People need to understand the difference between age indication and age verification. Two very different things. Age indication is a completely private and realistically as-effective alternative to the invasive age verification.
Age _indication_ means that when you set up your device or create a user account, you enter a date of birth for the user. The OS then provides a native API to return a user's age bracket (not full date-of-birth). If the user is a minor, the OS will require parental authentication in some way to modify the setting again. This can all be done completely offline. It works because parents almost always buy the devices used by children, and can enter the correct date-of-birth during setup.
Age _verification_ means that some online service has to verify your age, and collects a bunch of (meta)data in the process. This is highly problematic for privacy, security, and the open internet.
There are two things very very wrong with the California law, which you call "age indication".
1) The parental responsibility is given to the wrong people. You're basically being forced by law to give all apps and websites your child's age on request, and then trusting those online platforms to serve the right content (lol). It should be the other way around. The apps and websites should broadcast the age rating of their content, and the OS fetches that age rating, and decides whether the content is appropriate by comparing the age rating to the user's age. The user's age, or age bracket, or any information about the user at all, should not leave the user's computer.
2) The age API is not "completely private". It's a legally-mandated data point that can be used to track a user across apps and websites. We must reject all legally-mandated tracking data points because it sets the precedent for even more mandatory tracking to be added in the future. We should not be providing an API that makes it easier for web platforms to get their hands on user data!
For many years, certain tech companies, SIGs, and governments have fought against technologies that could enable real digital parenting, all while claiming to do the opposite and "protecting children". They craft a narrative to convince you that top-down digital surveillance and access-control is for your own good, but it's time we reject that and flip their narrative upside down: https://news.ycombinator.com/item?id=47472805
For many years, certain tech companies, SIGs, and governments have fought against technologies that could enable real digital parenting, all while claiming to do the opposite and "protecting children". They craft a narrative to convince you that top-down digital surveillance and access-control is for your own good, but it's time we reject that and flip their narrative upside down
> 1) The parental responsibility is given to the wrong people. You're basically being forced by law to give all apps and websites your child's age on request, and then trusting those online platforms to serve the right content (lol). It should be the other way around. The apps and websites should broadcast the age rating of their content, and the OS fetches that age rating, and decides whether the content is appropriate by comparing the age rating to the user's age. The user's age, or age bracket, or any information about the user at all, should not leave the user's computer.
FWIW, this is not quite an accurate description of AB1043, in at least three respects:
1. Apps don't get your exact age, just an age range.
2. Websites don't get your age at all.
3. AB1043 itself doesn't mandate any content restrictions; it just says that the app now has "actual knowledge" of the user's age. That's not to say that there aren't other laws which require age-specific behaviors, but this particular one is pretty thi on this.
In addition, I certainly understand the position that the age range shouldn't leave the computer, but I'm not sure how well that works technically, assuming you want age-based content restrictions. First, a number of the behaviors that age assurance laws want to restrict are hard to implement client side. For example, the NY SAFE For Kids act forbids algorithmic feeds, and for obvious reasons that's a lot easier to do on the server. Second, even if you do have device-side filtering, it's hard to prevent the site/app from learning what age brackets are in place, because they can experimentally provide content with different age markings and see what's accepted and what's blocked. Cooper, Arnao, and I discuss this in some more detail on pp 39--42 of our report on Age Assurance: https://kgi.georgetown.edu/research-and-commentary/age-assur...
I'm not saying that this makes a material difference in how you should feel about AB 1043, just trying to clarify the technical situation.
Regarding what to do with algorithmic feeds, instead of forcing platforms like Facebook to be less evil, we should give parents the ability to simply uninstall Facebook, and prevent it from being installed by the child. We could implement a password lock for app installation/updates at the OS-level that can be enabled in the phone's settings, that works like Linux's sudo. Every time you install/uninstall/update an app, it asks for a password. Then parents would be able to choose which apps can run on their child's device.
Notice their strategy: these companies make it hard/impossible for you to uninstall preloaded apps, and they make it hard to develop competing apps and OSes, and they degrade the non-preloaded software UX on purpose, which creates the artificial need to filter the feeds in existing platforms that these companies control. They also monopolize the app store and gatekeep which apps can be listed on it, and which OS APIs non-affliated apps can use. Instead of accepting that and settling with just filtering those existing platforms' feeds, we should have the option to abandon them entirely.
