I doubt those changes would be PRed, merged, updated in my distro and somehow automatically pushed to my system in the blink of an eye. This isn’t Microslop we’re talking about who can force-push intransparent “fuck your settings” at the drop of a hat, and I’m certainly going to be much more wary of upcoming updates now. This isn’t my point of objection (yet - mandatory entry would be), but definitely a point of caution.

If they stick to malicious “here, you can ask for a date, but we can’t guarantee which date, if any, you’ll get” compliance, that isn’t perfect, but it’ll be good enough to make a joke out of tracking the date at all.

Besides, just this change being minor would be no reason not to keep pushing back against the law and airing our discontent about the direction they’re heading in, because the direction is definitely concerning.

The systemd PR also referred to a flatpak PR who said they had wanted that to allow for parental controls even before the law came. That’s a somewhat reasonable use case, in my opinion.

I’ll believe that if and when they actually force me to upload identification to prove that my birthday really is 1970-01-01 and my name really is Nunya Bissnis. Otherwise, it’s really no different from Steam asking my birthday when opening store pages or porn sites asking “click here jf you’re 18” and take my word for it.

So long as it’s being enforced just as well as the realName field, I maintain that it is indeed harmless. If the point is to have a hilariously ineffective solution as a fig leaf against a stupid law, I’ll prefer that to efforts to actually implement verification.

It doesn’t as long as other init systems exist

Of course, which is why I said it was “somewhat” central earlier in the thread: it’s not universal, even if systemd is widely used.

Other init systems generally also have ways to store data (not specifically dates, just in general), and some overarching standard for securely accessing them would be useful for intercompatibility, but that’s a mess as it stands anyway.

people can luckily choose, hopefully that will always be the case.

Also agreed. Just because I personally come down on the systemd side of the debate doesn’t mean everyone should have to use it. Standards are nice, but there always should be alternatives, in case a standard gets captured by twats (which kinda is the debate we’re having: whether systemd has started bowing to fascists significantly enough to warrant migrating away).

I believe that’s on purpose so people can easily accept it and they can do worse later.

That point, I disagree on, because systemd (not) implementing this doesn’t actually make it easier (or harder). Distros that want to comply would just write a file for it somewhere instead. Distros that don’t comply will just not implement any verification process.

What systemd does here is offer a solution to secure it centrally (see the commit discussion about the most efficient and reasonable way to wipe that info from memory again). Considering the whole issue, I think its impact on feasibility of verification is minor, while the advantages of standardisation make it preferable to a wild growth of uncontrolled alternatives.

Corporations are behind this, don’t forget that.

Another user pointed out the concept of anticipatory obedience to me, and in that context, corporations pre-emptively bowing to authoritarian surveillance is definitely a cowardly move. We agree on that.

Here’s to hoping this entire discussion becomes just as pointless as you expect the PR to become. If that’s what I end up being wrong about, I’ll gladly take the L for cynicism and the W for privacy.

there’s also a push for making opensource exempt from it

Let’s hope it succeeds. Actually, let’s hope the law is overturned entirely. And while we’re at it, let’s hope Meta fails, crashes, burns and takes all its bullshit down with it, but that’s only tangentially related.

It depends, if the purpose is age verification then yes I will oppose it.

Then I’ll not tell you what I intend to use that encrypted hash I’m writing to my app’s data storage for.

Any data storage can be abused. This one is transparent about its content, but I don’t see anything implying that you have to enter anything, let alone have to enter your actual birthdate. It can be used for parental controls, it can be used for age restrictions, but if I implement age verification, where I store that data on your machine is the least of your worries.

Where I store your ID on my machine, on the other hand, should be more concerning, and even more so the fact that I need your ID at all.

We can argue whether this is necessary, whether it can serve reasonable use cases (such as voluntary parental controls), but at the end of the day, it’s such a small and exchangeable part of the system that it’s not worth the shit people give systemd over it.

I think controlled, transparent storage is better than intransparent, and any storage is only as evil as the things using it. Target those things instead.

You’re right, and thanks for that and the second link too.

Still, as “bowing to fascist fuckery” goes, trying to figure out how to securely store a piece of data is hardly problematic. The Flatpak PR they cite also mentions that they wanted options for parental controls independently of the law, and it’s that part I’d be more concerned about, but still less than about the “upload your ID please, promise we won’t pull any fuckery with it- whoops” shit going on elsewhere.

That would be the case if everyone used systemd, but it’s not, sysvinit distros still exist and they’re not going away in the foreseeable future.

That’s nice. Doesn’t change the fact that it needs to be stored somewhere, if the maintainers end up facing legal pressure to implement it. Opposing one (optional) way to store it won’t fix the issue, it’ll just result in the same splintering of competing standards we see everywhere else, with the attendant difficulties in ensuring security and quality across the board. In other things, that might matter less, but if we’re pissed about having to hand over PII to one instance, I’d be even more wary of it being stolen.

You’d be cutting off one leaf of a tree.

I could agree with this if the reason for this PR wasn’t age verification, that’s indeed a battle that needs to be fought, on every piece of the puzzle.

Are you going to oppose every other system that allows storing data too, because it might be used to store data for age verification?

No, it’s a battle that needs to be fought at the focal points: lawmakers, law enforcement, developers implementing the verification tools, companies using them.

