| ▲ | Age verification on Systemd and Flatpak(cybrkyd.com) |
| 91 points by londonanon 9 hours ago | 81 comments |
| |
|
| ▲ | uyzstvqs 7 hours ago | parent | next [-] |
| People need to understand the difference between age indication and age verification. Two very different things. Age indication is a completely private and realistically as-effective alternative to the invasive age verification. Age _indication_ means that when you set up your device or create a user account, you enter a date of birth for the user. The OS then provides a native API to return a user's age bracket (not full date-of-birth). If the user is a minor, the OS will require parental authentication in some way to modify the setting again. This can all be done completely offline. It works because parents almost always buy the devices used by children, and can enter the correct date-of-birth during setup. Age _verification_ means that some online service has to verify your age, and collects a bunch of (meta)data in the process. This is highly problematic for privacy, security, and the open internet. |
| |
| ▲ | txrx0000 2 hours ago | parent | next [-] | | There are two things very very wrong with the California law, which you call "age indication". 1) The parental responsibility is given to the wrong people. You're basically being forced by law to give all apps and websites your child's age on request, and then trusting those online platforms to serve the right content (lol). It should be the other way around. The apps and websites should broadcast the age rating of their content, and the OS fetches that age rating, and decides whether the content is appropriate by comparing the age rating to the user's age. The user's age, or age bracket, or any information about the user at all, should not leave the user's computer. 2) The age API is not "completely private". It's a legally-mandated data point that can be used to track a user across apps and websites. We must reject all legally-mandated tracking data points because it sets the precedent for even more mandatory tracking to be added in the future. We should not be providing an API that makes it easier for web platforms to get their hands on user data! For many years, certain tech companies, SIGs, and governments have fought against technologies that could enable real digital parenting, all while claiming to do the opposite and "protecting children". They craft a narrative to convince you that top-down digital surveillance and access-control is for your own good, but it's time we reject that and flip their narrative upside down: https://news.ycombinator.com/item?id=47472805 | | |
| ▲ | packetlost 22 minutes ago | parent | next [-] | | 1. I don’t see how that’s better in any real way. You can infer the exact same information as querying the range and it makes dynamic behavior based on age range (ex. access to age restricted chat rooms as an obvious example) completely impossible. 2. Is it meaningfully more identifying than User-Agent? There’s dozens of other datapoints for uniquely identifying a user. If we get a few high profile lawsuits because advertising companies knowingly showed harmful ads to children, I’d consider it a win. Age is not that interesting of a data point. | | |
| ▲ | throwaway173738 9 minutes ago | parent | next [-] | | I wouldn’t focus on whether it’s “identifying” but whether it’s revealing. Young teenagers are a very high-value target for advertisers. They are very impressionable, and they provide a proxy for advertisers for their parents’ money. So this law essentially makes it mandatory to share that information with advertisers. And also by proxy, predators. | |
| ▲ | kelnos 12 minutes ago | parent | prev [-] | | > I don’t see how that’s better in any real way. It's so much better. In the one case, the OS is leaking age information (even if just an age range) to every service it talks to. In the other case, the OS isn't telling anyone anything, and is just responding to the age rating that the app/service advertises. |
| |
| ▲ | heavyset_go 2 hours ago | parent | prev | next [-] | | > For many years, certain tech companies, SIGs, and governments have fought against technologies that could enable real digital parenting, all while claiming to do the opposite and "protecting children". They craft a narrative to convince you that top-down digital surveillance and access-control is for your own good, but it's time we reject that and flip their narrative upside down The EFF has a good series related to this[1]. [1] https://www.eff.org/deeplinks/2026/03/rep-finke-was-right-ag... | |
