the simple fact you sending the same signal over and over again, with all other signals your browser send, it will be another key to make you apart.
They don't care if you lie. Important that you lie the same story every time.
And after having your dob, who could easily be a flag if you are less than 18, they could easily request your name, or a document number, but I think it will be much better, it will have some ISP and/or Device ID.
ekr____ 1 hours ago [-]
OP is certainly right that a lot of this legislation is written in ways that are hard to interpret and that often seem like they would have undesirable side effects even under the assumption that the basic idea is good (whether that's actually true is a whole different question).
In the specific case of CA AB1043: (1) Systems are required to ask the user for their age and just trust whatever they say (2) Applications are required to query the system for the user's age range. Other enacted and proposed device-based age assurance mandates have different properties.
I think this legislation is as dumb as everyone else does, but it also seems like the cheapest way for everyone to agree that we did something about the moral panic without actually giving up anything. It doesn’t do anything with ID or privacy or even actual verification. There’s no complicated auth dance to do with government services to verify our age tokens or whatever the latest Rube Goldberg machine “zero knowledge” age check proposal is.
I’ve been shocked at how many HN comments always come out in favor of age related legislation and heavy government regulation when the topic comes up. The pro-regulation commenters always seem to assume the age checks would never apply to them because they don’t have use TikTok or Facebook or other services, yet few realize that there aren’t going to be laws written in a way that only apply to a couple named companies you don’t use anyway. If we age verification laws then they’re going to be everywhere.
I personally hope this legislation dies and we can be done with this silly exercise, but if we’re stuck with age verification moral panic than a simple OS-level switch that we set once and then forget about seems like the least intrusive form of “age verification” we can get away with.
kmeisthax 3 minutes ago [-]
You're on the right path, but the "something" politicians want to do is specifically "regulate Facebook's patent harms to children". Facebook's counter-argument is: "we don't have a legally ironclad way to check user age, it should be Apple and Google's job". So the politicians want to write a law to make it Apple and Google's job to check age.
In other words, all of these age verification laws are here predominantly to indemnify Facebook from a growing wave of child endangerment lawsuits in a way that will ensure Facebook doesn't have to kick off even a single teen from their platforms. That's why the "verification" is just a date and an age range bucket.
My personal opinion is that these laws are stupid, but not harmful to Linux users, and that everyone angry at systemd for complying is shooting the wrong guy. Your real target is Facebook and you should be yelling at your local representative to make this bill not target Linux distros.
AnthonyMouse 45 minutes ago [-]
> Systems are required to ask the user for their age and just trust whatever they say
If you're going to do anything like this, this is the thing they actually get right. It removes the inconvenience, privacy invasion, forced use of corporate verifiers with perverse incentives, etc. Meanwhile if the user is actually a child then their age is set by their parent.
> Applications are required to query the system for the user's age range.
This is classic legislative stupidity. Applications are required to query the user's age range even if they contain no age-restricted content? Brilliant.
ekr____ 40 minutes ago [-]
>> Systems are required to ask the user for their age and just trust whatever they say
>
> This is the thing they actually get right. It removes the inconvenience, privacy invasion, forced use of corporate verifiers with perverse incentives, etc. Meanwhile if the user is actually a child then their age is set by their parent.
Well, maybe. For instance, if a child buys their own device they could
set the age to whatever they want.
>> Applications are required to query the system for the user's age range.
>
> This is classic legislative stupidity. Applications are required to query the user's age range even if they contain no age-restricted content? Brilliant.
Note that AB1043 doesn't actually impose much in the way of requirements about age restricted content. Rather, the way it works is that the developer is then assumed to have "actual knowledge" of the user's age (See 1798.501(b)(2)(A)) and then has to behave accordingly in other age-restricted contexts.
AnthonyMouse 26 minutes ago [-]
> For instance, if a child buys their own device they could set the age to whatever they want.
If a child has the money to buy a device without the parent knowing about it then they could just buy a used device that has already been configured with an account or pay a high school senior to set one up on their new device.
