- cross-posted to:
- privacy@lemmy.dbzer0.com
- cross-posted to:
- privacy@lemmy.dbzer0.com
Add a required birth date prompt (YYYY-MM-DD) to the user creation flow, stored as a systemd userdb JSON drop-in at /etc/userdb/<user>.user on the target system.
Motivation
Recent age verification laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc. require platforms to verify user age. Collecting birth date at install time ensures Arch Linux is compliant with these regulations.
This is just a pull request, no changes yet.
The pull-request discussion thread has been locked, just like it happened for the similar thread in Systemd, owing to the amount of negative comments…
I agree with your worries about the second point. Mandating thing like this by law is bad. But having a standard on its own is not. Ideally this should have come from an industry standard and not a legal one, but inaction is part of what got us into this mess.
I agree with this. Here’s where it gets weird. All these bills stem from meta lobbying. Why do they regulation in this specific thing when they’re totally capable of forming a standard committee or something with Microsoft and Google?
Because they knew some people in the OS community would take the bait.
because it’s all part of a larger project to collect usable data. you can’t force standards, but you can force laws.
if you build a standard and no one follows it. then it’s wasted time and money. Meta, Google and Microsoft all have a vested interest in user data. more so with law enforcement buying it in bulk to build identity profiles of /individuals/.
if tomorrow they got added to the law to store and transmit a string of your government ID, would you be more resistant?
the issue is, VPNs hide your ISPs assigned IP. till now there has been a higher difficulty in differentiating traffic from the same IP with similar metadata. the more user specific metadata that’s added, the easier it is to differentiate devices and users.
this makes targeting specific devices with malware for spying significantly easier. at the very least.
but at a bigger point of view, it gives provable cause because the way the law is written implies every user that installs the OS becomes a OS distributor and every user is a minor by definition, even if the API flag says otherwise.
I recommend you read that again and if the words “probable cause” don’t come to mind you don’t understand the risk of a “minor” identifying as a adult.
Google, Microsoft, and Apple also already account for the vast majority of desktop OS installations
And you think that the data they get being “is an adult” or “is a child we’re not allowed to collect data on”, per the API part of the specification is useful for that?
If Microsoft and Google are also angling for this why is it only meta lobbying?
I think meta has some scheme to profit from this stuff, possibly also at the expense of Google, Microsoft, Apple in addition to consumers.