I didn’t really get the panic on the systemd PR. It’s literally just adding a “birthDate” field to the user record that behaves like any other field? If you’re running your own system you can change your birthdate to whatever you want since you have access to sudo.
Maybe kinda make sense for people who want to give their kids accounts and have their access locked down? It’s not like it’s any different than those “enter your age” screens on Steam or whatever.
Also:
We’re about to see millions of 126 year old Linux users lmao
I think it has to do with the slippery slope. When fields like work phone were added they served actual uses at the time.
They may be functionally identical but this is happening under an increasingly more invasive surveillance system and people have hated systemd eating every linux component since forever. Now that it’s a soft dependency on major desktop environments it just feels like a rug pull that they get to make these changes
It should definitely not be an enabled by default thing that’s for sure. I think when you’re setting up your system, you should get the option to enable birthdate. Then allow restricting access to specific things based on birthdate.
At no point should that control be passed on to anyone beyond the system administrator though. This could be useful for schools and homes with kids that you want to give user accounts to while maintaining a single age filtered list of applications. There’s no reason for it to be included in anything beyond that though.
It’s reasonable to assume the next legal step is to outlaw lying about your age. IP logs associated with an age of 126 would be easy targets. You could lie about your age with something more realistic, but then it’s another avenue of device fingerprinting.
A better thing to do would run a script that edits your age every boot, randomly between 25 and 65, along with an always-on vpn that keeps switching locations.
Or just switch to a distro without systemd, like KaOS. That’s probably the direction I’ll head next.
The push is towards identity attestation with digital signatures issued by authorities. Of course that’s still quite the technological leap from having an dob field in a user database, but that’s just a part of what’s required by the Californian legislation. The NY legislation already tried to include identity providers. And EU countries already have the IDs, the EU is just not in a strong position to require OSes to implement uniform support.
EU has been trying to push for government identities on social media for like 15 years. And online IDs even longer.
Of course that’s still quite the technological leap
Yeah I highly doubt this specifically will be any meaningful change or particularly the coming avenue for change, but I don’t necessarily think that’s fully it, because it has always been just as technologically feasible DRM currently is (“Secure”/“Trusted(treacherous)” Computing, TrustZone, TEE(s), Secure Element(s), ME, TPM, SGX, TDX et al…) all designed trusting the manufacturer first then the user second if even at all, all widely used(or capable) almost without exception today. I just don’t think the appetite or need has gotten truly there yet. but with with how suffocatingly American core internet infrastructure and historicaly entrenched design elements are, when truly threatened i can see the dropping of the “open” internet facade becoming much much much worse that won’t be as solvable as just some configs or applying some patches. ignoring the liberal dogs with unimaginable cognitive dissonance and white hubris that somehow imagine building around the exact same panopticon but painted blue with stars, and “European”(whatever this is) will somehow be spectacularly different. i can’t tell if my thinking is just borderline conspiratorial, but there is wayyy to much undeserved trust in this stuff that just because it hasn’t been weaponized more overtly yet doesn’t mean in more desperate scenarios/stronger positions it wont or cant be.
(I agree with you I’m just talking into the aether getting carried away typing saying the same thing but worse and convoluted. I need some sleep :( )
(removed my doomer disjointed rambling about actually important and real security being wrapped into “trusted” computing. truly free computing died soon after it was born; it is possible, but only in a better world. the last time I smiled was on August 19th, 1991. etc…)-
They aren’t that far off with UEFI and secure boot. I remember that there was a legit scare in the Linux community that community distros might be left behind.
And you are also overlooking what’s already happening on Android, you might still be able to run a custom FW but some apps just refuse to work. I could see regulations demanding that all adult apps require a signed firmware as a start. Many of the EU identity attestation apps already don’t work on custom FW and might only have option or two in your country. Many government services will be a lot harder to access if at all without those ID apps, already the case for some services.