> Rather, the way it works is that the developer is then assumed to have "actual knowledge" of the user's age (See 1798.501(b)(2)(A)) and then has to behave accordingly in other age-restricted contexts.
How is mkdir or python3 supposed to "behave accordingly in other age-restricted contexts"? And if the answer is that its behavior is entirely unmodified, why is it required to do something without effect?
Also, who is the "developer" of a thirty year old project with thousands of contributors and multiple forks? All of them? None of them? The last one to make a commit, even if they're outside the jurisdiction?
ekr____ 24 seconds ago [-]
> > For instance, if a child buys their own device they could set the age to whatever they want.
>
> If a child has the money to buy a device without the parent knowing about it then they could just buy a used device that has already been configured with an account or pay a high school senior to set one up on their new device.
Yes, agreed. I'm just describing how it works.
>> Rather, the way it works is that the developer is then assumed to have "actual knowledge" of the user's age (See 1798.501(b)(2)(A)) and then has to behave accordingly in other age-restricted contexts.
>
>How is mkdir or python3 supposed to "behave accordingly in other age-restricted contexts"? And if the answer is that its behavior is entirely unmodified, why is it required to do something without effect?
> Also, who is the "developer" of a thirty year old project with thousands of contributors and multiple forks? All of them? None of them? The last one to make a commit, even if they're outside the jurisdiction?
This unspecified in the current text.
rickydroll 20 minutes ago [-]
One could interpret the age verification operation must run for every command executed in interactive or non-interactive mode.
AnthonyMouse 8 minutes ago [-]
It sounds like you want to automate the invisible purposeless no-op. Is that allowed?
simion314 28 minutes ago [-]
> For instance, if a child buys their own device
Then the law can make it illegal to sell smartphones or computers to 12 years olds or we could just ask the parents to do a bit of work and ensure their children is not buying devices behind their backs.
The idea is to make it easy for responsible parents to give a device to their children and make it easy for legal websites to block minors from adult content. We can't get perfect results but good enough could shut upo the complainers and maybe we get them do things like educating parents on how to proceed when they gift a device to a child.
nout 1 hours ago [-]
It's interesting that the package managers become choke points that can be used for government overreach. Luckily Linux is open source so I expect there will be options that just don't do this from principle.
Otherwise my Intel NUC server with Debian is 2 years old, so I expect the honest age would be 2 years? I may have parts for some old PCs to put together that could get adult software I guess...
awesome_dude 38 minutes ago [-]
For me, the big issue is going to be mobile devices (phones, and tablets to a lesser degree)
I've already had it up to my back teeth with Google arbitrarily updating things such that the on/off button was hijacked, preventing me from switch the device off, instead triggering an interaction with freaking Gemini (what sort of IDIOT thought doing that to a device was a good idea)
I'm seriously trying to find a way to no longer run Apple or Google OS based phones - which puts me in the "Linux" or "Graphene" market
lschueller 1 hours ago [-]
Quite spooky imaging that apple might create by that a fully verified pii database for half of gen z and every coming gen users
looperhacks 38 minutes ago [-]
This systemd change is absurdly overdiscussed. It's a field for a number, no verification, no enforcement for anything.
And no, I do not accept the slippery slope fallacy.
dwedge 9 minutes ago [-]
> And no, I do not accept the slippery slope fallacy.
Well, you can never delete this comment.
cmckn 28 minutes ago [-]
Why does it exist?
skywhopper 19 minutes ago [-]
Because some implementers will need or want to use it.
htx80nerd 34 minutes ago [-]
[flagged]
tombert 37 minutes ago [-]
I've been running NixOS for awhile, which is very firmly integrated with systemd.
I wonder if it's time to try something like sixos or Guix SD.
htx80nerd 35 minutes ago [-]
Artix (Arch) and MX Linux (Debian) are very nice
tombert 30 minutes ago [-]
Oh I only use distros that are declarative like NixOS.
I've run Arch in the past and I liked it just fine, but they are ultimately different than how I like running my computer.
ur-whale 16 minutes ago [-]
Carry permit to operate a compiler is in our near future.
userbinator 4 minutes ago [-]
Richard Stallman's "Right to Read" is worth reading again, because it portrays a very similar scenario.