| ▲ | ekr____ 2 hours ago | parent | prev | next [-] | | > 1) The parental responsibility is given to the wrong people. You're basically being forced by law to give all apps and websites your child's age on request, and then trusting those online platforms to serve the right content (lol). It should be the other way around. The apps and websites should broadcast the age rating of their content, and the OS fetches that age rating, and decides whether the content is appropriate by comparing the age rating to the user's age. The user's age, or age bracket, or any information about the user at all, should not leave the user's computer. FWIW, this is not quite an accurate description of AB1043, in at least three respects: 1. Apps don't get your exact age, just an age range. 2. Websites don't get your age at all. 3. AB1043 itself doesn't mandate any content restrictions; it just says that the app now has "actual knowledge" of the user's age. That's not to say that there aren't other laws which require age-specific behaviors, but this particular one is pretty thi on this. In addition, I certainly understand the position that the age range shouldn't leave the computer, but I'm not sure how well that works technically, assuming you want age-based content restrictions. First, a number of the behaviors that age assurance laws want to restrict are hard to implement client side. For example, the NY SAFE For Kids act forbids algorithmic feeds, and for obvious reasons that's a lot easier to do on the server. Second, even if you do have device-side filtering, it's hard to prevent the site/app from learning what age brackets are in place, because they can experimentally provide content with different age markings and see what's accepted and what's blocked. Cooper, Arnao, and I discuss this in some more detail on pp 39--42 of our report on Age Assurance: https://kgi.georgetown.edu/research-and-commentary/age-assur... I'm not saying that this makes a material difference in how you should feel about AB 1043, just trying to clarify the technical situation. | | |
| ▲ | txrx0000 an hour ago | parent [-] | | Thanks for the clarification. Regarding what to do with algorithmic feeds, instead of forcing platforms like Facebook to be less evil, we should give parents the ability to simply uninstall Facebook, and prevent it from being installed by the child. We could implement a password lock for app installation/updates at the OS-level that can be enabled in the phone's settings, that works like Linux's sudo. Every time you install/uninstall/update an app, it asks for a password. Then parents would be able to choose which apps can run on their child's device. Notice their strategy: these companies make it hard/impossible for you to uninstall preloaded apps, and they make it hard to develop competing apps and OSes, and they degrade the non-preloaded software UX on purpose, which creates the artificial need to filter the feeds in existing platforms that these companies control. They also monopolize the app store and gatekeep which apps can be listed on it, and which OS APIs non-affliated apps can use. Instead of accepting that and settling with just filtering those existing platforms' feeds, we should have the option to abandon them entirely. We need the phone hardware companies to open-source their device firmware, drivers, and let the device owner lock/unlock the bootloader with a password, so that we could never have a situation like the current one where OSes come preinstalled with bloat like TikTok or Facebook, and the bootloader is locked so you can't even install a different OS and your phone becomes a brick when they stop providing updates. If we allow software competition, then child protection would have never been a problem in the first place because people would be able to make child-friendly toy apps and toy OSes, and control what apps and OS can run on the hardware they purchased. Parents would have lots of child-friendly choices. This digital parenting problem was manufactured by the same companies trying to sell us a "solution" like this Cali bill or in other cases ID verification, which coincidentally makes it easier for them to track people online. | | |
| ▲ | kelnos 8 minutes ago | parent [-] | | > instead of forcing platforms like Facebook to be less evil, we should give parents the ability to simply uninstall Facebook, and prevent it from being installed by the child. Isn't that how parental controls already work? There are problems, though: 1. The kids want to use Facebook. If parent A refuses to let their kid use Facebook, then kids B, C, D, E, F... all use Facebook and kid A becomes a social outcast. This actually happens. (Well, now it's other apps; kids don't use Facebook anymore.) This is similar to the mobile-phones-in-schools problem: if a parent doesn't let their kid bring a phone to school, and all the other parents do, that creates social isolation. When the school district bans the phones, it solves the problem for everyone. (So it's a collective action problem, really.) 2. Web browsers. Unless the parent is going to uninstall and disallow web browser use, the kid can still sign into whatever service they want using the web browser. I don't think parental controls block specific sites, and even if they do, there are ways around that, certainly. I am very often the person who says that parents should actually parent their kids and not rely on the government to nanny them. But in this case I think there actually is value to the government making laws that make Facebook (etc.) less evil. And as a bonus, maybe they'll be forced to be less evil to adults too! |
|
| |