We need the phone hardware companies to open-source their device firmware, drivers, and let the device owner lock/unlock the bootloader with a password, so that we could never have a situation like the current one where OSes come preinstalled with bloat like TikTok or Facebook, and the bootloader is locked so you can't even install a different OS and your phone becomes a brick when they stop providing updates. If we allow software competition, then child protection would have never been a problem in the first place because people would be able to make child-friendly toy apps and toy OSes, and control what apps and OS can run on the hardware they purchased. Parents would have lots of child-friendly choices. This digital parenting problem was manufactured by the same companies trying to sell us a "solution" like this Cali bill or in other cases ID verification, which coincidentally makes it easier for them to track people online.
instead of forcing platforms like Facebook to be less evil, we should give parents the ability to simply uninstall Facebook, and prevent it from being installed by the child.
Isn't that how parental controls already work?
There are problems, though:
1. The kids want to use Facebook. If parent A refuses to let their kid use Facebook, then kids B, C, D, E, F... all use Facebook and kid A becomes a social outcast. This actually happens. (Well, now it's other apps; kids don't use Facebook anymore.) This is similar to the mobile-phones-in-schools problem: if a parent doesn't let their kid bring a phone to school, and all the other parents do, that creates social isolation. When the school district bans the phones, it solves the problem for everyone. (So it's a collective action problem, really.)
2. Web browsers. Unless the parent is going to uninstall and disallow web browser use, the kid can still sign into whatever service they want using the web browser. I don't think parental controls block specific sites, and even if they do, there are ways around that, certainly.
I am very often the person who says that parents should actually parent their kids and not rely on the government to nanny them. But in this case I think there actually is value to the government making laws that make Facebook (etc.) less evil. And as a bonus, maybe they'll be forced to be less evil to adults too!
1. The current norm of social siloing apps was created by these tech companies in the first place. What regulators can do is discourage anti-competitive practices that lock users into specific software and hardware platforms. If there's plenty of competition for every kind of social app, and competition for OSes, and users could freely choose and move between them, then not having a particular app would not result in social isolation. This affects adults as well.
2. The OS has a firewall. But it's currently not user-controllable on your phone. Phone companies have decided you don't need that feature. But actually, they can easily implement a nice UI in the settings for the firewall and lock it behind a password, then parents would be able to use it to block individual websites. We can even make it possible to import/export site lists as a txt file so that you can download/share a curated block list that you or other parents made, to block many things at once. You could also do this for your entire home WiFi network in your WiFi router's settings, if your router's firmware has that feature.
And yeah, I agree that we should make the platforms less evil in general. But I think the way to do that is to give people the ability to easily ditch bad platforms and build new ones. Let the platforms actually compete, then the best will prevail. Right now, they don't prevail because of layers and layers of anti-competitive barriers. It would take great technical effort to regulate all the tricks these tech companies use, that's why I propose dealing with it at the root: make it so that all computer/phone hardware manufacturers must open-source their device drivers and firmware, and let the user lock/unlock the bootloader and install alternative OSes. If we do this, then the entire software ecosystem will fix itself over time along with all the downstream problems.
> The kids want to use Facebook. If parent A refuses to let their kid use Facebook, then kids B, C, D, E, F... all use Facebook and kid A becomes a social outcast. This actually happens. (Well, now it's other apps; kids don't use Facebook anymore.) This is similar to the mobile-phones-in-schools problem: if a parent doesn't let their kid bring a phone to school, and all the other parents do, that creates social isolation. When the school district bans the phones, it solves the problem for everyone. (So it's a collective action problem, really.)
If so many people give their kids phones and so few don't, why ban them in the first place? Clearly the vast majority of parents are fine with their kids having one.
You're just inventing a problem then. Or worse, implement a conservative talking point.
It's possible to mandate effective parental controls and then say "it's illegal to give your child access to facebook" and then just see what happens. You don't have to jump straight to making it technologically guaranteed by construction, maybe it's enough to just give parents the tools and an excuse to say no.
We don't need DNA testing locks on cans of beer that won't let you drink from them unless you're an adult, do we? It's perfectly possible for a parent to buy their child all the beer they want, and there's nothing stopping the children from trying to peer pressure them into it, and in many countries it's not even generally illegal to let your child drink beer! And yet almost all parents are able to almost completely enforce a reasonable level of restricted access, simply because society frowns upon it.
If we accept the premise that age restrictions of any kind are good (which, just to be clear, I don't think we should), there are good reasons for tailoring your content based on the user's age.
