Test your understanding of the Dylan Taylor age verification story and what it reveals about open source infrastructure
I’m very suspicious of whether one would create 10 questions for nearly every blog post of zirs by hand.
Genuine question, don’t we always say that we can change anything in the system on open source software like Linux and systemd etc? What’s stopping any of us from removing this age verification thing? Apps may break, true, but I’m sure there will be many one line scripts that replace that age verification with something that feeds it fake data?
Petition to name the inevitable fork of this “SystemFree”
2000s: war on general purpose computing because of copyright
2020s: war on general purpose computing because of child protection
In the 2000s the forces of freedom mostly won, e.g. https://en.wikipedia.org/wiki/Consumer_Broadband_and_Digital_Television_Promotion_Act didn’t become law. So far it seems that we are currently losing. :(
In Europe too, chatcontrol keeps being pushed no matter how often it’s being struck down.
Yes; recent news have made me somewhat optimistic that the resistance to it is winning though.
Age verification laws currently look like a much greater danger to freedom.
Personally I think that win (while really a win) is being overcelebrated.
It’s easily reverted. All they’ll have to do is find some csam or terrorism related scandal in the news and pump it as a big deal, and all the resistance will be gone at the next vote.
With chat control we actually have to distinguish two different things that people sometimes confuse:
- voluntary chat control (“chat control 1.0”), which is currently already the law in the EU
- mandatory chat control (“chat control 2.0”), proposed in 2022
Voluntary chat control is about letting operators of communication services voluntarily scan messages for certain illegal activity (without this constituting a violation of data protection laws). This doesn’t break encryption and isn’t a part of a war on general purpose computing. While there are many good arguments against it, it’s not especially catastrophic. It’s a detail of business regulation.
Mandatory chat control is about forcing them to do so, which must necessarily break encryption and impose limits on software freedom. This is what is most important to oppose.
The most recent win ended up rejecting even (most) voluntary chat control, which is a good sign that mandatory chat control won’t get a majority either.
It has very nearly got a majority several times. I’m sure that with some media manipulation (eg milking an incident) it will be easily pushed through.
Imagine if the Dutroux scandal would happen now. They’d jump on that to push all kinds of monitoring on everyone. Even though this would not be prevented by it in any way (and in fact that all happened long before WhatsApp even existed)
“It’s just a harmless field; what’s the big deal?”
The big deal is that it’s on the heels of age verification bullshit that fascists are pushing through with the help of tech bros, so that they can eventually push all of us into a scenario where we have zero privacy.
It’s not the adding of the field itself or the fact that it can be filled with nonsense. It’s the reasoning backing it.
“But it’s the law!”
Yeah, fucking and…? It’s a stupid mass surveillance law disguised as a protection, and per usual, it’s written like vague dog shit. This is the smallest part of the wedge. More will come of this and if developers like this keep volunteering themselves to help the fascists, we will all be fucked. Here’s an alternative approach: just don’t add this. You can fight back by not fucking implementing this. Easy.
“But it’s the law!”
I was just following orders!
this same person would be chuckling to themself about how pointless this all is as he locks the door on the gas chambers.
Also, they will use it as a means to lock content they don’t want. Like in some jurisdictions it’s already forbidden to share any kind of LGBTQ information even medical with minors… Even in EU, like Hungary. Clearly this age verification will be used for this too. And people not willing to age verify will be locked out too.
It’s part of their campaign of forcing conservative ‘values’ onto everyone.
More will come of this and if developers like this keep volunteering themselves to help the fascists, we will all be fucked. Here’s an alternative approach: just don’t add this. You can fight back by not fucking implementing this. Easy.
Only thing you get out of this compared to the alternative of malicious compliance is opening yourself up to attack. You can still fight this without painting a big target on your back.
Is there any evidence that they would go after random FOSS projects that aren’t hosted or developed in the relevant jurisdictions? Don’t comply in advance.
Yep, then using linux will be illegal, great fucking idea boss
You’re welcome to be a spineless muppet trying to obey unethical laws, but I won’t be.
Only in California and Brazil. And I suspect neither has a shortage of people able to add this field.
Exactly, make your own fascist distro with a fork of systems and leave the original landscape alone
What a pointless drama article this is. FLOSS software does stuff for legal compliance more often than you’d think. The whole point is people can contribute fly by patches and the maintainers make the decision to merge. It seems like being an optional field but potentially providing useful functionality is enough for systemd. If you don’t like it I’m sure there are forks you could join or even use a different init system. No one’s freedom is being oppressed here.
My OS should have no details on me besides the account name which didn’t necessarily correspond to my real name.
It does have some old fields for location etc but those stem from the times of massive multi user systems.
Linux has similar fields for realName, emailAddress, location, timezone and more. But like birthdate, I think they’re all optional.
Was Linux ever used for massive multiuser systems? I thought it had always been primarily home use and internet servers. I think big multiuser systems went out of fashion with Solaris. Well, I suppose corporate workstations need user accounts where some of these are set.