And no the EU doesn’t truly care to get digital sovereignty, or they wouldn’t require ID apps that require google attestation. We already know the US government digitally sanctions people and turns of their digital access to US services they need.
It’s reasonable to assume the next legal step is to outlaw lying about your age. IP logs associated with an age of 126 would be easy targets.
Its really not reasonable to assume either of those things. If shit like this really takes off it’ll be less like the linked discussions and more like DRM, with proprietary software (and hardware, if they want it to stick), linked to an online service that “verifies” your age externally.
I’m not assuming good faith lol, those mechanisms just wouldn’t be effective, and assuming the government thinks about linux users enough to chase down IP logs of users with a particular fake age is childish, and that’s all assuming that the PRs being discussed even do anything of the sort (sending the age stored in the user db to external services willy nilly).
If age verification crap catches on it won’t be totally unenforceable mandates like “its illegal to lie about your age” it’ll be technological solutions ala DRM and they’ll be more effective (but still circumventable with a little expertise probably). And for now, I do expect that the legal mandates will remain on service providers, not individual users. We’re simply too much effort to prosecute for meaningless bullshit
A can’t see on your face that you lied about your age when you installed ubuntu 9 months ago, but they can identify members of those groups and single them out for harassment, culminating in disproportionate prosecution for minor offenses. These things are not comparable. A better comparison would be digital piracy.
This is a ridiculous hill to die on, idk why I’m even replying
They didn’t need your face, they have your digital footprint, and if you aren’t being extremely mindful of what personal information you leak online, they have WAY more data collected on you already than you should be remotely comfortable with.
Of course, but that has nothing to do with your prediction that I took issue with. I’m not saying this shit isn’t dystopian and going to get worse or that age verification isn’t going to be a part of that, but the specific childish predictions of “operating systems add age verification that literally is just asking the user what their age is and just send it willy nilly to cloud services -> government outlaws lying about your age -> services log ages and IPs -> the government gets that info and uses that to track down and prosecute people with the exact maximum age”.
The reason there’s generalized harassment of oppressed groups and not of digital pirates (or age liars) is 1) because pigs don’t actually care about digital piracy that much, its not baked-in to settler society in the way that white supremacy, patriarchy, etc. are, and 2) because pigs can’t really see it. 2 could change, we could get the watch dogs future world where everyone is facial recognition-ed at all times and that’s linked back to their digital footprint to such a granular level of detail that random beat cops can see that you pirated a movie last night or that you signed up to facebook with a false name/age. But even if that changes, point #1 will not change on its own, changing the law doesn’t suddenly make cops or the legal system at large give a shit to enforce it, it’ll just get used as another way of harassing the marginalized people they already wanted to harass.
Avoiding systemd is getting harder and harder though.
That’s exactly why it should be avoided. The vision of the FOSS operating system was that parts were interchangeable, and you aren’t locked into any one thing.
People raised the alarm bells on systemd years ago and unfortunately it seems they were correct all along.
Eh. I’m not really on the systemd hate train that a lot of people are. I think having a unified interface is good actually. Plus it’s modular enough that you can absolutely add/remove components in your distro.
I also really don’t think that this is a sign that they were correct, the whole point of my comment was to point out how ridiculously small this change is and it has no visible path towards becoming anything more.
systemd’s whole thing is being the glue, so it makes sense for them to expand their API when changes are being proposed. Doing that ahead of time saves them headache later since people will splinter into other workarounds.
If the “age verification” stuff ends up centralizing on a systemd module, that’s good actually since it means you’re less likely to see people implementing it themselves in ways that are harder to see or disable.
If all of that flows through systemd, you can just turn it off on the API layer and anyone who uses it (which at this point, will probably be a lot of people since they’re ahead of the game) hands off that control to a thing you as a sysadmin have easy control over.
'm not really on the systemd hate train that a lot of people are.