| ▲ | Ferret7446 2 hours ago | parent | prev [-] | | > The apps and websites should broadcast the age rating of their content, and the OS fetches that age rating, and decides whether the content is appropriate by comparing the age rating to the user's age. How would you make that happen? Many websites would not be subject to your jurisdiction. | | |
| ▲ | kelnos 5 minutes ago | parent | next [-] | | So? The same problem exists for having the OS broadcast the user's age range to all apps/services/websites: the service outside your jurisdiction doesn't have to actually restrict content based on age. At least with the reverse system (services broadcast an age rating), you have some nice properties: 1. You can set it up so that if the service doesn't broadcast an age rating, access is denied. 2. You aren't leaking age information (even if it's just a range) to random websites outside your jurisdiction. | |
| ▲ | txrx0000 2 hours ago | parent | prev | next [-] | | Assume they're 18+ then. But even that's still not a great solution. I outline a better solution that doesn't require any legal enforcement at all, in the link at the bottom of my original comment. | |
| ▲ | ekr____ 2 hours ago | parent | prev [-] | | We're actually seeing this play out right now with the server-based age assurance systems which are already widely deployed and mandated under the UK Online Safety Act and laws in about 25 US States. In many cases, the sites just comply, presumably because they are worried that the regulators have a way to reach them even if they aren't hosted in the relevant jurisdiction. In some cases, however, the sites just ignore the regulations or tell the regulators to pound sand, as 4Chan is doing with UK OfCom: https://www.bbc.com/news/articles/c624330lg1ko |
|
| |
| ▲ | heavyset_go 4 hours ago | parent | prev | next [-] | | It's a distinction that hinges on one law from one state that doesn't reflect the reality of the dozens of laws in dozens of states, nor proposed federal legislation, that all require age verification via AI face scans and ID uploads. That's to say, this distinction is meaningless unless you're planning on blocking every jurisdiction outside of California so you can just adhere to its age verification laws and no one else's. | |
| ▲ | ddtaylor 37 minutes ago | parent | prev | next [-] | | A pointless slippery slope to attempt to stand on that points directly at the Overton Window being drawn around this. | |
| ▲ | Havoc 3 hours ago | parent | prev | next [-] | | That's just setting things up for a smoother slippery slope... As appealing as the private part sounds I genuinely think it may make the situation worse here by facilitating the transition & muddying the waters | |
| ▲ | EmbarrassedHelp 6 hours ago | parent | prev | next [-] | | The issue though with "age indication" is that it creates an additional flag that can be used to fingerprint users. But it is infinitely preferable to any sort of age verification or age assurance. | |
| ▲ | ekr____ 7 hours ago | parent | prev [-] | | I like the term "age indication". Thank you. If I may nitpick, the conventional term for systems which attempt to determine the user's age is "age assurance". This covers a variety of techniques, which are typically broken down into: * Age estimation, which is based on statistical models of some physical characteristic (e.g., facial age estimation). * Age verification, which uses identity documents such as driver's licenses. * Age inference, which tries to determine the user's age range from some identifier, e.g., by using your email address to see how old your account is. These distinctions aren't perfect by any means, and it's not uncommon to see "age verification" used for all three of these together but more typically people are using "age assurance". |
|
|
| ▲ | petre a few seconds ago | parent | prev | next [-] |
| This is stupid. Tge age should be in the passwd gecos field or somewhere else in the user's config directory. Not in systemd. Unix-luke systems are multiuser. |
|
| ▲ | ekr____ 8 hours ago | parent | prev | next [-] |
| OP is certainly right that a lot of this legislation is written in ways that are hard to interpret and that often seem like they would have undesirable side effects even under the assumption that the basic idea is good (whether that's actually true is a whole different question). In the specific case of CA AB1043: (1) Systems are required to ask the user for their age and just trust whatever they say (2) Applications are required to query the system for the user's age range. Other enacted and proposed device-based age assurance mandates have different properties. This post goes into quite a bit of detail about the various points of concern:
https://educatedguesswork.org/posts/device-based-age-assuran... |
| |