Shank 1 hours ago [-]
It seems incredibly silly to me that this is being rushed into systemd and other linux components. I understand Apple making changes, and even Canonical, but systemd is not run by one corporation and there is no reason to adhere to a badly written law. Why play along with the charade? If root is root, the "age verification" field does not make any sense.
Why are these changes being made on a worldwide basis when the laws that have been introduced are a relatively small fraction of the world? California isn't going to go after individual systemd maintainers. Will California go after Torvalds? I doubt it. Apple? Surely, but this is, quite frankly, a ridiculous thing to even suggest for inclusion into these setups.
gizmo686 25 minutes ago [-]
Open source is driven by contributions. Most of the time, if someone wants a feature, implements the feature, and submits a reasonable PR to a project, that project will have the feature. In this case, the PR appears to have been written by someone who is not a regular SystemD contributor, and (through a bit of Googling) works for a FinTech company with no obvious interest. I can't comment on why that individual wanted to add support.
However, once someone added support, the question for SystemD is not if it is worth implementing, but if it is worth merging. At this point, it becomes a simple case of "the most intolerant wins". For people who care about complying with CA style laws, this feature is critical. For people who don't care, this feature is fine. I doubt it will even make it on mosts lists of SystemD feature bloat that most people don't care about.
This is the same reason a bunch of the food in your pantry is certified kosher. No one is going to not buy something because it is kosher. But if paying a thousand dollars a year to put a small circle-u symbol on the back of your box can increase sales by 1% among observant Jews, most companies are going to do it.
nine_k 52 minutes ago [-]
> systemd is not run by one corporation
Two corporations, e.g. Canonical and Red Hat, might suffice.
I hope everybody remembers how systemd was thrust upon the community by having Gnome largely depend on it. This was mostly done by efforts of Red Hat, and that sufficed.
lunar_rover 27 minutes ago [-]
California has both vendors and clients that are big enough to warrant immediate compliance. A very measurable chunk of Linux is from corporations, most major advancements are corporate backed in some way.
ChocolateGod 46 minutes ago [-]
IIRC all that's been done is a field has been added to store the user date of birth and a protocol that can be used to retrieve said date.
That's it.
sunshine-o 21 minutes ago [-]
The story reads like an april fool.
For root to manage privileges in an OS, isn't a group the most straitforward way?
Can't flatpak read the groups of an user?
supliminal 37 minutes ago [-]
Is 9front impacted?
dwedge 7 minutes ago [-]
If these laws come in in their current form, it might be worth archiving ISOs like 9front because I'm sure at least one project will just close its doors
pharrington 28 minutes ago [-]
This is actually nuts. You can't even constantly implement "age verification" at the system level in a way that makes sense across world cultures.
The only sane way to do this is you were playing along with arbitrary legislative age-gaters would be to add a generic "additional user info" blob to the account fields, if it didn't already exist.
jmclnx 1 hours ago [-]
This is a no win situation and I think systemd is making this change too early. But I have read that field is optional.
But my main concern with this is applications like Firefox will eventually require this systemd age specific field and a standard systemd function to call. That means this age field will need to be populated and thus locking out the *BSDs and non-systemd Linux.
If that happens, this makes the systemd critics 100% right, systemd is being forced upon all distros by various upstream applocations.
Bender 1 hours ago [-]
My gaming machines that I do not browse the web with have systemd (CachyOS) but my daily drivers do not. Should a website lock me out because I don't have some age API then in my view the problem has solved itself. The website has effectively blocked itself without me having to given the one and only correct way to age gate a site in my view is with the RTA header [1] that would trigger parental controls if optionally enabled on ones device. Every other path that involves exchanging data whether verified or not, anonymized or not will only lead to future evil shenanigans.
>But my main concern with this is applications like Firefox will eventually require this systemd age specific field and a standard systemd function to call. That means this age field will need to be populated and this locking out the *BSDs and non-systemd Linux.