Imagine you're a streaming service, trying to show a list of movies that a user can watch. If you can only communicate age restrictions to the OS, but can't actually check the users age, you have a choice of showing a list of movies that some users won't actually be able to watch, or a list of movies limited to those appropriate for all ages. Neither are great options.
If you can check the user's age bracket, you can actually tailor the list to what the user can realistically watch.
1. I don’t see how that’s better in any real way. You can infer the exact same information as querying the range and it makes dynamic behavior based on age range (ex. access to age restricted chat rooms as an obvious example) completely impossible.
2. Is it meaningfully more identifying than User-Agent? There’s dozens of other datapoints for uniquely identifying a user. If we get a few high profile lawsuits because advertising companies knowingly showed harmful ads to children, I’d consider it a win. Age is not that interesting of a data point.
> The apps and websites should broadcast the age rating of their content, and the OS fetches that age rating, and decides whether the content is appropriate by comparing the age rating to the user's age.
How would you make that happen? Many websites would not be subject to your jurisdiction.
Apps need to know the age of the user in order to follow the law. There will always need to be a way for apps to get the age of the user. If the OS does not give anything the apps will have to implement it themselves.
It's a distinction that hinges on one law from one state that doesn't reflect the reality of the dozens of laws in dozens of states, nor proposed federal legislation, that all require age verification via AI face scans and ID uploads.
That's to say, this distinction is meaningless unless you're planning on blocking every jurisdiction outside of California so you can just adhere to its age verification laws and no one else's.
The issue though with "age indication" is that it creates an additional flag that can be used to fingerprint users. But it is infinitely preferable to any sort of age verification or age assurance.
If I may nitpick, the conventional term for systems which attempt to determine the user's age is "age assurance". This covers a variety of techniques, which are typically broken down into:
* Age estimation, which is based on statistical models of some physical characteristic (e.g., facial age estimation).
* Age verification, which uses identity documents such as driver's licenses.
* Age inference, which tries to determine the user's age range from some identifier, e.g., by using your email address to see how old your account is.
These distinctions aren't perfect by any means, and it's not uncommon to see "age verification" used for all three of these together but more typically people are using "age assurance".
The distinction doesn't matter in this case. The fundamental question is whether a government can compel a decentralized open-source project to change its codebase. If you believe code is speech, it's a violation of the right to free expression.
Even if you think adding "age indication" to a project is harmless, you have to consider the precedent this is setting for compelled speech in the future, potentially by regimes that you are not politically aligned with.
OP is certainly right that a lot of this legislation is written in ways that are hard to interpret and that often seem like they would have undesirable side effects even under the assumption that the basic idea is good (whether that's actually true is a whole different question).
In the specific case of CA AB1043: (1) Systems are required to ask the user for their age and just trust whatever they say (2) Applications are required to query the system for the user's age range. Other enacted and proposed device-based age assurance mandates have different properties.
It is similar with crypto wars. They try and try until they have backdoor everywhere.
About verification they will try to implement WEI on browsers, and verification on os.
It is a crusade to make you always identifiable. Companies and governments want it so much because it is so valuable to them, it adds so much power over people.
So what's next. They will move borders here, and there. Every year.
It's interesting that the package managers become choke points that can be used for government overreach. Luckily Linux is open source so I expect there will be options that just don't do this from principle.
Otherwise my Intel NUC server with Debian is 2 years old, so I expect the honest age would be 2 years? I may have parts for some old PCs to put together that could get adult software I guess...
This is a no win situation and I think systemd is making this change too early. But I have read that field is optional.
But my main concern with this is applications like Firefox will eventually require this systemd age specific field and a standard systemd function to call. That means this age field will need to be populated and thus locking out the *BSDs and non-systemd Linux.
If that happens, this makes the systemd critics 100% right, systemd is being forced upon all distros by various upstream applocations.
This is actually nuts. You can't even constantly implement "age verification" at the system level in a way that makes sense across world cultures.
The only sane way to do this is you were playing along with arbitrary legislative age-gaters would be to add a generic "additional user info" blob to the account fields, if it didn't already exist.
One very disturbing consequence not discussed enough is that some American state law is suddenly supposed to be tolerated by the rest of the world just because they depend on open source software, which sees contributions from all around the world.
It seems incredibly silly to me that this is being rushed into systemd and other linux components. I understand Apple making changes, and even Canonical, but systemd is not run by one corporation and there is no reason to adhere to a badly written law. Why play along with the charade? If root is root, the "age verification" field does not make any sense.