| ▲ | Aurornis 8 hours ago | parent | next [-] | | I think this legislation is as dumb as everyone else does, but it also seems like the cheapest way for everyone to agree that we did something about the moral panic without actually giving up anything. It doesn’t do anything with ID or privacy or even actual verification. There’s no complicated auth dance to do with government services to verify our age tokens or whatever the latest Rube Goldberg machine “zero knowledge” age check proposal is. I’ve been shocked at how many HN comments always come out in favor of age related legislation and heavy government regulation when the topic comes up. The pro-regulation commenters always seem to assume the age checks would never apply to them because they don’t have use TikTok or Facebook or other services, yet few realize that there aren’t going to be laws written in a way that only apply to a couple named companies you don’t use anyway. If we age verification laws then they’re going to be everywhere. I personally hope this legislation dies and we can be done with this silly exercise, but if we’re stuck with age verification moral panic than a simple OS-level switch that we set once and then forget about seems like the least intrusive form of “age verification” we can get away with. | | |
| ▲ | motbus3 7 hours ago | parent | next [-] | | I think the writing has both intentions. Both implicate companies to comply as well for the mass to not defend. If it was not, there wouldn't be a guy on TV saying that there are 5000 possible pedo cases that are not being investigated and that's why they need it. Anyone with more than 2 brain cells can put it together | |
| ▲ | ekr____ 7 hours ago | parent | prev | next [-] | | > I personally hope this legislation dies and we can be done with this silly exercise, but if we’re stuck with age verification moral panic than a simple OS-level switch that we set once and then forget about seems like the least intrusive form of “age verification” we can get away with. Just for clarification. CA AB1043 was signed back in 2025 and takes effect January 1 2027. | |
| ▲ | hypeatei 7 hours ago | parent | prev | next [-] | | I disagree with your overall sentiment that this is benign because it's ineffectual in its current state. If anything, this is going to warm people up to the idea of government mandated prompts gathering personal information in their OS, and legislators in 2030 (or whenever) are going to say: "this isn't working, lets build on top of that prompt we already have and make it verify IDs" In other words, I think this first bit of legislation had to be watered down to not receive too much backlash. This is the governments first plunge into mandating things on the frontend. | | |
| ▲ | ben-schaaf 2 hours ago | parent [-] | | > This is the governments first plunge into mandating things on the frontend. ADA mandates computer accessibility, as frequently interpreted by courts. CCPA & GDPR mandate a whole bunch of stuff. Hardly the first plunge. |
| |
| ▲ | kmeisthax 7 hours ago | parent | prev [-] | | You're on the right path, but the "something" politicians want to do is specifically "regulate Facebook's patent harms to children". Facebook's counter-argument is: "we don't have a legally ironclad way to check user age, it should be Apple and Google's job". So the politicians want to write a law to make it Apple and Google's job to check age. In other words, all of these age verification laws are here predominantly to indemnify Facebook from a growing wave of child endangerment lawsuits in a way that will ensure Facebook doesn't have to kick off even a single teen from their platforms. That's why the "verification" is just a date and an age range bucket. My personal opinion is that these laws are stupid, but not harmful to Linux users, and that everyone angry at systemd for complying is shooting the wrong guy. Your real target is Facebook and you should be yelling at your local representative to make this bill not target Linux distros. | | |
| ▲ | bityard 7 hours ago | parent [-] | | No, we can also be mad at the systemd guys for their very mid attempt at complying with an idiotic and unenforceable law, when the default of doing nothing was objectively the best option for them AND their end users. |
|
| |
| ▲ | AnthonyMouse 8 hours ago | parent | prev [-] | | > Systems are required to ask the user for their age and just trust whatever they say If you're going to do anything like this, this is the thing they actually get right. It removes the inconvenience, privacy invasion, forced use of corporate verifiers with perverse incentives, etc. Meanwhile if the user is actually a child then their age is set by their parent. > Applications are required to query the system for the user's age range. This is classic legislative stupidity. Applications are required to query the user's age range even if they contain no age-restricted content? Brilliant. | | |
| ▲ | ekr____ 8 hours ago | parent [-] | | >> Systems are required to ask the user for their age and just trust whatever they say
>
> This is the thing they actually get right. It removes the inconvenience, privacy invasion, forced use of corporate verifiers with perverse incentives, etc. Meanwhile if the user is actually a child then their age is set by their parent. Well, maybe. For instance, if a child buys their own device they could
set the age to whatever they want. >> Applications are required to query the system for the user's age range.
