The coordinated effort worked. When lawmakers finalized Colorado SB26-051, they added Section 6-30-105(e) to the text. This specific clause waives compliance for operating systems and applications distributed under licenses that allow copying, modifying, and redistributing without platform-imposed technical restrictions. Why the Section 6-30-105(e) Exemption Protects Decentralized Tech
This exemption establishes a formal legislative precedent for the tech industry. It legally shields free and open-source operating systems from hardware-level age attestation laws that closed ecosystems like iOS and Windows will soon have to follow.
While I don’t like age verification, I do have to give the System76 guys some credit for pushing for an exception
How some Linux developers defeated (for now) the new OS age-verification laws. Long live those Linux developers, who “heavily criticized the mandates”, made public statements, and contacted the legislators.
Because other Linux developers, instead, immediately bent over backwards to start implementing changes towards accommodating those laws; for sure they didn’t heavily criticize the mandates, nor make public statements, nor contact the legislators.
Let’s not misdirect peoples anger over age verification
The blame for age verification rests solely on the legislative bodies and the governors who didn’t immediately veto it.
They defeated one of the laws in one jurisdiction. The California law is still in place, international laws are still in place, and federal laws are being advanced.
The first thing on the post you linked is the systemd change which adds a new number field in a completely user controlled local environment where they can write anything they want.
Oh nooooo… ಠ_ಠ
Oh come on we know how this works. Age verification is a prelude to digital ID and that “totally optional user field” is a prelude to something not optional. The current incarnation of that PR is optional and user controlled but it leaves us open to more and more.
Never give them an inch
It really doesn’t. You are showing you don’t know how it works.
Webpages can enforce remote verification for sure, that would fuck anyone, Linux included, but a local data file doesn’t leave anything open for the idea I just said.
If you have root access you have complete control of what happens in your local environment. The only way to enforce user verification is to make it remote reliant (just like it’s done in Spain for example, government regulated digital certificates), and then this new field is useless.
It wasn’t a good proposal given that the original intention was compliance in a very useless way, but y’all are going crazy without learning about it.
Then if it doesn’t matter, why even put it in? I know you’re not so ignorant as to not realize this is how it starts. They add something innocent and unimportant so that idiots like you will say “it’s fine, it’s not a big deal, it doesn’t matter” and then they slowly make it more and more invasive, little by little
Idk man, why put it? I agree, I down voted the proposal since it was useless. Didn’t go mad posting about it tho.
I understood from the beginning that you are trying to make a “slippery slope” point, but this is open source, each change should be evaluated as is, with what it implies. A local field that isn’t being used in anything doesn’t condition users or Devs to anything that will then make them accommodated and easier to approve an actual invasive feature.
I will agree with the slippery slope argument when they propose a feature that is minimally invasive. This was both useless and 0 invasive.
Edit: actually no, this feature wasn’t useless overall. It was useless for age verification, but great for parental control. The moment a kid doesn’t have root access to the computer, a parent can put whatever age to block the kid from whatever features the parent wants to block them from. Think about it, self enforcing age verification doesn’t give power to governments, it gives it to the root user of the computer, aka parents. It’s something that actually works.
It’s unenforceable on Linux. A Linux user can simply remove or modify any code running on their machine. Fedora, Debian, and Arch can’t make a user verify their age any more than they can force you to use Gnome. It’s kinda the whole point of FOSS.
There is a very easy way to force linux users to enforce this. However, I won’t give it away here, because as far as I can tell the current law makers are clueless.
And I don’t want to give them clues.
There isn’t an easy way. There may be a way to enforce it when you connect to a remote site, but that requires the remote computer to implement it, not you.
I’m already seeing that in a year or two, we’re getting blocked on websites or electron applications because of age verification just like in android with Google Play Services. Like use age verification software or get blocked for 99% the internet.
They don’t even need to turn it into law.
Whatever device based verification those websites or electron apps were communicating with can be spoofed in a system where you have complete control.
Games are cracked in weeks at most, don’t you think that whatever secure communication is established won’t be cracked lightning fast by the whole FOSS community? Once the “secure communication” between local apps is broken, a third package can mitm that shit easily. It’s a local environment.
Honestly the faster they try to lock us out of the web the sooner we can get a second, freer web with card games and prostitution.