The risk is real, and the solution is to move away from systemd now, not wait until it's too late. Whatever conveniences it brings over other init systems are certainly not enough to justify giving up online anonymity forever.
skydhash 12 minutes ago [-]
> Whatever conveniences it brings over other init systems
You see people rave about the greatness of systemd, then they turn to deploy their applications using Docker and some s6 config.
12972891 44 minutes ago [-]
[dead]
RcouF1uZ4gsC 1 hours ago [-]
> Will my system believe me? And how about their system, whoever “they” are? If not, then what else will I need to do to prove my birth date and age? Who will check if root can’t be trusted? How will they check?
If they ever seize your computer, they can probably also tack on computer fraud charges
hanisong 41 minutes ago [-]
[dead]
pgt 45 minutes ago [-]
Fellow software engineers, what are we doing here? Why are we letting the EU / UK define the future of software?
DrinkyBird 40 minutes ago [-]
1. The UK and EU are rather large markets that they don’t want to miss out on.
2. There are software engineers in the UK and EU.
3. This specific implementation by Apple is not actually required by any UK or EU law, to my knowledge.
4. This specifically is or will be required by the laws of some US states and other countries.
looperhacks 43 minutes ago [-]
Maybe carefully read TFA - the age verification came from a Californian law
Rendered at 20:40:54 GMT+0000 (Coordinated Universal Time) with Vercel.
the simple fact you sending the same signal over and over again, with all other signals your browser send, it will be another key to make you apart. They don't care if you lie. Important that you lie the same story every time.
And after having your dob, who could easily be a flag if you are less than 18, they could easily request your name, or a document number, but I think it will be much better, it will have some ISP and/or Device ID.
In the specific case of CA AB1043: (1) Systems are required to ask the user for their age and just trust whatever they say (2) Applications are required to query the system for the user's age range. Other enacted and proposed device-based age assurance mandates have different properties.
This post goes into quite a bit of detail about the various points of concern: https://educatedguesswork.org/posts/device-based-age-assuran...
I’ve been shocked at how many HN comments always come out in favor of age related legislation and heavy government regulation when the topic comes up. The pro-regulation commenters always seem to assume the age checks would never apply to them because they don’t have use TikTok or Facebook or other services, yet few realize that there aren’t going to be laws written in a way that only apply to a couple named companies you don’t use anyway. If we age verification laws then they’re going to be everywhere.
I personally hope this legislation dies and we can be done with this silly exercise, but if we’re stuck with age verification moral panic than a simple OS-level switch that we set once and then forget about seems like the least intrusive form of “age verification” we can get away with.
In other words, all of these age verification laws are here predominantly to indemnify Facebook from a growing wave of child endangerment lawsuits in a way that will ensure Facebook doesn't have to kick off even a single teen from their platforms. That's why the "verification" is just a date and an age range bucket.
My personal opinion is that these laws are stupid, but not harmful to Linux users, and that everyone angry at systemd for complying is shooting the wrong guy. Your real target is Facebook and you should be yelling at your local representative to make this bill not target Linux distros.
If you're going to do anything like this, this is the thing they actually get right. It removes the inconvenience, privacy invasion, forced use of corporate verifiers with perverse incentives, etc. Meanwhile if the user is actually a child then their age is set by their parent.
> Applications are required to query the system for the user's age range.
This is classic legislative stupidity. Applications are required to query the user's age range even if they contain no age-restricted content? Brilliant.
Well, maybe. For instance, if a child buys their own device they could set the age to whatever they want.
>> Applications are required to query the system for the user's age range. > > This is classic legislative stupidity. Applications are required to query the user's age range even if they contain no age-restricted content? Brilliant.
Note that AB1043 doesn't actually impose much in the way of requirements about age restricted content. Rather, the way it works is that the developer is then assumed to have "actual knowledge" of the user's age (See 1798.501(b)(2)(A)) and then has to behave accordingly in other age-restricted contexts.
If a child has the money to buy a device without the parent knowing about it then they could just buy a used device that has already been configured with an account or pay a high school senior to set one up on their new device.
> Rather, the way it works is that the developer is then assumed to have "actual knowledge" of the user's age (See 1798.501(b)(2)(A)) and then has to behave accordingly in other age-restricted contexts.
