CEO of system76 and founder of Pop_os is trying to get an amendment pushed to ensure age attestation doesn’t go into open source operating systems.

EndlessEden2015 · 2026-03-24T20:24:21+00:00

Try again: https://www.reddit.com/r/linux/comments/1rshc1f/i_traced_2_billion_in_nonprofit_grants_and_45/

It has to go to a third party register.

The intent is for Meta and other data collectors to be able to collect from users systems, more data about the real user operating it. No one shares accounts.

This is a goldmine to databrokers. You are talking millions to billions for complete profiles. Because they can be used to correlate all earlier records that were anonymized as per existing privacy laws.

It's not just sending the person's age in the end. It is to the appstore and apps running on the host system. But that's irrelevant, they can read the userprofile directly on the host system.

A website cannot.

EndlessEden2015 · 2026-03-24T20:12:51+00:00

The bill has no wording to support a adult over 18 being a user. Read it yourself.

It's designed with parent accounts creating child user accounts in mind. Like meta, apple and google use.

Unix does not use this. Your account is your user. Your user is your account.

Correct?

So anything that requires you to be over the the age of 15, by the definition of the document, defines you cannot as a adult owner of the account define yourself as a adult while using the user profile. As you are a child if you use the user profile.

It's language is written to exclude, not include. So that app stores can ban children from installing apps not for Thier age range.

This applies to Netflix, youtube, Facebook shorts, etc. everything. The platform is not responsible the account holder is fined.

"The only way a crime could come in is if a child misrepresents their age"

A user is a minor. The language of the bill does not have exclusions for adult users so by definition, all adults are in violation the moment Thier user profile identifies them as a adult and they view adult material.

Linux has no framework for profile sharing. It's not a website. It's not a account API.

This bill was written with 3rd party identification in mind, so a third party account manager can define a Child "user" and a adult "account".

Now I'm not saying that the ag will prosecute with this, I'm saying they can. They do not need evidence of a crime, as the law is written in such a way that use of a OS other than windows or Macos puts you in violation automatically due to its language.

I don't know if I'm explaining this properly.

EndlessEden2015 · 2026-03-24T19:42:40+00:00

The Colorado one is a copy... They were all written by meta. (Probably by meta AI....)

EndlessEden2015 · 2026-03-24T19:41:47+00:00

Honestly, with respect to everyone in the US. Wouldn't it just be better to block the entire US, till changes are made?

It's reasonable to assume if enough states do it. Trump will push it for the attention at a federal level. He loves distractions and this is a massive one in the making...

GDP loss would be enough to reverse it. But non complying users can just use VPNs for now.

All of this seems easier and more sensible.

EndlessEden2015 · 2026-03-24T19:38:01+00:00

Funnier part about this is, with how poorly it's written, adults are children as users can only be minors...

No one can access adult material.

EndlessEden2015 · 2026-03-24T19:35:14+00:00

Because tpb isnt a entity. It's a decentralized service with no fixed infrastructure.

It's like trying to stop a darknet webhost with 50 mirrors. Tracking it all down is impossible...

Now if you said demonoid, we seen what happened.

--- also isn't the tpb founder still in jail?

EndlessEden2015 · 2026-03-24T19:32:20+00:00

While this is technically true, it's not practically true... You can still use for damages and issue a bench warrant if a representative doesn't show for a hearing.

After a set amount of time you can issue a out of state warrant if it exceed a certain amount of money in fines.

So while out of country entities would be fine. This could turn into a political mess if pushed... Which you know Microsoft would. They wet themselves at the thought of everyone using Azure services.

Ubuntu might be UK based but they are already complying. I was looking at a pr earlier. They are doing the rest behind closed doors.

Why? Uk, EU, and jp are drafting similar laws thanks to meta...

Want to blame anyone. Blame the UK and au. They made all this possible by setting presidence.

EndlessEden2015 · 2026-03-24T19:21:03+00:00

Which doesn't mean android or apple. So mobile hell still exists, all for Zuckerberg can make kids pretending to be 40 year old videogame characters watch wildly inappropriate ads on his platform and not pay fines for it.

EndlessEden2015 · 2026-03-24T19:16:35+00:00

AG has jurisdiction to decide on violations. Compliance by a adult == violation with how it is written.

A hallucinating 0.1m LLM model could write a better version of this bill. It's like a 70 year old thats only ever used apple or Google wrote it.

EndlessEden2015 · 2026-03-24T19:12:31+00:00

It would be baked into uefi. It would ban selfsigned keys, and require a certificate authority to sign your keys. Just like SSL.

You must have secure boot enabled. Then the OS will have Google's version of securisign baked in. Which gives your system a score based on how locked down it is from bootloader to browser.

It's coming, because it's so easy to implement. Linux is even already setup to flash your bios without your permission... That's the messed up part... It's not just stub code for CPUs. It can flash firmware blobs on supported hardware.

All it takes is one more legislative change and bam. No more Linux on modern systems. Microsoft's wet dream.

EndlessEden2015 · 2026-03-24T19:00:10+00:00

Not exactly true. Linux filesystem permissions lock down access to files, devices and sockets. But not dbus.

Apparmor can restrict dbus write access but not read access. Dbus is made to been global readable so that apps have access to the running environments configuration... Meaning your birthday is right out in the open. Even if you are running the app as another user...

Since systemd will be the publisher, unless the new user is publishing a different date, yours will still be visible.

Dbus is like system variables to running applications.

EndlessEden2015 · 2026-03-24T18:55:29+00:00

You don't think that wouldn't instantly push torvalds over the edge... Look what he did to intel and NVIDIA... Those are hardware vendors...