Systemd went out of it’s way to preemptively grovel in front of the US Empire before it was even asked to - that’s reason enough to hate it.
it has no visible path towards becoming anything more
The path is visible to anyway paying attention. I fear this is like climate change, all the warning signs are there, but Westerners find it way more comfortable to ignore the problem and bury themselves in treats and online media and kick the can down the road until it grows exponentially worse.
Maybe? Time will tell, but I don’t see anything like this being mainstreamed without forks and pushback. This isn’t Microsoft doing something behind closed doors.
If lying about your age is illegal then not verifying your age at all is probably also illegal. You probably wouldn’t be able to access any commercial, online software or websites using an unverified distro
Again, that’s outside the control of systemd. If they need to provide an interface, they need to provide an interface. If you don’t want to use that interface you don’t have to, but I’d rather have that commercial stuff pinging a known open API than doing something sketchy internally.
Theyve posted that they’ve gotten death threats, stuff sent to their house, endless phone calls and spam emails, people threatening their family members on social media. Everything you can think of outside of literally lighting their house on fire (so far).
I think their decision to voluntarily add this feature was poor and unnecessary (nobody asked or paid them to) but the reaction is disgusting.
That’s insane… It’s not like they added any sort of tracking code or any code that can cause anyone harm. They literally just added a date field to user accounts called “birthDate”. People need to fucking relax.
It upsets me more that he’s letting AI bros contribute to systemd than anything he did before. I think he even used one of the slop
machines to review the PR.
That’s a way bigger story. Open Source projects need at least a “you have to tell us if you used AI” policy. Even then slop reviews and slop PRs are a recipe for disaster.
Beyond the ethical, environmental, and legal issues, it just means you’re more likely to get complacent. Most projects have some sort of BDFL that guides the overall vision, and if that gets co-opted by a system designed to trick people into thinking it’s smart you’re fucked.
I didn’t really get the panic on the systemd PR. It’s literally just adding a “birthDate” field to the user record that behaves like any other field? If you’re running your own system you can change your birthdate to whatever you want since you have access to
sudo.Maybe kinda make sense for people who want to give their kids accounts and have their access locked down? It’s not like it’s any different than those “enter your age” screens on Steam or whatever.
Also:
We’re about to see millions of 126 year old Linux users lmao
I think it has to do with the slippery slope. When fields like work phone were added they served actual uses at the time.
They may be functionally identical but this is happening under an increasingly more invasive surveillance system and people have hated systemd eating every linux component since forever. Now that it’s a soft dependency on major desktop environments it just feels like a rug pull that they get to make these changes
It should definitely not be an enabled by default thing that’s for sure. I think when you’re setting up your system, you should get the option to enable birthdate. Then allow restricting access to specific things based on birthdate.
At no point should that control be passed on to anyone beyond the system administrator though. This could be useful for schools and homes with kids that you want to give user accounts to while maintaining a single age filtered list of applications. There’s no reason for it to be included in anything beyond that though.
It’s reasonable to assume the next legal step is to outlaw lying about your age. IP logs associated with an age of 126 would be easy targets. You could lie about your age with something more realistic, but then it’s another avenue of device fingerprinting.
A better thing to do would run a script that edits your age every boot, randomly between 25 and 65, along with an always-on vpn that keeps switching locations.
Or just switch to a distro without systemd, like KaOS. That’s probably the direction I’ll head next.
The push is towards identity attestation with digital signatures issued by authorities. Of course that’s still quite the technological leap from having an dob field in a user database, but that’s just a part of what’s required by the Californian legislation. The NY legislation already tried to include identity providers. And EU countries already have the IDs, the EU is just not in a strong position to require OSes to implement uniform support.
EU has been trying to push for government identities on social media for like 15 years. And online IDs even longer.