How is mkdir or python3 supposed to "behave accordingly in other age-restricted contexts"? And if the answer is that its behavior is entirely unmodified, why is it required to do something without effect?
Also, who is the "developer" of a thirty year old project with thousands of contributors and multiple forks? All of them? None of them? The last one to make a commit, even if they're outside the jurisdiction?
Yes, agreed. I'm just describing how it works.
>> Rather, the way it works is that the developer is then assumed to have "actual knowledge" of the user's age (See 1798.501(b)(2)(A)) and then has to behave accordingly in other age-restricted contexts. > >How is mkdir or python3 supposed to "behave accordingly in other age-restricted contexts"? And if the answer is that its behavior is entirely unmodified, why is it required to do something without effect?
I agree this is undesirable. See: https://educatedguesswork.org/posts/device-based-age-assuran...
> Also, who is the "developer" of a thirty year old project with thousands of contributors and multiple forks? All of them? None of them? The last one to make a commit, even if they're outside the jurisdiction?
This unspecified in the current text.
Then the law can make it illegal to sell smartphones or computers to 12 years olds or we could just ask the parents to do a bit of work and ensure their children is not buying devices behind their backs.
The idea is to make it easy for responsible parents to give a device to their children and make it easy for legal websites to block minors from adult content. We can't get perfect results but good enough could shut upo the complainers and maybe we get them do things like educating parents on how to proceed when they gift a device to a child.
Otherwise my Intel NUC server with Debian is 2 years old, so I expect the honest age would be 2 years? I may have parts for some old PCs to put together that could get adult software I guess...
I've already had it up to my back teeth with Google arbitrarily updating things such that the on/off button was hijacked, preventing me from switch the device off, instead triggering an interaction with freaking Gemini (what sort of IDIOT thought doing that to a device was a good idea)
I'm seriously trying to find a way to no longer run Apple or Google OS based phones - which puts me in the "Linux" or "Graphene" market
And no, I do not accept the slippery slope fallacy.
Well, you can never delete this comment.
I wonder if it's time to try something like sixos or Guix SD.
I've run Arch in the past and I liked it just fine, but they are ultimately different than how I like running my computer.
Why are these changes being made on a worldwide basis when the laws that have been introduced are a relatively small fraction of the world? California isn't going to go after individual systemd maintainers. Will California go after Torvalds? I doubt it. Apple? Surely, but this is, quite frankly, a ridiculous thing to even suggest for inclusion into these setups.
This is the same reason a bunch of the food in your pantry is certified kosher. No one is going to not buy something because it is kosher. But if paying a thousand dollars a year to put a small circle-u symbol on the back of your box can increase sales by 1% among observant Jews, most companies are going to do it.
Two corporations, e.g. Canonical and Red Hat, might suffice.
I hope everybody remembers how systemd was thrust upon the community by having Gnome largely depend on it. This was mostly done by efforts of Red Hat, and that sufficed.
That's it.
For root to manage privileges in an OS, isn't a group the most straitforward way?
Can't flatpak read the groups of an user?
The only sane way to do this is you were playing along with arbitrary legislative age-gaters would be to add a generic "additional user info" blob to the account fields, if it didn't already exist.
But my main concern with this is applications like Firefox will eventually require this systemd age specific field and a standard systemd function to call. That means this age field will need to be populated and thus locking out the *BSDs and non-systemd Linux.
If that happens, this makes the systemd critics 100% right, systemd is being forced upon all distros by various upstream applocations.
[1] - https://news.ycombinator.com/item?id=46152074
The risk is real, and the solution is to move away from systemd now, not wait until it's too late. Whatever conveniences it brings over other init systems are certainly not enough to justify giving up online anonymity forever.
You see people rave about the greatness of systemd, then they turn to deploy their applications using Docker and some s6 config.
If they ever seize your computer, they can probably also tack on computer fraud charges
2. There are software engineers in the UK and EU.
3. This specific implementation by Apple is not actually required by any UK or EU law, to my knowledge.
4. This specifically is or will be required by the laws of some US states and other countries.