>
> This is classic legislative stupidity. Applications are required to query the user's age range even if they contain no age-restricted content? Brilliant. Note that AB1043 doesn't actually impose much in the way of requirements about age restricted content. Rather, the way it works is that the developer is then assumed to have "actual knowledge" of the user's age (See 1798.501(b)(2)(A)) and then has to behave accordingly in other age-restricted contexts. | | |
| ▲ | lokar 4 hours ago | parent | next [-] | | I see it as fairly benign. It requires the device/computer have a way to set the age. If you don't want to set your real age, that's fine. If you are a kid, your parent will probably have set it for you (it's really a feature for the parent, and they don't have to use it). It then establishes that apps can know your age group, sufficient to comply with existing (and I suppose future) content age-restriction laws (where today they can dodge and say they did not know). It's a pretty incremental step, and fairly minimal (in the range of all options proposed around the world). We can try it and see how it goes. | |
| ▲ | AnthonyMouse 8 hours ago | parent | prev | next [-] | | > For instance, if a child buys their own device they could set the age to whatever they want. If a child has the money to buy a device without the parent knowing about it then they could just buy a used device that has already been configured with an account or pay a high school senior to set one up on their new device. > Rather, the way it works is that the developer is then assumed to have "actual knowledge" of the user's age (See 1798.501(b)(2)(A)) and then has to behave accordingly in other age-restricted contexts. How is mkdir or python3 supposed to "behave accordingly in other age-restricted contexts"? And if the answer is that its behavior is entirely unmodified, why is it required to do something without effect? Also, who is the "developer" of a thirty year old project with thousands of contributors and multiple forks? All of them? None of them? The last one to make a commit, even if they're outside the jurisdiction? | | |
| ▲ | ekr____ 7 hours ago | parent | next [-] | | > > For instance, if a child buys their own device they could set the age to whatever they want. > If a child has the money to buy a device without the parent knowing about it then they could just buy a used device that has already been configured with an account or pay a high school senior to set one up on their new device. Yes, agreed. I'm just describing how it works. > > Rather, the way it works is that the developer is then assumed to have "actual knowledge" of the user's age (See 1798.501(b)(2)(A)) and then has to behave accordingly in other age-restricted contexts. >How is mkdir or python3 supposed to "behave accordingly in other age-restricted contexts"? And if the answer is that its behavior is entirely unmodified, why is it required to do something without effect? I agree this is undesirable. See: https://educatedguesswork.org/posts/device-based-age-assuran... > Also, who is the "developer" of a thirty year old project with thousands of contributors and multiple forks? All of them? None of them? The last one to make a commit, even if they're outside the jurisdiction? This unspecified in the current text. | |
| ▲ | cozzyd 2 hours ago | parent | prev | next [-] | | A minor using python3 isn't allowed to import flask | |
| ▲ | rickydroll 8 hours ago | parent | prev [-] | | One could interpret the age verification operation must run for every command executed in interactive or non-interactive mode. | | |
| ▲ | AnthonyMouse 7 hours ago | parent [-] | | It sounds like you want to automate the invisible purposeless no-op. Is that allowed? |
|
| |
| ▲ | simion314 8 hours ago | parent | prev [-] | | > For instance, if a child buys their own device Then the law can make it illegal to sell smartphones or computers to 12 years olds or we could just ask the parents to do a bit of work and ensure their children is not buying devices behind their backs. The idea is to make it easy for responsible parents to give a device to their children and make it easy for legal websites to block minors from adult content. We can't get perfect results but good enough could shut upo the complainers and maybe we get them do things like educating parents on how to proceed when they gift a device to a child. |
|
|
|
|
| ▲ | nout 8 hours ago | parent | prev | next [-] |
| It's interesting that the package managers become choke points that can be used for government overreach. Luckily Linux is open source so I expect there will be options that just don't do this from principle. Otherwise my Intel NUC server with Debian is 2 years old, so I expect the honest age would be 2 years? I may have parts for some old PCs to put together that could get adult software I guess... |
| |
