Per the very first reply on their thread discussing it in their forums, which I linked directly to for the post title:
We’ll NEVER require any verification or identification from the user.
However, what’s gonna happen should the attempts to age-gate the XDG portal screw over alt-init distros like Artix too? My guess is maybe they start blocking regions which force age gating like Arch Linux 32 is doing.
You must log in or register to comment.
First Artix made me not vulnerable to the XZ backdoor (requires systemd). Now it saves me from age verification nonsense. Even on Lemmy sentiment seems people who avoid systemd are just cranks. But every time we are right.
It saves you from what exactly? As a rational crank, surely you have an explanation.
Unless you use xdg-desktop-portal, the field that systemd added does absolutely nothing.
It’s an optional information field for user accounts, systemd doesn’t require that it is filled nor does systemd do anything to verify or check the field. User accounts also store e-mail and location and you are free to not enter that information or to enter fake information.
I don’t see the vulnerability, especially considering that you’re comparing it to an SSH vulnerability (which, it should be noted, was caught in testing and never released).
The rational is systemd has a huge amount of features that normal desktop users will never need. If you use something like OpenRC or Runit the experience is not much (or any) different. All those features will introduce complexity and potential bugs and vulnerabilities.
Unless you use xdg-desktop-portal, the field that systemd added does absolutely nothing.
Sure it doesn’t add much, but many of the systemd things are ‘not much’. But together it is a lot.
I don’t see the vulnerability, especially considering that you’re comparing it to an SSH vulnerability (which, it should be noted, was caught in testing and never released).
Luckily it was the case, but it was way too close for comfort. It doesn’t change the fact that bloated systems like systemd are what enable these types of attacks. If you use many of its features I’m sure its great, all software has bugs and holes in it. But the point is that if you don’t need the features you don’t need to expose yourself to the extra bulk and risks. Same for things like sudo vs doas. Almost everyone uses sudo but 99.9%+ doesn’t use any features that doas doesn’t have. And then of course systemd invents its own alternative 😅.
And then there is the Unix philosophy. If we need age verification, why does it need to be in the init system? Why not a separate package that can be installed along side any init system / kernel / desktop environment / etc? If it lives in the init system, every init system needs to implement their own version of it.
xzutils doesn’t require systemd.
I doesn’t but the exploit required it.
(requires systemd)
xzutils does not require systemd, I’m not sure where you’re getting this from.
In this case Artix already is a systemd-free distro, but this is part of why i think it’s a bad idea that systemd is wanting to implement the age verification crap, cause i think the distro should be allowed to decide if they want to comply or not. Feels like distros that use systemd will be forced to comply unless they change init, which is probably a pain in of itself.
Btw, what does the desktop portal actually do? I’ve installed a lot of programs over the years, including flatpaks, and i never seemed to need it. I hope it stays that way considering they’re implementing this shit too.
Systemd isn’t implementing age verification.
They added the ability to store the data because the xdg-desktop-portal team added the ability to set an age and that requires a place to store the data. No component ‘verifies’ the age, it’s a data field that you can enter whatever you’d like into.
From https://github.com/systemd/systemd/pull/40954 :
Stores the user’s birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc.
The xdg-desktop-portal project is adding an age verification portal (flatpak/xdg-desktop-portal#1922) that needs a data source for the user’s age. userdb already stores personal metadata (emailAddress, realName, location) so birthDate is a natural fit.
Full date rather than just birth year: birth year alone has up to ~12 months of imprecision at age boundaries, which could misclassify a 17-year-old as 18 or vice versa.
Sure, but they both seem way too eager for my taste to go along with this nonsense, and if you refuse to implement this, you don’t need a place to store it either. I suppose it’s nice for the distros that do want to use it.
they both seem way too eager for my taste to go along with this nonsense
Based on what? They have specifically addressed the issue and it does not read like they’re eager to have this forced on them by state laws.
https://blog.system76.com/post/system76-on-age-verification
We are accustomed to adding operating system features to comply with laws. Accessibility features for ADA, and power efficiency settings for Energy Star regulations are two examples. We are a part of this world and we believe in the rule of law. We still hope these laws will be recognized for the folly they are and removed from the books or found unconstitutional.
In this case Artix already is a systemd-free distro, but this is part of why i think it’s a bad idea that systemd is wanting to implement the age verification crap, cause i think the distro should be allowed to decide if they want to comply or not. Feels like distros that use systemd will be forced to comply unless they change init, which is probably a pain in of itself.
Where do I install an Ageless-style patch to force flagrant non-compliance?
In my mind, region-blocking is actually probably the best solution for this in every case.
Cut off every legitimate operation in these regions (including my own) from using your genuinely useful software. Software isn’t compromised, saves on unnecessary work and law compliance. Then everyone with a VPN flourishes anyway. And then maybe it hurts profits so much that lawmakers actually decide to reverse course. Wins all around.
Good, Maybe a list of “Pirate Distros” would help people.
Kinda crazy how downloading Linux isos might actually become illegal.
What a fucking clown world we live in.
What a fucking clown world we live in.
i think we let it happen when we collectively chose not to push back against the us government’s capture of the kernel project when they forced its maintainers to kicked out russian developers; pastor niemoller explains it best:
First they came for the Communists And I did not speak out Because I was not a Communist
Then they came for the Socialists And I did not speak out Because I was not a Socialist
Then they came for the trade unionists And I did not speak out Because I was not a trade unionist
Then they came for the Jews And I did not speak out Because I was not a Jew
Then they came for me And there was no one left To speak out for me
Lol, which is funny as every torrent client gives the example of downloading Linux isos (which is probably for legality reasons)
Yep, that’s me, just Linux isos, I just like to collect 'em, y’know, and store them on a small 100TB NAS I can access from any
Plex clientcomputer in the house should I need them. You never know.100tb … You must be downloading larger 4k Linux images.
jefferyjefferson @lemmy.org
Kinda crazy how downloading Linux isos might actually become illegal.
What a fucking clown world we live in.
Welcome to the world of open-source piracy if that happens.
Artix is patching many packages anyway, so one more package patched to remove age stuff or add a dummy interface that always returns 18+ won’t be too difficult.
That’s what Ageless already does, so maybe Artix could implement that officially in their distro by what you’re suggesting?
We’ll NEVER require any verification or identification from the user.
This sentence doesn’t give me confidence that they have read the law.
You can not comply with laws. Its how all piracy sites and most social media sites work
The law definitely doesn’t require OSes to require users to verify their age or identity themselves.
At least one of the laws made the OS responsible if the determined age is not correct, meaning if you don’t verify the age you may still be commiting a crime, even if it is not required
The Californian bill doesn’t. If you have knowledge to the contrary please provide.
I am confused on what you are trying to say, English isn’t my native language. Could you say what exactly the point of your comments is?
I’m saying that “We’ll NEVER require any verification or identification from the user.” can be true even when they comply with the Californian bill.
Ah, I understand now. That is AFAIK correct, however complienace with the New York bill will be impossible:
New York’s proposed Senate Bill S8102A requires adults to prove they’re adults to use a computer, exercise bike, smart watch, or car if the device is internet enabled with app ecosystems. The bill explicitly forbids self-reporting and leaves the allowed methods to regulations written by the Attorney General.
