A small set of people are merging changes to various Linux components to make sure every application knows your birth date.
-
-
A small set of people are merging changes to various Linux components to make sure every application knows your birth date.
This is being done rapidly by people with questionable justifications and being merged with no youth and few marginalized people involved.
@wwahammy
Also this is most likely illegal under gdpr as collecting personal data that is not required for the system to work is illegal. Only necessary data should be collected. So they just made systemd illegal in Europe. Good job. -
In case anyone is unclear, since I hear he's also campaigning on this Linux age-gating trash:
Bryan Lunduke is a fascist hatemonger. He represents the absolute worst in free software and I believe he should be ostracized from any and all parts of our community. He wants software freedom for himself and in the abstract but despises individuals expressing their freedom. He believes in a software freedom that is hollowed out and missing love.
@wwahammy he don't like wokes and he complains about new lead debian project because she is a women who wants more inclusivity
Lunduke =
Need more real free software radical left/rogressiv activists'
-
A small set of people are merging changes to various Linux components to make sure every application knows your birth date.
This is being done rapidly by people with questionable justifications and being merged with no youth and few marginalized people involved.
@wwahammy waiting for the gentoo -dystopia USE flag
-
@artemis @wwahammy this isn't complying in advance, it's complying with the law. Which passed unanimously through the California assembly and senate and was signed into law by Gavin Newsom in 2025. It's not going to be repealed.
Open source projects do not have the type of budget that allows them to merely ignore the law and shrug off fines and legal fees.
-
I found this a good write-up https://www.sambent.com/the-engineer-who-tried-to-put-age-verification-into-linux-5/
-
@wwahammy @ShadSterling @smn we are rapidly getting to a point (some would argue past a point) where resistance, for us white folks who've had little skin in the game, is going to mean real consequences and confronting the fact that the law is an ass.
@artemis @wwahammy @ShadSterling @smn the "good time" of white europeans is finish
️ -
@artemis @wwahammy this isn't complying in advance, it's complying with the law. Which passed unanimously through the California assembly and senate and was signed into law by Gavin Newsom in 2025. It's not going to be repealed.
Open source projects do not have the type of budget that allows them to merely ignore the law and shrug off fines and legal fees.
-
A small set of people are merging changes to various Linux components to make sure every application knows your birth date.
This is being done rapidly by people with questionable justifications and being merged with no youth and few marginalized people involved.
@wwahammy istg these sorts of things never get passed by the people they're set to effect ever
-
-
A small set of people are merging changes to various Linux components to make sure every application knows your birth date.
This is being done rapidly by people with questionable justifications and being merged with no youth and few marginalized people involved.
The community pushed back hard on this one. The Arch maintainers are holding, Canonical backed away, and Artix Linux, the systemd-free Arch derivative, issued the clearest statement: they will never require any verification or ID. It's FOSS When someone opened a revert PR, Lennart closed it himself on March 19th. The birthDate field is in systemd and it's staying.
It's funny because only Artix isn't actively enforcing this change. Arch are lying that they're holding (they're not). Canonical are lying that they're backing away (they're not). How can I tell? Both of them use systemd. Both of them require systemd. So anything that gets merged into systemd, they require, whether they want to or not.
It's a fuggin disgrace to see people downstream of an important change saying "Oh no, no we aren't gonna comply with this nosirree," while forcing upstream compliance of it down our throats just by being useless tools. -
I found this a good write-up https://www.sambent.com/the-engineer-who-tried-to-put-age-verification-into-linux-5/
The community pushed back hard on this one. The Arch maintainers are holding, Canonical backed away, and Artix Linux, the systemd-free Arch derivative, issued the clearest statement: they will never require any verification or ID. It's FOSS When someone opened a revert PR, Lennart closed it himself on March 19th. The birthDate field is in systemd and it's staying.
It's funny because only Artix isn't actively enforcing this change. Arch are lying that they're holding (they're not). Canonical are lying that they're backing away (they're not). How can I tell? Both of them use systemd. Both of them require systemd. So anything that gets merged into systemd, they require, whether they want to or not.