“Like putting too much air in a balloon!”
Like a balloon, …and something bad happens!
That may be my favorite line from the whole show
That’s true and I bet its a big part of the plan. The good parts for us about that approach, though, is that the bad technology is baked into the services, not the user’s software, and the system depends on the tech oligopoly remaining. Laws are more durable than trends, so maybe that could be better for online privacy long-term, because the oligopoly will eventually break up. If we’re real lucky, some of them won’t survive the AI bubble aftermath enough to participate in this.
Our current law makers are still debating if freeing the slaves was a good idea. That’s how far behind they are.
Behind or ahead? Maybe we shouldn’t respect the laws they make?
I am very glad that you have strategically selected which parts of your mind to lose.
I’m going to argue that you share it because one thing you can count on is very determined nerds to defeat it.
Every time legislators tried to enforce some sort of dystopian thing, developers saw it as damage and routed around it.
You’re not wrong, security through obscurity eventually fails. In this case however, time counts, the longer it can be cut off, the more chance of some sanity returning, of backlash building politically. The time to route around is after a law is made, preferably as flawed a law as possible.
And that’s the whole point of the amendment to that law. Their congress critters were enlightened on the futility of such an endeavor. Next is California.
but systemd has dooomed us all
waaaaaahh!
Are you referring to the userd field? That would mean nothing if the user has total control on what can be written there.
From the linked System76 blog:
New York’s proposed Senate Bill S8102A requires adults to prove they’re adults to use a computer, exercise bike, smart watch, or car if the device is internet enabled with app ecosystems. The bill explicitly forbids self-reporting and leaves the allowed methods to regulations written by the Attorney General. Practical methods for a bill of such extreme breadth would require, in many instances, providing private information to a third-party just to use a computer at all. Privacy disappears.
That’s appalling, and NY won’t be the only government trying it. This is going to be one of those battles we need to fight again and again.
It also goes to show you who is running the government
Too bad this is moot. Google wants to deploy QR codes to prove you are human and not AI. The QR code is for your phone to prove you are real. Oops, your phone has a uuid and phone number and there goes your privacy.
Google qr code = Ctrl+W and never visiting your site again.
Yup. VERY easy soultion.
Can you give a source for this?
I’m presuming the QR uses the advertiser ID, which can be changed.
Phone number would be GDPR, so I don’t think that can be used.
If you’re providing it “voluntarily” it won’t fall foul of GDPR.
I’m not in a GPDR jurisdiction, but if memory serves, is there not some clause preventing service providers for compelling me to “willingly” provide information to access the service, similar to a “duress” situation?
There is something like that but I’m not sure it really has the force we all wanted it to. I don’t know if it’s been tested in court yet, but the optimistic people thought it would ban any kind of “be tracked or else you have to pay”, but I believe a lot of services are operating exactly this way.
What phone?
I must admit pessimism here, once this crap has the 99% (OK 95% or less for non-phones) accepting it, they’ll come for linux (or the ISPs). When they came for the gays I didn’t speak out… It’s the thin end of the wedge (OK, extremely thick end). Colorado is not the world. The laws will be flawed, but continue to be amended, perfected, worldwide, because politicians as a class hate free speech, and anonymity protects free speech. The technically able will keep finding loopholes, but the vast majority will be left behind.
Probably there will be an exception made for corporations, after all, they have more need for privacy than the populace. /s
i just don’t want to live on this shitty planet anymore :/
The trick is understanding that no one does.
You know … now that open source is officially a legal loophole, I could see this making it more popular.
New reason to use Linux: You’re 13 and you want to look at boobs on the internet, but other operating systems won’t let you.
Next up: to install Linux on hardware the hardware first needs to verify your identity. This is at the RAM, SSD, and CPU level. All 3 must agree before allowing installation.
is there a similar contingency in the California law?
Not yet, but I’ve spoken with Wicks staffers responsible for writing the bill. They are very aware of the open source issues and working on getting changes implemented during the current legislative session.
They are very aware of the open source issues and working on getting changes implemented during the current legislative session.
There is no ‘open source issues’.
There is an absurd law issue that cannot be solved through ‘exemptions’ (which can always be removed later on) but by completely getting rid of the law itself. These are bad laws that aim to kill online privacy, with or without exemptions for our dear open source/Libre software.
thank you