| ▲ | awesome_dude 8 hours ago | parent [-] | | For me, the big issue is going to be mobile devices (phones, and tablets to a lesser degree) I've already had it up to my back teeth with Google arbitrarily updating things such that the on/off button was hijacked, preventing me from switch the device off, instead triggering an interaction with freaking Gemini (what sort of IDIOT thought doing that to a device was a good idea) I'm seriously trying to find a way to no longer run Apple or Google OS based phones - which puts me in the "Linux" or "Graphene" market | | |
| ▲ | nout 5 hours ago | parent [-] | | I think more folks are now interested in the "Linux" or "Graphene" market and since the phone hardware development is not as rapid as it used to be (from 1yr cycle to more than 2yr cycle), I think this gives more stability and wiggle room for folks to do Linux and/or Graphene. I'm patiently waiting for what happens with the Motorola + Graphene integration/plan. If they provide good hardware + preinstalled Graphene, I'd buy it. |
|
|
|
| ▲ | garganzol 3 hours ago | parent | prev | next [-] |
| Let's restrict this plague to California/UK only. If Gulag wants to be a Gulag, let them be. |
|
| ▲ | cyberge99 4 hours ago | parent | prev | next [-] |
| Age verification in the OS is one milestone of a greater objective: removing anonymity on the internet |
|
| ▲ | stevenalowe 7 hours ago | parent | prev | next [-] |
| NO, DO NOT COMPLY WITH FORCED SPEECH Might seem harmless now but it won’t next time, and you will have already capitulated |
|
| ▲ | lschueller 9 hours ago | parent | prev | next [-] |
| Quite spooky imaging that apple might create by that a fully verified pii database for half of gen z and every coming gen users |
| |
| ▲ | mtndew4brkfst 19 minutes ago | parent [-] | | Why would it be more spooky if Apple in particular did this vs all the other hardware vendors that ship a pre-installed OS? |
|
|
| ▲ | Shank 8 hours ago | parent | prev | next [-] |
| It seems incredibly silly to me that this is being rushed into systemd and other linux components. I understand Apple making changes, and even Canonical, but systemd is not run by one corporation and there is no reason to adhere to a badly written law. Why play along with the charade? If root is root, the "age verification" field does not make any sense. Why are these changes being made on a worldwide basis when the laws that have been introduced are a relatively small fraction of the world? California isn't going to go after individual systemd maintainers. Will California go after Torvalds? I doubt it. Apple? Surely, but this is, quite frankly, a ridiculous thing to even suggest for inclusion into these setups. |
| |
| ▲ | gizmo686 8 hours ago | parent | next [-] | | Open source is driven by contributions. Most of the time, if someone wants a feature, implements the feature, and submits a reasonable PR to a project, that project will have the feature. In this case, the PR appears to have been written by someone who is not a regular SystemD contributor, and (through a bit of Googling) works for a FinTech company with no obvious interest. I can't comment on why that individual wanted to add support.
However, once someone added support, the question for SystemD is not if it is worth implementing, but if it is worth merging. At this point, it becomes a simple case of "the most intolerant wins". For people who care about complying with CA style laws, this feature is critical. For people who don't care, this feature is fine. I doubt it will even make it on mosts lists of SystemD feature bloat that most people don't care about. This is the same reason a bunch of the food in your pantry is certified kosher. No one is going to not buy something because it is kosher. But if paying a thousand dollars a year to put a small circle-u symbol on the back of your box can increase sales by 1% among observant Jews, most companies are going to do it. | | |
| ▲ | jjmarr 7 hours ago | parent [-] | | > No one is going to not buy something because it is kosher. But if paying a thousand dollars a year to put a small circle-u symbol on the back of your box can increase sales by 1% among observant Jews, most companies are going to do it. Contrary to perceived politics, many Muslims will eat kosher food because it's a superset of halal rules (excl. alcohol). It's a globally consolidated certification through organizations like the Orthodox Union. This is unlike halal which is local and has many scammers offering to pencil whip compliance. This means many Muslims will prefer kosher to "halal" food to avoid due diligence on the certification agency. To tie this into age-verification, companies and ecosystems will use the strictest method that makes them globally compliant. Consumers will prefer that convenience even in the presence of intense political beliefs. A bank that uses seamless OS-level age checks everywhere will win against one asking manually in the jurisdictions it isn't required. | | |
