The title of my article on age verification in Linux and other operating systems had a “for now” added for a reason, and here we are, with two members of the US Congress introducing a bill to add age verification to operating systems. The text of the proposed bill was only published today, and it’s incredibly vague and wishy-washy, without any clear definitions and ton of open-ended questions.
Still, if passed, the bill would require actual age verification, instead of mere voluntary age reporting that current state-level bills cover. It also seems to eschew the concept of age brackets, giving application developers access to specific ages of users instead. It’s a vague mess of a bill that no sane person would ever want passed, but alas, sanity is a rare commodity these days, especially in US Congress.
It’s introduced by Democrat Josh Gottheimer and Republican Elise M. Stefanik, so it has that bipartisan sheen to it, which could increase its odds of going anywhere. At the same time, though, US Congress is about as useful as a box of matches during a house fire, so for all we know, this will end up going nowhere as its members focus on doing absolutely nothing to reign in the flock of coked-up headless chickens passing for an executive branch over there.
If something like this gets passed, every US-based operating system – which includes most open source operating systems and Linux distributions – will probably fall in line when faced with massive fines and legal pressure. This isn’t going to be pretty.
“US Congress is about as useful as a box of matches during a house fire, so for all we know, this will end up going nowhere as its members focus on doing absolutely nothing to reign in the flock of coked-up headless chickens passing for an executive branch over there.”
As an American citizen who loves his country the only thing I have to say to that is, Amen brother! Our government has become a real s**t show!
Well, you know, here in France they voted a law that AI companies should prove they are not using copyrighted material to train their models. Talk about a fallacy…
And all this because modern parents insist on giving their kids electronic devices intended for adults, when electronic devices intended for kids already exist (and if they don’t in some countries, governments can always mandate a “child-safe” mode for OSes that parents can activate on an opt-in basis before giving the electronic device to their kids).
But yet again, us childfree people have to be f***ed because parents can’t say no to their kids (or can’t be arsed to care about the digital safety of their kids). Much like that time the UK government had ISPs block all adult websites by default (and you had to call the ISP to opt out, which was a problem if the internet connection was in the landlord’s name) instead of parents having to opt-in to that.
Anyway, I think Desktop Linux distros should move out of the US ASAP. If the fact that patents tend to last longer in the US or the “anti-circumvention” provisions of the DMCA weren’t reason enough, maybe this will. And if it doesn’t, I honestly don’t know what will.
(yes, I understand the real objective of this regulation is to de-anonymise internet users, but the fact there is so little pushback from the general public is because parents are glad they won’t have to do the minimum to parent their kids)
kurkosdr,
It is the boiling frog. Like ever increasing taxes, or deteriorating human rights, government overreach into our lives has a ratcheting mechanism where people either are oblivious, misinformed, or powerless when it becomes too late.
Not really. There is little to no pushback because people are conditioned since birth to believe they’re living in true democracy and the freest society ever and therefore every abuse committed towards them well it all must be for a just cause and the greater good. See 2020.
“Thinking of the children”(r)(tm) while doing nothing to sort out the Epstein mess?
Rich.
Thing is, even the whole “thinking of the children” narrative is paper-thin in this case: governments could always mandate a “child-safe” mode with age verification that is opt-in and that parents can enable before giving an electronic device to their spawn(s). But nope, let’s make age verification default without opt-out because parents can’t be arsed to spend 5 minutes to enable such a “child-safe” mode, because we childfree people “owe” parents something, I guess, and our freedom doesn’t matter when the 5-minutes of loss of convenience for parents is at risk.
Governments will get away with what they can get away with, my surprise here is how little public backlash exists against this.
It’s never about protecting children, it’s always about controlling and surveilling the population. Control the flow of information and you control thought. This age verification garbage and the banning of any routers not made in the US means they are controlling all aspects of your online presence. Age verification means they can positively identify someone based on the MAC address of their hardware. Meanwhile, routers made in the US are subject to the government cutting secret deals with their manufacturers to include backdoors in the routers. This combination creates a chilling effect on speech; now you can’t speak out online anonymously so you keep your mouth shut, lest they either arrest you for your offensive speech or terminate your Internet access at the router level to keep you quiet.
And for those of you who scream “freedom of speech isn’t illegal in the US!”, ask Renee Good or Alex Pretti about that. Oh wait, you can’t, because they were executed without trial by the US government for exercising their freedom of speech and right to exist in public spaces.
I have been writing about this for months, but the response has been “no need to worry, it is just a small regional thing”
No it was not. They were testing the waters in places like California and Washington by starting small. And it was always obvious this was the endgame. Multiple EU countries and UK are also trying the same thing.
This is the worst case scenario. Because open source can win against any corporate entity by offering a better service, but basically has no protection against a tyrannical state.