Why are these changes being made on a worldwide basis when the laws that have been introduced are a relatively small fraction of the world? California isn't going to go after individual systemd maintainers. Will California go after Torvalds? I doubt it. Apple? Surely, but this is, quite frankly, a ridiculous thing to even suggest for inclusion into these setups.
> Will my system believe me? And how about their system, whoever “they” are? If not, then what else will I need to do to prove my birth date and age? Who will check if root can’t be trusted? How will they check?
If they ever seize your computer, they can probably also tack on computer fraud charges
the simple fact you sending the same signal over and over again, with all other signals your browser send, it will be another key to make you apart.
They don't care if you lie. Important that you lie the same story every time.
And after having your dob, who could easily be a flag if you are less than 18, they could easily request your name, or a document number, but I think it will be much better, it will have some ISP and/or Device ID.
This is stupid. The age should be in the passwd gecos field or somewhere else in the user's config directory. Not in systemd. Unix-ike systems are multiuser. Now I wonder what age to put in the root, adm or games accounts.
138 comments
Age _indication_ means that when you set up your device or create a user account, you enter a date of birth for the user. The OS then provides a native API to return a user's age bracket (not full date-of-birth). If the user is a minor, the OS will require parental authentication in some way to modify the setting again. This can all be done completely offline. It works because parents almost always buy the devices used by children, and can enter the correct date-of-birth during setup.
Age _verification_ means that some online service has to verify your age, and collects a bunch of (meta)data in the process. This is highly problematic for privacy, security, and the open internet.
1) The parental responsibility is given to the wrong people. You're basically being forced by law to give all apps and websites your child's age on request, and then trusting those online platforms to serve the right content (lol). It should be the other way around. The apps and websites should broadcast the age rating of their content, and the OS fetches that age rating, and decides whether the content is appropriate by comparing the age rating to the user's age. The user's age, or age bracket, or any information about the user at all, should not leave the user's computer.
2) The age API is not "completely private". It's a legally-mandated data point that can be used to track a user across apps and websites. We must reject all legally-mandated tracking data points because it sets the precedent for even more mandatory tracking to be added in the future. We should not be providing an API that makes it easier for web platforms to get their hands on user data!
For many years, certain tech companies, SIGs, and governments have fought against technologies that could enable real digital parenting, all while claiming to do the opposite and "protecting children". They craft a narrative to convince you that top-down digital surveillance and access-control is for your own good, but it's time we reject that and flip their narrative upside down: https://news.ycombinator.com/item?id=47472805
>
For many years, certain tech companies, SIGs, and governments have fought against technologies that could enable real digital parenting, all while claiming to do the opposite and "protecting children". They craft a narrative to convince you that top-down digital surveillance and access-control is for your own good, but it's time we reject that and flip their narrative upside downThe EFF has a good series related to this[1].
[1] https://www.eff.org/deeplinks/2026/03/rep-finke-was-right-ag...
> 1) The parental responsibility is given to the wrong people. You're basically being forced by law to give all apps and websites your child's age on request, and then trusting those online platforms to serve the right content (lol). It should be the other way around. The apps and websites should broadcast the age rating of their content, and the OS fetches that age rating, and decides whether the content is appropriate by comparing the age rating to the user's age. The user's age, or age bracket, or any information about the user at all, should not leave the user's computer.
FWIW, this is not quite an accurate description of AB1043, in at least three respects:
1. Apps don't get your exact age, just an age range.
2. Websites don't get your age at all.
3. AB1043 itself doesn't mandate any content restrictions; it just says that the app now has "actual knowledge" of the user's age. That's not to say that there aren't other laws which require age-specific behaviors, but this particular one is pretty thi on this.
In addition, I certainly understand the position that the age range shouldn't leave the computer, but I'm not sure how well that works technically, assuming you want age-based content restrictions. First, a number of the behaviors that age assurance laws want to restrict are hard to implement client side. For example, the NY SAFE For Kids act forbids algorithmic feeds, and for obvious reasons that's a lot easier to do on the server. Second, even if you do have device-side filtering, it's hard to prevent the site/app from learning what age brackets are in place, because they can experimentally provide content with different age markings and see what's accepted and what's blocked. Cooper, Arnao, and I discuss this in some more detail on pp 39--42 of our report on Age Assurance: https://kgi.georgetown.edu/research-and-commentary/age-assur...
I'm not saying that this makes a material difference in how you should feel about AB 1043, just trying to clarify the technical situation.