Yeah I highly doubt this specifically will be any meaningful change or particularly the coming avenue for change, but I don’t necessarily think that’s fully it, because it has always been just as technologically feasible DRM currently is (“Secure”/“Trusted(treacherous)” Computing, TrustZone, TEE(s), Secure Element(s), ME, TPM, SGX, TDX et al…) all designed trusting the manufacturer first then the user second if even at all, all widely used(or capable) almost without exception today. I just don’t think the appetite or need has gotten truly there yet. but with with how suffocatingly American core internet infrastructure and historicaly entrenched design elements are, when truly threatened i can see the dropping of the “open” internet facade becoming much much much worse that won’t be as solvable as just some configs or applying some patches. ignoring the liberal dogs with unimaginable cognitive dissonance and white hubris that somehow imagine building around the exact same panopticon but painted blue with stars, and “European”(whatever this is) will somehow be spectacularly different. i can’t tell if my thinking is just borderline conspiratorial, but there is wayyy to much undeserved trust in this stuff that just because it hasn’t been weaponized more overtly yet doesn’t mean in more desperate scenarios/stronger positions it wont or cant be.
(I agree with you I’m just talking into the aether getting carried away typing saying the same thing but worse and convoluted. I need some sleep :( )
(removed my doomer disjointed rambling about actually important and real security being wrapped into “trusted” computing. truly free computing died soon after it was born; it is possible, but only in a better world. the last time I smiled was on August 19th, 1991. etc…)-
They aren’t that far off with UEFI and secure boot. I remember that there was a legit scare in the Linux community that community distros might be left behind.
And you are also overlooking what’s already happening on Android, you might still be able to run a custom FW but some apps just refuse to work. I could see regulations demanding that all adult apps require a signed firmware as a start. Many of the EU identity attestation apps already don’t work on custom FW and might only have option or two in your country. Many government services will be a lot harder to access if at all without those ID apps, already the case for some services.
And no the EU doesn’t truly care to get digital sovereignty, or they wouldn’t require ID apps that require google attestation. We already know the US government digitally sanctions people and turns of their digital access to US services they need.
Its really not reasonable to assume either of those things. If shit like this really takes off it’ll be less like the linked discussions and more like DRM, with proprietary software (and hardware, if they want it to stick), linked to an online service that “verifies” your age externally.
I think you’re offering way too much good faith to a government that believes in prisonlabormaxxing and genocidemaxxing.
I’m not assuming good faith lol, those mechanisms just wouldn’t be effective, and assuming the government thinks about linux users enough to chase down IP logs of users with a particular fake age is childish, and that’s all assuming that the PRs being discussed even do anything of the sort (sending the age stored in the user db to external services willy nilly).
If age verification crap catches on it won’t be totally unenforceable mandates like “its illegal to lie about your age” it’ll be technological solutions ala DRM and they’ll be more effective (but still circumventable with a little expertise probably). And for now, I do expect that the legal mandates will remain on service providers, not individual users. We’re simply too much effort to prosecute for meaningless bullshit
You would think hippies and immigrants and trans people are too much effort to prosecute for meaningless bullshit too.
A
can’t see on your face that you lied about your age when you installed ubuntu 9 months ago, but they can identify members of those groups and single them out for harassment, culminating in disproportionate prosecution for minor offenses. These things are not comparable. A better comparison would be digital piracy.
This is a ridiculous hill to die on, idk why I’m even replying
They didn’t need your face, they have your digital footprint, and if you aren’t being extremely mindful of what personal information you leak online, they have WAY more data collected on you already than you should be remotely comfortable with.
Of course, but that has nothing to do with your prediction that I took issue with. I’m not saying this shit isn’t dystopian and going to get worse or that age verification isn’t going to be a part of that, but the specific childish predictions of “operating systems add age verification that literally is just asking the user what their age is and just send it willy nilly to cloud services -> government outlaws lying about your age -> services log ages and IPs -> the government gets that info and uses that to track down and prosecute people with the exact maximum age”.