(Why do we even need to explain this? Someone having monopoly over violence, which is a definition of the state, mean they should be feared more and checked more than any other entity)
This is a hidden opportunity for open-source: Move outside the US (and EU, and UK) and make a “Freedom OS” that has everything that is illegal in the US: Every patented codec in existence for free, no age verification, and a DVD and Blu-ray ripper thrown in for good measure. If Suyu can distribute software that would be illegal under the DMCA, why not?
But for this to happen, the open-source people need to play their cards right: Launch hardware with an unlocked bootloader (the Framework laptop and the Fairphone are both a good start) and make it super-easy to install a free OS. Like, one-click easy. No second click needed.
This is one of many reasons I’m slowly moving all of my systems to OpenBSD, made in Canada and not subject to US government shenanigans. I can’t do anything about my ISP of course, but I will fully own all of my PCs or I won’t have any at all.
Even if by some miracle the current administration is purged from the White House in two years and we don’t end up a full fledged dictatorship, it’s going to take years, if not decades, to undo much of the damage wreaked by them, and some of it may never be undone. The fact that this push for age verification at the national level has bipartisan sponsors is proof we will be in the digital dark ages for a long time to come, no matter who is in charge. The billionaires who are the actual, proven threat to children already own the whole system.
It appears that GrapheneOS and OpenBSD will remain the only usable alternatives.
“Even if by some miracle the current administration is purged from the White House in two years …”
Yes, don’t hold your breath …
Electing a fibbing felon as one’s president — not once but _TWICE_ — is what happens when “tax cuts!” has been the mantra for decades, ever since Proposition-13 and since trickle-down Reaganomics.
The result is that there are now _entire _generations of voting citizens who can’t tell fact from fiction because their public school systems were whittled down to just warehousing the children, all thanks to fewer taxes.
Don’t expect radical turnarounds in the near future:
upcoming elections will still include those very same unfortunate misled (duped?) voters.
It has far less to do with taxes than you think, at least for the average American voter. American “Christians” have been led to believe that the Republican party is the “Christian” party, because of the abortion wedge issue. “Christians” will vote against every single right and benefit to them if it means they get to abolish abortion. They would literally vote to violently and painfully sacrifice already born babies on a Satanic altar, as long as it means that clump of cells in the womb is guaranteed to be allowed to go to term.
Somehow the Republican party has convinced American “Christians” that the ONLY requirement to be a Christian is to be against abortion. No need to live like Jesus, no need to do anything their own God commanded them to do, as long as women are forced to carry babies to term they get their ticket to paradise. Murder people, rape children, cheat on their spouses, steal millions of dollars, hate and oppress anyone not exactly like them, that’s all okay as long as that pregnant teenager over there is forced to have the baby her rapist father put in her. Fuck the kid’s welfare once it’s born though; that’s someone else’s problem!
So the Republicans run on an anti-abortion platform, ensuring they have the vote of 99% of professed “Christians” in this country, and they win because people would rather not be reminded that their own deity told them to feed the poor, house the homeless, welcome the immigrant, and give away all their luxuries so they can be closer to Him. They only want to abolish the one thing that is never even mentioned in their holy book, apart from instructions on how to perform it.
Because it was never about the rights of the unborn child; it’s about the ability to oppress and control women. Modern American Christianity is a pure patriarchy, and the heavier the boots on the necks of all women, the happier they are.
Fuck that shit.
I’d love to see that. The next week, there will be 8 different window managers, 12 file systems, 4 installer formats for Freedom OS. When a newbie asks something either altman will hallucinate some garbage, or someone in the community will write an answer that reads like quantum physics.
6 months later, everyone will go back to Macs, taking the photos of their passports with every new phone they get.
Isn’t it obvious that the open source world won’t do it for the **MASSES?** It has been around for 40 years now. It would have by now, if it could.
And, no, Android, especially in its current form, doesn’t count as open source. I dare you to claim otherwise.
kurkosdr,
I get your point. But this is basically surrendering our largest advantage.
When US had very strict “export” controls for military grade encryption (RSA), people published the source code on the books. When DeCSS was under attack for enabling DVD playback on Linux, people printed the keys on t-shirts. When government attacked Mass Effect for having explicit scenes, late justice Antonin Scalia gave a very stent warning telling them to stop, since video games was an art form like all others.
Today, Linux and all open source operating systems are once again under attack for implementing “for the children” ID verification (tracking) features. This should be extinguished at the source.
Otherwise I fear there would be no practical free haven left.
sukru,
People are defiant when they feel they are in an advantageous numbers game such that they won’t get caught…but…
1) Breaking the law IS NOT a winning formula in court…defying the courts can and will get individuals in legal trouble.
