added it a long time ago? Or if now they remembered, why not other extra optional fields that some people might want, like gender, sex, any other field? Oh, it would be too political? I see…
I’m thinking the same. I understand the people saying it’s no big deal, it’s just an optional field. But the existing optional fields (GECOS) have been there since the beginning of time. The original Unix user database (/etc/passwd) was created in a different time. Things have changed in the last 50 years and we now know that a simple field in an OS level database is not really an appropriate place to store PII. I don’t know what the solution is, as these laws are coming and there will be some people that need to comply, but I don’t think the current change to systemd is the right approach.
On the plus side - this controversy has prompted me to look into other options for my home servers and I’m loving the minimalism and simplicity of Alpine. (This isn’t a knee jerk reaction - I’ve been frustrated by the bloated feel of mainstream distributions for a while - more the straw that may break the camel’s back)
Oh, definitely I’m not saying people should just jump the gun and replace their distro for one without systemd immediately. I certainly won’t, at least not without thinking about it for a while. But I also think that denying the controversy exists is not good. This is definitely controversial, for some people even a deal breaker and there are valid, real reasons why. For the rest, it’s good to look at what options there are, see that there really isn’t an appropriate alternative for systemd in some cases and realizing that a successful fork would be a good thing. Also, a long time criticism of the community has been that systemd does too much and it being against basic Unix philosophy. I always thought of it not being a big deal, given its modularity. But I now realize that it centralizes control and design decisions to a single org and that is certainly a weak point IMO. So a fork makes a lot of sense, but it is at this point a mammoth of the project, so it will be really hard to maintain.
I mean, the introduction of the date of birth field is obviously done to make it easy for distros to comply with age verification by simply saving the birth date and nothing else.
As for the other fields: what use would it have to have such info at OS level? What application would use these fields and how? I mean, some fields, like the ‘location’ one, already are pretty useless, as, for example, the ‘location’ field doesn’t seem to bhave any firm consensus on how it should be formatted. Even the documentation lists both “Berlin, Germany” as well as “Basement, Room 3a” as valid values.
So I doubt not introducing such fields has any sort of political agenda to it, but just raises the question on why such fields would be useful to begin with.
you mean like adding it to a bunch of optional details already?
This. And forking is easy. Maintaining a big piece of software is not. This is why every popular repo has hundreds of forks, but non of them are active or in sync with upstream.
Yup. All this crying about the field is a big nothing burger.