The reason there’s generalized harassment of oppressed groups and not of digital pirates (or age liars) is 1) because pigs don’t actually care about digital piracy that much, its not baked-in to settler society in the way that white supremacy, patriarchy, etc. are, and 2) because pigs can’t really see it. 2 could change, we could get the watch dogs future world where everyone is facial recognition-ed at all times and that’s linked back to their digital footprint to such a granular level of detail that random beat cops can see that you pirated a movie last night or that you signed up to facebook with a false name/age. But even if that changes, point #1 will not change on its own, changing the law doesn’t suddenly make cops or the legal system at large give a shit to enforce it, it’ll just get used as another way of harassing the marginalized people they already wanted to harass.
Avoiding systemd is getting harder and harder though. Some sort of script or plugin would probably be best.
That’s exactly why it should be avoided. The vision of the FOSS operating system was that parts were interchangeable, and you aren’t locked into any one thing.
People raised the alarm bells on systemd years ago and unfortunately it seems they were correct all along.
Eh. I’m not really on the systemd hate train that a lot of people are. I think having a unified interface is good actually. Plus it’s modular enough that you can absolutely add/remove components in your distro.
I also really don’t think that this is a sign that they were correct, the whole point of my comment was to point out how ridiculously small this change is and it has no visible path towards becoming anything more.
systemd’s whole thing is being the glue, so it makes sense for them to expand their API when changes are being proposed. Doing that ahead of time saves them headache later since people will splinter into other workarounds.
If the “age verification” stuff ends up centralizing on a systemd module, that’s good actually since it means you’re less likely to see people implementing it themselves in ways that are harder to see or disable.
If all of that flows through systemd, you can just turn it off on the API layer and anyone who uses it (which at this point, will probably be a lot of people since they’re ahead of the game) hands off that control to a thing you as a sysadmin have easy control over.
Systemd went out of it’s way to preemptively grovel in front of the US Empire before it was even asked to - that’s reason enough to hate it.
The path is visible to anyway paying attention. I fear this is like climate change, all the warning signs are there, but Westerners find it way more comfortable to ignore the problem and bury themselves in treats and online media and kick the can down the road until it grows exponentially worse.
Maybe? Time will tell, but I don’t see anything like this being mainstreamed without forks and pushback. This isn’t Microsoft doing something behind closed doors.
If lying about your age is illegal then not verifying your age at all is probably also illegal. You probably wouldn’t be able to access any commercial, online software or websites using an unverified distro
Again, that’s outside the control of systemd. If they need to provide an interface, they need to provide an interface. If you don’t want to use that interface you don’t have to, but I’d rather have that commercial stuff pinging a known open API than doing something sketchy internally.
This would be a significantly better problem to deal with than having the OS compromised in the first place.
Best part is that you can just not set it at all and then literally nothing changes for you.
Other PRs from this developer which make
useraddask you for your birth date with no way to opt out… Yeah that’s bad.Apparently the person who made that PR was doxxed and sent death threats, which only makes me empathize with systemd even more.
Theyve posted that they’ve gotten death threats, stuff sent to their house, endless phone calls and spam emails, people threatening their family members on social media. Everything you can think of outside of literally lighting their house on fire (so far).
I think their decision to voluntarily add this feature was poor and unnecessary (nobody asked or paid them to) but the reaction is disgusting.
That’s insane… It’s not like they added any sort of tracking code or any code that can cause anyone harm. They literally just added a date field to user accounts called “birthDate”. People need to fucking relax.
It’s just annoying and Lennart has also been very normal about the whole thing.
I don’t think my distro even runs userdbd so it’s kinda whatever.
It upsets me more that he’s letting AI bros contribute to systemd than anything he did before. I think he even used one of the slop machines to review the PR.
That’s a way bigger story. Open Source projects need at least a “you have to tell us if you used AI” policy. Even then slop reviews and slop PRs are a recipe for disaster.
Beyond the ethical, environmental, and legal issues, it just means you’re more likely to get complacent. Most projects have some sort of BDFL that guides the overall vision, and if that gets co-opted by a system designed to trick people into thinking it’s smart you’re fucked.