2) The government have more access to mass blanket surveillance than in the 90s and 00s, so your suggestion that people can resort to civil disobedience and skirting the law by flying under the radar might be a lot riskier than in decades past.
Unfortunately I think its wrong to assume the government will always stand up for our rights just because the government has historically protected them. Democratic governments are changing markedly. I believe modern politics highlight how quickly & easily a dictatorship could take over when voters act stupidly.
I think kurkosdr is right, if US laws become such that privacy respecting operating systems get banned, linux development ought to move to countries that don’t have such laws.
When it comes to bad laws, government incompetence is kind of a saving grace. Politicians and legislators can prove incompetent at making effective laws and enforcing them. However using incompetence to dismiss threats to freedoms is probably naive in the long term. Governments learn from each other and fascist governments around the world may be showing us a preview of things to come here.
Alfman,
That would be ideal, but… it has two issues.
Most of the code comes from companies like IBM (Redhat), Google, Microsoft, and similar entities. Even Linus himself currently resides in the USA.
They will comply.
And once those “features” are baked in, your only chance would be forking one ore more Linux distributions to be “systemd-free”, “Wayland-free”, “GNOME-free”, which probably also means “nvidia-free” (only basic open source driver), “amd-free”, “intel-free”.
You’d then get Devuan that is developed outside of USA, UK, EU, Brazil, russia, and China. Possibly Japan, Korea and other allied countries as well. (Leaves out Africa, I think and some central asia / middle east, not sure) And will only be downloaded from a torrent on a VPN link (or Onion server on TOR)
Btw, to be ready for that day:
https://nosystemd.org/
sukru,
From my POV that’s all the more reason to support and use distros from an outside jurisdiction.
Why though? Avoiding wayland/gnome/nvidia/amd/intel seems like a tangential non-goal to me. I don’t care that people/companies in the US work on these projects, but it’s important that we have linux forks that don’t force the anti-features to be included. That’s why we need distros to exist in other jurisdictions.
Alfman,
I have a very cynical view of our current situation.
I don’t think it is just coincidence many “independent” jurisdictions are pushing for ID verification and user account APIs that must be available for applications without regard to how Linux is actually developed or used at the same time.
So…
That naturally brings my skepticism it would be a clean “fork” that can just .#if undef those additions. We can easily expect all those new code will be heavily woven into fabric of all desktop Linux systems with emphasis on making it technically (or maybe even legally) difficult to disable.
And why do we expect them to stop there, and not require hardware DRM? “You already have this nice TPM, why not use it all the time? Dell, Lenovo, hp, … you are no longer allowed to sell devices with TPM disabled”
They don’t even need to write new rules. Bank web sites, netflix, and others could just refuse to run on non-attested environments.
Then all those “free” distributions become moot.
Slippery slope is unfortunately real.
sukru,
Legally, sure, they can declare anything illegal. But that doesn’t change the calculus of the situation…we’d still want distros to exist in jurisdictions that aren’t covered by these laws.
I don’t think it would be difficult technically to remove such functionality from open source operating systems. Perhaps you’re thinking strictly about infecting closed source software…and I’d agree that’s a problem. Look at how closed android has gotten. It is indeed a problem.
I’m not afraid of TPM because it’s a tool that the OS can use and it doesn’t control the computer on it’s own. You can audit it’s use in an open source OS. The same can’t be said however for system management modes and hidden co-processors like intel’s AMT. These are scary because they can and do run hidden code that can’t be inspected. These have contained zero day vulnerabilities in the past. We’re left trusting manufacturers to not do anything fishy with them, but it would be trivial for manufacturers to abuse these ancillary processors with malicious payloads.
It’s not hypothetical, we already suffer from that today on android forks. Fortunately websites are still open….however you probably recall that google did push for anti-features to close the web with chrome. People bulked at it and google backed down at least temporarily but it’s within the realm of possibility google could succeed one day leaving users running alternative forks blocked from mainstream websites. I will be very sad if that happens 🙁
I very much disagree with your conclusion here. Despite all the risks you bring up, I still maintain that we should have distros originate in different jurisdictions for the sake of maximizing our freedoms.
Alfman,
Ha ha… (sad laugh). I wish I was so much optimistic.
Assume the very much extremely unlikely chain of events.
1 – This change and similar ones become standard in “mainstream” Linux (USA/EU/UK approved ones)
2 – The “free” Linux starts becoming a nuisance.
3 – HTTP/3.0 is invented. It has machine attestation and age verification built in
4 – All major banks and streaming services voluntarily start using HTTP/3.0
5 – All major social media and email platforms are required by the government to use HTTP/3.0
6 – Supreme court finds this unconstitutional
7 – It is already too late and no major corporation chooses to revert status quo
I know I’m being extremely cynical. But we have seen similar plays before
sukru,
This really has nothing to do with optimism/pessimism. If you intend to resist, then you’d best not close your options by holding all your eggs in the US basket…it’s just seems like such a foolish move to me to not keep at least some mainstream linux distros outside of US jurisdiction.