Regarding what to do with algorithmic feeds, instead of forcing platforms like Facebook to be less evil, we should give parents the ability to simply uninstall Facebook, and prevent it from being installed by the child. We could implement a password lock for app installation/updates at the OS-level that can be enabled in the phone's settings, that works like Linux's sudo. Every time you install/uninstall/update an app, it asks for a password. Then parents would be able to choose which apps can run on their child's device.
Notice their strategy: these companies make it hard/impossible for you to uninstall preloaded apps, and they make it hard to develop competing apps and OSes, and they degrade the non-preloaded software UX on purpose, which creates the artificial need to filter the feeds in existing platforms that these companies control. They also monopolize the app store and gatekeep which apps can be listed on it, and which OS APIs non-affliated apps can use. Instead of accepting that and settling with just filtering those existing platforms' feeds, we should have the option to abandon them entirely.
We need the phone hardware companies to open-source their device firmware, drivers, and let the device owner lock/unlock the bootloader with a password, so that we could never have a situation like the current one where OSes come preinstalled with bloat like TikTok or Facebook, and the bootloader is locked so you can't even install a different OS and your phone becomes a brick when they stop providing updates. If we allow software competition, then child protection would have never been a problem in the first place because people would be able to make child-friendly toy apps and toy OSes, and control what apps and OS can run on the hardware they purchased. Parents would have lots of child-friendly choices. This digital parenting problem was manufactured by the same companies trying to sell us a "solution" like this Cali bill or in other cases ID verification, which coincidentally makes it easier for them to track people online.
>
instead of forcing platforms like Facebook to be less evil, we should give parents the ability to simply uninstall Facebook, and prevent it from being installed by the child.Isn't that how parental controls already work?
There are problems, though:
1. The kids want to use Facebook. If parent A refuses to let their kid use Facebook, then kids B, C, D, E, F... all use Facebook and kid A becomes a social outcast. This actually happens. (Well, now it's other apps; kids don't use Facebook anymore.) This is similar to the mobile-phones-in-schools problem: if a parent doesn't let their kid bring a phone to school, and all the other parents do, that creates social isolation. When the school district bans the phones, it solves the problem for everyone. (So it's a collective action problem, really.)
2. Web browsers. Unless the parent is going to uninstall and disallow web browser use, the kid can still sign into whatever service they want using the web browser. I don't think parental controls block specific sites, and even if they do, there are ways around that, certainly.
I am very often the person who says that parents should actually parent their kids and not rely on the government to nanny them. But in this case I think there actually is value to the government making laws that make Facebook (etc.) less evil. And as a bonus, maybe they'll be forced to be less evil to adults too!
2. The OS has a firewall. But it's currently not user-controllable on your phone. Phone companies have decided you don't need that feature. But actually, they can easily implement a nice UI in the settings for the firewall and lock it behind a password, then parents would be able to use it to block individual websites. We can even make it possible to import/export site lists as a txt file so that you can download/share a curated block list that you or other parents made, to block many things at once. You could also do this for your entire home WiFi network in your WiFi router's settings, if your router's firmware has that feature.
And yeah, I agree that we should make the platforms less evil in general. But I think the way to do that is to give people the ability to easily ditch bad platforms and build new ones. Let the platforms actually compete, then the best will prevail. Right now, they don't prevail because of layers and layers of anti-competitive barriers. It would take great technical effort to regulate all the tricks these tech companies use, that's why I propose dealing with it at the root: make it so that all computer/phone hardware manufacturers must open-source their device drivers and firmware, and let the user lock/unlock the bootloader and install alternative OSes. If we do this, then the entire software ecosystem will fix itself over time along with all the downstream problems.
> The kids want to use Facebook. If parent A refuses to let their kid use Facebook, then kids B, C, D, E, F... all use Facebook and kid A becomes a social outcast. This actually happens. (Well, now it's other apps; kids don't use Facebook anymore.) This is similar to the mobile-phones-in-schools problem: if a parent doesn't let their kid bring a phone to school, and all the other parents do, that creates social isolation. When the school district bans the phones, it solves the problem for everyone. (So it's a collective action problem, really.)
If so many people give their kids phones and so few don't, why ban them in the first place? Clearly the vast majority of parents are fine with their kids having one.
You're just inventing a problem then. Or worse, implement a conservative talking point.