| ▲ | razingeden 7 hours ago | parent [-] | | I hope everyone’s bank knows how old they are— what with all the documentation we have to cough up to keep us safe from Terrorism , patriot act, 9/11, never forget, etc |
|
| |
| ▲ | nine_k 8 hours ago | parent | prev | next [-] | | > systemd is not run by one corporation Two corporations, e.g. Canonical and Red Hat, might suffice. I hope everybody remembers how systemd was thrust upon the community by having Gnome largely depend on it. This was mostly done by efforts of Red Hat, and that sufficed. | |
| ▲ | lunar_rover 8 hours ago | parent | prev | next [-] | | California has both vendors and clients that are big enough to warrant immediate compliance. A very measurable chunk of Linux is from corporations, most major advancements are corporate backed in some way. | |
| ▲ | ChocolateGod 8 hours ago | parent | prev | next [-] | | IIRC all that's been done is a field has been added to store the user date of birth and a protocol that can be used to retrieve said date. That's it. | | |
| ▲ | Cyph0n 4 hours ago | parent [-] | | Okay, but why do this now? If it’s such an important feature and unrelated to the barrage of legislation, why was this not implemented a few months or years ago? |
| |
| ▲ | stackghost 3 hours ago | parent | prev [-] | | >It seems incredibly silly to me that this is being rushed into systemd [...] Making user-hostile changes seems exactly on-brand for systemd, to my mind. |
|
|
| ▲ | looperhacks 8 hours ago | parent | prev | next [-] |
| This systemd change is absurdly overdiscussed. It's a field for a number, no verification, no enforcement for anything. And no, I do not accept the slippery slope fallacy. |
| |
| ▲ | cmckn 8 hours ago | parent | next [-] | | Why does it exist? | | | |
| ▲ | dmitrygr 7 hours ago | parent | prev | next [-] | | >This systemd change is absurdly overdiscussed. It's a field for a number, no verification, no enforcement for anything. > And no, I do not accept the slippery slope fallacy. aka: $OBVIOUSLY_DUMB_OVERREACHING_EASILY_ABUSED_POLICY is absurdly overdiscussed. It's $ABSURDLY_REDUCTIONIST_VIEW. And no, I do not accept $HISTORICALY_VERY_LIKELY_OUTCOME fallacy. | |
| ▲ | htx80nerd 8 hours ago | parent | prev [-] | | [flagged] | | |
| ▲ | tomhow 3 hours ago | parent [-] | | This is not an acceptable comment on HN. It breaks several guidelines: Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes. Comments should get more thoughtful and substantive, not less, as a topic gets more divisive. When disagreeing, please reply to the argument instead of calling names. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3." Please don't fulminate. Please don't sneer, including at the rest of the community. https://news.ycombinator.com/newsguidelines.html |
|
|
|
| ▲ | Ms-J an hour ago | parent | prev | next [-] |
| Any spyware that attempts to report my personal details such as age will never be used. The correct course of action is to never implement anything like this. Unjust laws such as this won't be followed and the politicians deserve to be hung for this. This is the scumbag that is responsible for adding spyware to our OS's: https://github.com/dylanmtaylor |
|
| ▲ | tombert 8 hours ago | parent | prev | next [-] |
| I've been running NixOS for awhile, which is very firmly integrated with systemd. I wonder if it's time to try something like sixos or Guix SD. |
| |
| ▲ | Cyph0n 4 hours ago | parent | next [-] | | Setting aside the ridiculous nature of this move towards OS-level verification, NixOS (and Guix) is the last distro to worry about when it comes to age verification. Why? Given the nature of how NixOS works (config-driven), the maintainers have plausible deniability: if push comes to shove, they can shift the burden to users and have them enable the age verification service as part of their NixOS config. | |
| ▲ | htx80nerd 8 hours ago | parent | prev [-] | | Artix (Arch) and MX Linux (Debian) are very nice | | |
| ▲ | tombert 8 hours ago | parent [-] | | Oh I only use distros that are declarative like NixOS. I've run Arch in the past and I liked it just fine, but they are ultimately different than how I like running my computer. |
|
|
|
| ▲ | jmclnx 8 hours ago | parent | prev | next [-] |
| This is a no win situation and I think systemd is making this change too early. But I have read that field is optional. But my main concern with this is applications like Firefox will eventually require this systemd age specific field and a standard systemd function to call. That means this age field will need to be populated and thus locking out the *BSDs and non-systemd Linux. If that happens, this makes the systemd critics 100% right, systemd is being forced upon all distros by various upstream applocations. |
| |