No Linux as such was not, by the time Linux got popular the big multiuser systems were on their way out. I still worked on those in college. But they were SGI, HP-UX and Sequent. Especially the latter were huge systems.
But these fields were just a clone of what was in the original Unix systems.
What a pointless drama article this is.
Yep. The crypto ticker at the bottom of the page is the cherry on top!
That isn’t really the point. All this nonsense happened without community discussion beforehand.
Discussions happen after the PRs in most projects, because there is no point discussing code that ain’t there.
And they usually don’t get pushed through when discussion is just starting.
Who are the community employing? Why do they need consulting before code changes are made?
Your comment is nonsense.
I think what ze’s saying is https://mikemcquaid.com/open-source-maintainers-owe-you-nothing/ . the nature of open source—atl in accord with the hacker ethic—is that everything is just a passion project, there is no responsibility to not make bad decisions, and bad decisions result in decreased adoption and lost trust. after all, open source has always been about making a new alternative because existing solutions are bad.
So we aren’t supposed to talk about or react to said bad decisions? Come on.
nah as an anarchist i am against silence. i’m just saying that in our capitalist society open source maintainers do not in fact have responsibility to the community, only to their market share, and this works slightly less dysfunctionally than proprietary because come what may the opposition may fork it. but that and the transparency and the ability to volunteer your labor for them are the only things that open source does guarantee.
I have read the git thread related to the merge request.
I don’t see what’s the big deal. You have a user model that already contain fields like user’s full name, location, … among others and all this developer did was adding yet another optional field called date of birth.
This does nothing to verify user’s age and enforce nothing. They’ve stressed that repeatedly in the comments.
What that does is making it easy for a Linux distro to store user’s birthday - should they wish to do so - and making that bit of info accessible to running apps so that each app can do what it wants with it.
User’s fullname and location are already there which are also optional so what’s the big deal?
For me the bigger problem is that was done without any community oversight.
Yeah it can be verified for now, but it’s a foot in the door for a braindead law that no one in their right mind would follow.
What do you mean. It’s done in public
Yeah and against the massive outcry in the form of comments, the discussion was locked, and the general opinion was ignored in favor of 2 maintainers and a tool of a dev.
The person who has the most blame here is the lead dev of the project imo.
Why do you think this was locked? This fucking thread is a mugshot of a dev contributing to an open source project.
The problem is that Poettering is all in on attestation which is the underpinnings of age verification and remote attestation.
See amutable.com
Poettering has always been a piece of shit.
Fields like name and location do not have any expectation for the information being valid or accurate (see eg.:
adduser).DOB is different. It comes from a legal expectation that correctness of the information will be enforced somehow. If going by the Colorado and NY law proposals, IIRC, by using biometrics at the time of system install.
not even said laws have an expectation that the date of birth provided would be accurate. the colorado bill just says “require[] an account holder to indicate” and never defines “indicate”, the ny bill says “request an age category signal” and never defines “signal”, so i assume they’re like the california law which has been verified to be just “enter your date of birth in this text field/dropdown and we’ll trust you girl”. i don’t think any of that involves biometrics
there’s no alien intelligence or protocol specification in systemd that ensures or says the dob field must be accurate either
Exactly. There’s a massive thread on Mastodon where everybody is panicking about this, but it’s a nothing burger if ever there was one.
Sure, the timing and comments suggest it’s meant for legal compliance, but if that’s what it does, it does it by keeping full control in the hands of the user, where it should be.
Fucking bootlicker
I don’t see how engaging in malicious compliance is being a useful idiot. Implementing the entire surveillance mechanism free of charge, that I would call being a useful idiot.
Purposefully implementing a broken feature to satisfy the letter of the law, while preserving the user’s ability to avoid the surveillance mechanism is certainly not that.
Sounds like something I would do ngl
what do you want him to do? to break the law?
I want him to do nothing.
He doesn’t work for a distribution or a system integrator. He isn’t the maintainer for systemd either. He’s a random contributor, and he works for a cloud company that doesn’t make or sell the sort of devices these laws apply to.
These age verification laws did not require Dylan Taylor to take any actions. He did that all on his own.
Who is going to arrest/fine FOSS developers for not doing anything about that? Would Brazil and US states go after uuuh, the systemd developers? What about distros not using systemd, like Slackware. Who is ultimately responsible for a collaborative project? Are they gonna send the police after Torvalds?
Plus, other countries don’t have this obligation.
All that dev had to do is nothing. Instead he chose to comply with something that was never asked.
And how exactly would that be breaking the law?
Systemd isn’t an operating system provider and has no legal obligation to make any change.
There’s no need to follow an unjust law, nor a law that makes you an unethical person.
“Software not for distribution or use in California” (aka: “offer void in Nebraska”) is a perfectly valid compliance, btw.
There’s also going the Ageless route and making protestware.
The beauty of FOSS is that if people want, they can just fork it and keep what they don’t like out