It's a fuggin disgrace to see people downstream of an important change saying "Oh no, no we aren't gonna comply with this nosirree," while forcing upstream compliance of it down our throats just by being useless tools.
CC: @wwahammy@treehouse.systems @k3ym0@infosec.exchange -
@wwahammy can’t we fork it prior to that commit and maintain a separate fork?
-
@artemis I don't know why.
And I'd say "why are people complying at all?".
I think this preemptive compliance has a lot to do with a lot of low-level open source development now being a regular day-job at a large tech company. So, you have people writing code who are embedded in an infrastructure with managers, performance targets, and the corporate culture associated with that, and where compliance with whatever the corporate hierarchy demands is the norm.
This is a very different situation when you compare that to entrepreneurs and academics like Phil Zimmermann and djb, who didn't preemptively comply with export control laws.
-
@wwahammy apart from security fixes I don't see any earth-shattering reason to improve these modules, so is a security-fix only maintainable version possible?
@mahadevank @wwahammy If you're prepared to do the work, it's possible.
#OpenSource is maintained by people who do the work, mostly unpaid, mostly unthanked.
-
In case anyone is unclear, since I hear he's also campaigning on this Linux age-gating trash:
Bryan Lunduke is a fascist hatemonger. He represents the absolute worst in free software and I believe he should be ostracized from any and all parts of our community. He wants software freedom for himself and in the abstract but despises individuals expressing their freedom. He believes in a software freedom that is hollowed out and missing love.
@wwahammy unless people have ample proof on what he believes in I suggest that they moderate their tone. This looks like a hate campaign to me.
Some people only wanna implement/support laws they like. That's not how laws work.
The cyberspace is not independent.
-
@artemis @wwahammy this isn't complying in advance, it's complying with the law. Which passed unanimously through the California assembly and senate and was signed into law by Gavin Newsom in 2025. It's not going to be repealed.
Open source projects do not have the type of budget that allows them to merely ignore the law and shrug off fines and legal fees.
When I read about it a few months ago, I had the impression that OS vendors needed to not only offer a way to do age verification, but also guarantee that the age verification would be reasonably foolproof (e.g. with ID verification). Apple/Google/Microsoft can do that; Linux distros can't. Assuming that my impression was correct, and that the law wasn't modified before being voted (two bold assumptions for sure), I don't see how that systemd comedy is going to help if bad actors decide to sue Linux distros for non-compliance
-
@mahadevank @wwahammy If you're prepared to do the work, it's possible.
#OpenSource is maintained by people who do the work, mostly unpaid, mostly unthanked.
@simon_brooke @wwahammy what would be the most important module to protect in your opinion? I'll try and fork a version out to codeberg
-
A small set of people are merging changes to various Linux components to make sure every application knows your birth date.
This is being done rapidly by people with questionable justifications and being merged with no youth and few marginalized people involved.
If I’m reading this PR correctly, it doesn’t comply with the California law, which requires the OS (some system component, such as systemd) to have the date of birth but provide only a 2-bit signal to the application and not their date of birth. The law is designed to provide a simple ‘user is over 18’ signal for all adults and to not permit apps to see their date of birth. There are issues if an app can poll the 2-bit signal over time, because then they can observe when it changes and infer the date of birth. But California already has a GDPR-like law that they would likely be infringing in this case (they do not have a need to that information and collecting it without consent would place them in violation).
-
@wwahammy
Also this is most likely illegal under gdpr as collecting personal data that is not required for the system to work is illegal. Only necessary data should be collected. So they just made systemd illegal in Europe. Good job.@bohwaz @wwahammy It's actually worse than that. I've just been reading the UK #GDPR guidance regarding holding age data on children. It's bizarrely complex, but, essentially, children under 13 cannot legally give consent to their age data being held.
So yes, you can legally hold age data on adults, provided they consent; but you can't on children, unless their parent consents, and that can't just be 'someone who said they were the parent'.
