I’ve spent years championing Linux as the only escape from Big Tech, but I’m starting to get twitchy.
While we’re distracted by the Steam Deck making Linux “mainstream,” the corporate players and politicians are busy building a digital cage. Between California’s AB-1043 mandates and Microsoft’s “Face Check” infrastructure, I’m worried we’re heading for a hard schism: “Sanitised Linux” vs the “Free Rebel” distros.
If the compliant, age-gated version becomes the industry standard, where does that leave the rest of us? Digital exile?
I’ve put some thoughts together on why the “Golden Cage” is closing in and why education, not mandates, is the only real fix.
Actually, even without “tracking” individuals, the metadata is still there. I can see from my own anonymous, privacy-respecting server stats exactly how many hits are coming from Android versus GNU/Linux. There is no personal data involved, but the OS “fingerprint” is clear.
If a small, self-hosted blog can see that high-level data, then a bank or a government gateway definitely can. The comparison to anti-piracy doesn’t quite work because you don’t have to “log in” to a pirated movie, but you do have to authenticate for the services that actually matter. That’s where the compliance gate gets locked.
An operating system can lie about that though. The only reason it doesn’t is because of convention.
There is no technical reason it couldn’t look like a different OS. Try changing your user agent, it’s that simple in most cases.
And services can choose to only allow operating systems which don’t lie, have anti-tamper mechanisms, and authenticate themselves cryptographically. It has definitely been easy to spoof your identity in the past, but OP is talking about where we might be heading in the future. Since the laws about OS:es having to partially identify the user is so obviously useless in its current form, don’t you think the corporations and politicians who are pushing for it are going to keep expanding it when they get the opportunity?
User agents are just the tip of the iceberg. Between TCP/IP stack fingerprinting and modern hardware attestation (TPM/Secure Boot), pretending to be a different OS is becoming a lot harder than just changing a string in your browser settings. The ‘handshake’ I mentioned before is at a much deeper level than that.