We’d have to handle events as they play out….but even then I still don’t find that to be a strong rebuttal to the point that we should be keeping distros outside the legal jurisdiction of countries with restrictive laws. My point is not that your scenarios don’t carry risk… they do. But it doesn’t change the calculus for how we should prepare to fight it.
How about putting in more Censor restrictions INTO the OS too? The Gov’t is perfectly okay with the internet Pushing ads to people.
What do you think about Pavel Durov’s allegations? https://t.me/durov/491
In his message, he cites this article
https://cybernews.com/security/eu-age-verification-app-hack/
He’s not looking far enough.
> Several developers reacted online, questioning the design. Sensitive authentication data should never be directly accessible or editable by end users.
The fact that this is said by developers is terrifying, and shows that telescreens are the goal :
– a device that you must have to participate in society
– a device that you cannot control, modify or inspect
– a device that has government approval
You want age verification? ID card with a chip that talks NFC (civilized places have IDs), a bit of PKI, read ID card using phone. Ideally with a way to only answer the specific question like underage? It’s possible to do without all these massive invasions of privacy and restrictions on technology.
The main problem they want to solve is of course algorithmic feeds. We could simply ban that in general, it’s not good for anyone.
That’s mobile app development for you. Mobile developers develop apps for telescreens, not computers, and that’s been the case for years.
I don’t see how we can ban algorithmic feeds when large social media have so many posts you need some algorithmic feed sometimes.
This is the american flavour of Digital ID… CBDC will probably come with the eventual crash of the USD.
Digital prison nearly here, pieces falling into place.
So if a device shows information, ads, or whatever on the street, who is accountable for the age of the people seeing it ?
Some points.
1. What about a “userless” system? E.g. a Linux machine that does some job automatically on background.
Should sys.admin be required to create a functional virtual person to bypass the the age verification module?
Or should sys.admin be defined as the user of such a server? And now take the question to the data center scale.
2. What about legacy systems that run in production for ages?
E.g. does HP, IBM still have knowledge to publish a patch for OpenVMS, zOS of ~10 years old version?
3. (Trying to be semi-positive)
May be this is an opportunity for less popular OSes to get bigger market share? E.g. OpenBSD was mentioned in
this thread already.
eugel,
If you look at the law proposed in California, they actually do not care. Their aim was never protecting the children, or providing a sensible framework to answer these questions.
They just want to use the current crisis, while all eyes are focused on the middle east, to pass privacy erasure legislation. By the time this goes to Supreme Court and nullified, it would be too late. 5-6 years in all Linux distros would have implemented it, and other regions like EU and UK will already have a long lasting mandate, the ratchet will not. move back.
This was my first reaction as well. Linux does not have “users”, but “accounts”, some of which are “user accounts”. A system can be entirely set up to have zero users in its lifetime.
“And what about docker images?”
Some will get an mandatory update for service contracts. The others, … again the government does not actually care.
Anything that becomes large and useful enough will be caught in their radar, wouldn’t it. As long as OpenBSD stays a niche, they can avoid government mandated ID checks. But after an unknown threshold…. things will change.
What will be interesting is who gets this data.
American lawmakers seem to be working on the assumption that it’s the that will be the recipients.
But what about non-pc devices like my car….. Will that go to America because the OS is android. Or China because that’s who owns the car brand. Or EU because that’s where it is being driven?
According to the pearl-clutchers, the problem is keeping young people from accessing inappropriate content “on the Internet”. (Sooner or later it will be keeping adults from finding certain information, but let’s put a pin in that for later.) If it is not “on the Internet” then it is not a problem. I can run a computer all day and if I’m not “on the Internet” then I am not going to find any of this dangerous addictive stuff that is published “on the Internet”.
So if the problem is “on the Internet” and not on my computer, which I own and runs the OS of my choice, then it makes no sense to have to prove my age to log in to MY computer.
This entire effort to mandate age controls over logging in to a device are being put in place because the content providers “on the Internet” don’t want to make the effort to put the required controls in place. That would cost $money$ and it might affect their bonuses after all!
Putting age controls on devices to access the device makes about as much sense as taking the knives away from all the chefs in all the restaurants because someone might steal one and stab somebody.
This isn’t about `keeping young people from accessing inappropriate content on the internet`. That’s a Trojan horse excuse for a far greater evil – mass surveillance, and information control over the entire global population. New World Order stuff, like, for real. That rabbit hole explains a whole lot about what happens in our society.