Spending time and energy waging a culture war over the most insignificant, replaceable, trivial part of it will achieve nothing. It sacrifices all nuance and bulldozes all discussion of other merits (or issues) systemd might have.

There are legitimate, reasonable complaints to have with systemd. “We added a data field, which we’re trying to make sure doesn’t end up in the wrong hands” isn’t one.

Fuck these laws, and fuck the fascists using kids as pretense for surveillance.

I mean, I literally say that implementing actual verification would be an invasion of privacy. Storing data isn’t the problem, because we do that any way. This isn’t any different from the fields for your real name or location, which nobody gives a fuck about either. At least systemd are talking about ways to secure that data, whether to add a separate flag or save some CPU cycles before wiping it from memory and such.

If you force me to enter something, that’s definitely shady. If you force me to verify that information, we’re in “fuck no, fuck you, fuck this surveillance bullshit” territory.

But getting upset about this optional field in particular, but not any other data storage option, is hypocritical. Worse still, getting upset at the one effort to provide a standard that also makes some attempt at securing it is short-sighted. We have a hundred ways to store data. Cancelling one won’t stop the root issue:

Collecting that data. Fuck that law, fuck the people that wrote it, fuck the people that passed it, fuck the people forcing you to surrender PII for plain bullshit reasons and fuck the people implementing those surveillance methods. That is worth raging about.

It’s easy to say “just ignore the law” when you’re a nobody on the internet. But also, this isn’t much bowing. More like slightly inclining your head to do the bare minimum.

They’re debating about the best way to make sure that data doesn’t end up where it shouldn’t. They’re not implementing some systemd-level verification requirements. They’re literally just offering a central-ish place to handle storing and securing that data. If anything, this should be preferable to having different implementations with different levels of security standards.

And it’s delusional to think that Linux will collectively be able to evade this requirement, unless the law as a whole ends up overturned (which I very much hope it does). You wanna get pissed at someone for sucking fascist dick, get pissed at the lawmakers passing this crap.

A data field isn’t the hill to fight that battle on. If someone goes and actually implements mandatory verification, I’ll be right there with you, (pitch-)fork ready and ready to burn bridges, but this isn’t it.

being requested by the operating system

Is it though? As best as I could tell, this PR is literally just adding the field next to the others, not requesting shit.

In case you didn’t notice, this whole ordeal is pushed by Meta to avoid being accountable for the shit they do on their platforms, they’re trying to shift the responsibility to operating systems of all things, and that’s not acceptable.

Absolutely. I just disagree that this particular addition (particularly considering all the fuss about making sure it doesn’t show up in logs and dumps and what not) is a problem. I don’t think this is the hill that battle should be fought on. Adding or not adding it to systemd doesn’t make the OS / distro built on top of it any less responsible for their handling of that data.

It does provide a standard and (somewhat) central place to implement the security aspects of it though.

Nope. I’m John Doe, living in Nice Try, Atlantis, and my email is “who@car.es”. But I draw the line at being asked for my birthday (which is 1970-01-01).

The userdb already has fields for other information. Nobody enforces putting anything there, nor verifies the contents. Why should DoB be different? And why should that be on the userdb?

That “stuff” is a personal information that not everyone is legally equipped to deal with.

You mean like email address, real name, location? Because those fields exist already. I’m not aware that they have ever caused any issues, even though real name and location should be more critical in a doxxing or surveillance context than “just” the date of birth.

I assure you, I don’t have my email, real name or location stored in my userdb. Nobody makes me enter them. Nobody cares. Nobody would verify if I did. What’s stopping me from entering 1970-01-01 as my DoB, if I enter anything at all?

If I’m the one storing, transmitting, querying and processing PII, I’m responsible for it. If my distro were to require email verification, proof of identity for the real name, records of my place of residence or employment to ensure the location is accurate, that would be an issue, and that would make the vendor liable for handling that data.

That is what the GDPR and related laws are actually concerned with, not the exact format or place they’re stored. Otherwise, you’d have to ban me from creating text files: I might store someone’s phone numbers in there.

Red Hat probably could afford to go to court over those laws. Maybe should, too. Maybe just passively ignore them until someone drags them to court for it. But all of that would be independent of this change.

impacts the majority of distros?

And just what is that impact?

“Here, you have a space to write stuff down.” So what? If I’ll never read it or verify the contents, what difference does it make?

?

Y’all are making a mountain out of nothing. Adding a data field alone has absolutely no effect unless:

1. Entering it is forced
2. That entry is somehow verified (which would be the invasive part)
3. The systems accessing userdb actually use it for anything (which would require it to be filled out and verified to be anything but performative)

As it stands, it’s a performative gesture to avoid law enforcement crackdown, which I think is perfectly reasonable for a private person with limited funds to fight a legal battle with. That doesn’t mean they can’t also fight that battle privately, but expecting volunteers to put their necks on the line over adding data field seems rather entitled to me.

If Gnome decided to implement age verification (beyond just “enter your date and please don’t lie”), using that field, the blame for that would fall on Gnome.

This is more like adding a field in the cookie of an adult website to store whether the user has clicked “Yes, of course I’m 18”, without even implementing the disclaimer for the user to click that button, let alone actual age verification.

I don’t think it’s about attention, really. I think they’re just a nerd doing a nerd thing because they enjoy it.

In Old English the letters were eventually used interchangeably, which is what I imagine they’re using.

as long as they

Missed one