It rubs me the wrong way that the person opening this PR says "we have decided not to implement OS-level age attestation" when they seem to have no prior involvement with systemd, and it's clearly not their call to make.
I wouldn't go so far as to call it astroturfing, but it's the same thing that's irksome about anyone claiming to speak on behalf of a group they actually have no involvement in. Feels like someone trying to score cheap points.
Age verification through the OS could make parental control much easier. Just set the age of your child on a given system with your own account, and apps and websites can signal what the minimum age is, and then the OS can decide to block it or not. Could be very privacy friendly compared to the current online methods, like what Discord did.
Of course, I'm not in favour of actual verification of the age attribute. And I've heard the slippery slope arguments. But if I were a parent this would be great.
Problem with setting up parental controls currently is that it takes some effort and knowledge of these tools, not every parent has that. I mean, even people who do, are usually chaotic in the digital domain, like for example, (re-)using very bad passwords. So why expect people to do better with parental controls?
Just yesterday I finally got tired of all the browser security warnings and decided to buy a domain name and set up SSL in my local network. I spent like 10 minutes flummoxed by why my reverse proxy couldn't get a new cert from Let's Encrypt until I looked in the logs to see that Let's Encrypt refused because the account my reverse proxy had been using since I set it up had the email address as "admin@hostname" because this was all for my own personal use and my local reverse proxy doesn't need an actual email address, it just needed some value for some entry in some database.
This is my long-winded way of saying, "Who cares?" Give it whatever age you want. When people object to these type of initiatives for political reasons, they should state the political argument for why they are bad. But rebelling against them for practical technical reasons always seems a little silly to me and can end up being counterproductive when it shifts the conversation away from the central issue.
A reasonable implementation of this would make the age field optional, and only set it on interactive user accounts. An app that requests the age field and gets no response grants access. i.e. it's not set up to restrict access unless a user is explicitly set up as a child, in which case you're obligated to deny access to sensitive content.
Sure, as something parents opt into and where the local OS is the place where age and content rating are compared it could be a useful parenting tool. As something that lets big social media companies shift responsibility onto everyone else and opens the door for more user tracking and targeted advertising, it's not doing me or my kids any favors.
We could set some sort of standard, eg using the tags on web pages to set an age bracket? (or better, include actual fine grained content warnings like PEGI provides?) , now the parents can control what the kid sees; or even the kids themselves at times, which is probably much closer to what is desirable.
Legislating it in the OS takes power away from parental controls.
What you actually described, however, is websites and apps reporting information about their content to the OS. That would indeed give more power to parental controls. But what's being legislated is reporting age range to platforms.
If anything, the POSIX passwd specification should be updated to include age instead of introducing yet another dependency on systemd for something that affects the entire ecosystem.
70 comments
I wouldn't go so far as to call it astroturfing, but it's the same thing that's irksome about anyone claiming to speak on behalf of a group they actually have no involvement in. Feels like someone trying to score cheap points.
Of course, I'm not in favour of actual verification of the age attribute. And I've heard the slippery slope arguments. But if I were a parent this would be great.
Problem with setting up parental controls currently is that it takes some effort and knowledge of these tools, not every parent has that. I mean, even people who do, are usually chaotic in the digital domain, like for example, (re-)using very bad passwords. So why expect people to do better with parental controls?
This is my long-winded way of saying, "Who cares?" Give it whatever age you want. When people object to these type of initiatives for political reasons, they should state the political argument for why they are bad. But rebelling against them for practical technical reasons always seems a little silly to me and can end up being counterproductive when it shifts the conversation away from the central issue.
What you actually described, however, is websites and apps reporting information about their content to the OS. That would indeed give more power to parental controls. But what's being legislated is reporting age range to platforms.
If only every major distribution didn't break backwards compatibility to play with the cool kids.
Time to get back to programs that do one thing and do it well.
And the author of the PR came in a little hot, which probably didn't help.