We don't need DNA testing locks on cans of beer that won't let you drink from them unless you're an adult, do we? It's perfectly possible for a parent to buy their child all the beer they want, and there's nothing stopping the children from trying to peer pressure them into it, and in many countries it's not even generally illegal to let your child drink beer! And yet almost all parents are able to almost completely enforce a reasonable level of restricted access, simply because society frowns upon it.
But taking it away was worse.
Once “not using it” isn’t an option, government intervention becomes reasonable.
Imagine you're a streaming service, trying to show a list of movies that a user can watch. If you can only communicate age restrictions to the OS, but can't actually check the users age, you have a choice of showing a list of movies that some users won't actually be able to watch, or a list of movies limited to those appropriate for all ages. Neither are great options.
If you can check the user's age bracket, you can actually tailor the list to what the user can realistically watch.
2. Is it meaningfully more identifying than User-Agent? There’s dozens of other datapoints for uniquely identifying a user. If we get a few high profile lawsuits because advertising companies knowingly showed harmful ads to children, I’d consider it a win. Age is not that interesting of a data point.
> The apps and websites should broadcast the age rating of their content, and the OS fetches that age rating, and decides whether the content is appropriate by comparing the age rating to the user's age.
How would you make that happen? Many websites would not be subject to your jurisdiction.
That's to say, this distinction is meaningless unless you're planning on blocking every jurisdiction outside of California so you can just adhere to its age verification laws and no one else's.
If I may nitpick, the conventional term for systems which attempt to determine the user's age is "age assurance". This covers a variety of techniques, which are typically broken down into:
* Age estimation, which is based on statistical models of some physical characteristic (e.g., facial age estimation).
* Age verification, which uses identity documents such as driver's licenses.
* Age inference, which tries to determine the user's age range from some identifier, e.g., by using your email address to see how old your account is.
These distinctions aren't perfect by any means, and it's not uncommon to see "age verification" used for all three of these together but more typically people are using "age assurance".
> The OS then provides a native API to return a user's age bracket (not full date-of-birth)
Call the API every day, when the age bracket changes you can infer the date-of-birth.
As appealing as the private part sounds I genuinely think it may make the situation worse here by facilitating the transition & muddying the waters
Even if you think adding "age indication" to a project is harmless, you have to consider the precedent this is setting for compelled speech in the future, potentially by regimes that you are not politically aligned with.
In the specific case of CA AB1043: (1) Systems are required to ask the user for their age and just trust whatever they say (2) Applications are required to query the system for the user's age range. Other enacted and proposed device-based age assurance mandates have different properties.
This post goes into quite a bit of detail about the various points of concern: https://educatedguesswork.org/posts/device-based-age-assuran...
It is similar with crypto wars. They try and try until they have backdoor everywhere.
About verification they will try to implement WEI on browsers, and verification on os.
It is a crusade to make you always identifiable. Companies and governments want it so much because it is so valuable to them, it adds so much power over people.
So what's next. They will move borders here, and there. Every year.
Otherwise my Intel NUC server with Debian is 2 years old, so I expect the honest age would be 2 years? I may have parts for some old PCs to put together that could get adult software I guess...
But my main concern with this is applications like Firefox will eventually require this systemd age specific field and a standard systemd function to call. That means this age field will need to be populated and thus locking out the *BSDs and non-systemd Linux.
If that happens, this makes the systemd critics 100% right, systemd is being forced upon all distros by various upstream applocations.
Might seem harmless now but it won’t next time, and you will have already capitulated
The only sane way to do this is you were playing along with arbitrary legislative age-gaters would be to add a generic "additional user info" blob to the account fields, if it didn't already exist.
I wonder if it's time to try something like sixos or Guix SD.
Why are these changes being made on a worldwide basis when the laws that have been introduced are a relatively small fraction of the world? California isn't going to go after individual systemd maintainers. Will California go after Torvalds? I doubt it. Apple? Surely, but this is, quite frankly, a ridiculous thing to even suggest for inclusion into these setups.
> Will my system believe me? And how about their system, whoever “they” are? If not, then what else will I need to do to prove my birth date and age? Who will check if root can’t be trusted? How will they check?
If they ever seize your computer, they can probably also tack on computer fraud charges
For root to manage privileges in an OS, isn't a group the most straitforward way?
Can't flatpak read the groups of an user?
the simple fact you sending the same signal over and over again, with all other signals your browser send, it will be another key to make you apart. They don't care if you lie. Important that you lie the same story every time.
And after having your dob, who could easily be a flag if you are less than 18, they could easily request your name, or a document number, but I think it will be much better, it will have some ISP and/or Device ID.