| ▲ | Bender 8 hours ago | parent | next [-] | | My gaming machines that I do not browse the web with have systemd (CachyOS) but my daily drivers do not. Should a website lock me out because I don't have some age API then in my view the problem has solved itself. The website has effectively blocked itself without me having to given the one and only correct way to age gate a site in my view is with the RTA header [1] that would trigger parental controls if optionally enabled on ones device. Every other path that involves exchanging data whether verified or not, anonymized or not can only lead to future evil shenanigans. [1] - https://news.ycombinator.com/item?id=46152074 | |
| ▲ | logicchains 8 hours ago | parent | prev [-] | | >But my main concern with this is applications like Firefox will eventually require this systemd age specific field and a standard systemd function to call. That means this age field will need to be populated and this locking out the *BSDs and non-systemd Linux. The risk is real, and the solution is to move away from systemd now, not wait until it's too late. Whatever conveniences it brings over other init systems are certainly not enough to justify giving up online anonymity forever. | | |
| ▲ | skydhash 8 hours ago | parent [-] | | > Whatever conveniences it brings over other init systems You see people rave about the greatness of systemd, then they turn to deploy their applications using Docker and some s6 config. |
|
|
|
| ▲ | pharrington 8 hours ago | parent | prev | next [-] |
| This is actually nuts. You can't even constantly implement "age verification" at the system level in a way that makes sense across world cultures. The only sane way to do this is you were playing along with arbitrary legislative age-gaters would be to add a generic "additional user info" blob to the account fields, if it didn't already exist. |
|
| ▲ | supliminal 8 hours ago | parent | prev | next [-] |
| Is 9front impacted? |
| |
| ▲ | dwedge 7 hours ago | parent [-] | | If these laws come in in their current form, it might be worth archiving ISOs like 9front because I'm sure at least one project will just close its doors |
|
|
| ▲ | motbus3 7 hours ago | parent | prev | next [-] |
| I think you miss the point
(But who am I) the simple fact you sending the same signal over and over again, with all other signals your browser send, it will be another key to make you apart.
They don't care if you lie. Important that you lie the same story every time. And after having your dob, who could easily be a flag if you are less than 18, they could easily request your name, or a document number, but I think it will be much better, it will have some ISP and/or Device ID. |
| |
| ▲ | ekr____ 7 hours ago | parent [-] | | It actually is more like a flag in most cases. Specifically, in the case of AB1043, you enter your age or your DOB but then the OS provides an age range (<13, 13-15, 16-17, 18+). Also, while some bills do seem to require browsers to promulgate age data to websites (e.g., NY SB102A [0]), AB1043 does not. Rather, it requires the browser
to read the age range just like any other app, but does't say anything about providing it to sites. [0] https://www.nysenate.gov/legislation/bills/2025/S8102/amendm... |
|
|
| ▲ | sunshine-o 8 hours ago | parent | prev | next [-] |
| The story reads like an april fool. For root to manage privileges in an OS, isn't a group the most straitforward way? Can't flatpak read the groups of an user? |
|
| ▲ | RcouF1uZ4gsC 8 hours ago | parent | prev | next [-] |
| > Will my system believe me? And how about their system, whoever “they” are? If not, then what else will I need to do to prove my birth date and age? Who will check if root can’t be trusted? How will they check? If they ever seize your computer, they can probably also tack on computer fraud charges |
|
| ▲ | ur-whale 8 hours ago | parent | prev | next [-] |
| Carry permit to operate a compiler is in our near future. |
| |
| ▲ | userbinator 7 hours ago | parent | next [-] | | Richard Stallman's "Right to Read" is worth reading again, because it portrays a very similar scenario. | |
| ▲ | heavyset_go 4 hours ago | parent | prev [-] | | Never forget what they did to encryption |
|
|
| ▲ | pgt 8 hours ago | parent | prev [-] |
| Fellow software engineers, what are we doing here? Why are we letting the EU / UK define the future of software? |
| |
| ▲ | DrinkyBird 8 hours ago | parent | next [-] | | 1. The UK and EU are rather large markets that they don’t want to miss out on. 2. There are software engineers in the UK and EU. 3. This specific implementation by Apple is not actually required by any UK or EU law, to my knowledge. 4. This specifically is or will be required by the laws of some US states and other countries. | |
| ▲ | looperhacks 8 hours ago | parent | prev [-] | | Maybe carefully read TFA - the age verification came from a Californian law |
|