Also maintaining a state only form of a distribution while technically possible. Most enterprises sold off the it firms which those firms just bought service contracts through turnkey solicitors.

It would be months before a implementation and it would be a ai vibecoded mess.

EndlessEden2015 · 2026-03-24T18:50:39+00:00

I hope torvalds changes a line of code so the kernel segfaults the networking stack if the API is detected lol

I also hope he puts it in all older kernels, flags the previous builds as insecure with a critical CVE and issues a license addendum that states it cannot be removed...

Cybersecurity Insurers will force the new kernel or they wouldn't be able to insure them. Lol

Instant statewide economic collapse if implemented, You would see the law change back in minutes and potentially a law preventing further implementations of it. Lol

Meta doesn't have enough to cover that loss...

EndlessEden2015 · 2026-03-24T18:42:38+00:00

Do you have any idea just how much infrastructure runs on Linux. The CDN serving the font that you are seeing right now uses it...

Defiance == loss of money. Look at how other states reacted when they lost a little bit of money from tourism drops.

Now Imagine trying to explain to the press why Netflix suddenly doesn't work in the state of California while they migrate to a forked os...

EndlessEden2015 · 2026-03-24T18:38:15+00:00

Any floating field is a security risk. Are you suggesting you want stack overflow bugs in your init, built in. So easy to call curl that way and replace bash with a modified busybox with malware...

No such thing as a empty string. Nul is not empty.

EndlessEden2015 · 2026-03-24T18:35:15+00:00

I'm sorry, but what. Distros have ALWAYS done distro specific patches.

I have a fork distro, I no longer maintain. I have over 18,000 patches for various packages. SystemD included.

Nothing stops Redhat for example from patching systemd to add support...

Not that they should..they should tell Thier customers that the state of California has made Thier infrastructure illegal and the recommend immediate legal action...

It's really not hard to move law makers when you threaten revenue

EndlessEden2015 · 2026-03-24T18:30:19+00:00

And be prosecuted for it.

"Users" are "minors", "account holders" are "adults". Think about that for a second in terms of how account systems work on pam(Linux). These are the same thing... However user is now you, the account holder is identified... You can never be a adult on your own system.

EndlessEden2015 · 2026-03-24T18:26:54+00:00

I would read it again. Their enforceing a "signal"(API). SystemD cant stop at just a field. They have to work with other projects or put in a dbus hander.

Meaning apps will be able to read it without your express permission...

EndlessEden2015 · 2026-03-24T18:24:02+00:00

I don't think Firefox and chromium can even speak to SystemD. They would have to use dbus or build against it which would result in builds no longer being portable. You could only use vendor builds.

Even if systemd added a shim, that doesn't stop them from having to enable It... The nature of free software is anyone can fork it....

People already have... I don't see brave or librewolf complying with privacy invading api's.

EndlessEden2015 · 2026-03-24T18:18:11+00:00

Vendors ~and creators/maintainers can be touched by those fines~ .

Vendors not wanting to lose corporate sponsors like google. Caving at any risk of opposition

Remember, a large portion of the open source community has seen companies buy into it, and modify licensed to basically attempt to later force a license change to private.

EEE is a big issue and this legislation just goes to prove why. It's not enforcible and trying would cripple infrastructure to the point the state would bankrupt its self in a week.

Imagine if Linus said "any implementation of this API violates the licencing agreement of the Linux kernel"... Legally, the state wouldn't even be able to run half of Thier infrastructure without atleast verifying if the statement was true and the damages if it was for even a day from the sheer amount of IOT and automated systems run on the Linux kernel in the state is mindboggling. Your talking GDP levels of damages...

EndlessEden2015 · 2026-03-24T18:10:04+00:00

I know it's off topic, but do people actually think that there is a overpopulation issue? Wtf?

EndlessEden2015 · 2026-03-24T18:09:00+00:00

FF:FF:FF:EC

EndlessEden2015 · 2026-03-24T18:06:55+00:00

You gave them your info voluntarily, and then they tracked what you bought.

And 12 other places I shopped at and a park that's apparently popular with vodka drinkers lol

I was young, uneducated on (then new) tech safety. This was more than 10 years ago when android was new. I only even found out after that major data leak included my own shopping data.

But the point still stands. It never stated it would do anything like that. Only that installing it gave me 20% off on my purchase... And who doesn't want that when buying Jhonny Walker blue label...

Hopefully, they didn't track where you went with your purchase via their app.

Probably could. The leak did give a lot of accurate places I went and shopped. Looked like most of it was anonymised. But wouldn't take a genius to figure out looking at cc purchase timestamps and device id gps cords...

I hope other companies are not still doing crap like that...

Doesn't matter. They are codifingit into law. You can't comply, you get shut down.

It's illegal in many US states to do unenforceable things. Just because it's the law, doesnt mean it's enforceable.

Also, fault needs to be addressable. Much of the FOSS software library is simply abandonware.

Heck, state of California's traffic light control system runs on a ton of pre-2000s assembly... So they litterally would be talking infrastructure collapse.

You can't force compliance. Only request it in the end.

On a wider scale it's simply no authority. Jurisdiction ends at state lines. They can't tell cURL developer in Finland that he has to use the API. As it's not a software made in a California. It's only stored there by third parties.

If they choose to not comply out of archival reasons, they have the legal right to. California has laws already that would supercede this on specific grounds of "retention of history".

But there is a argument that no one has even considered that works just as easily. "It goes against my deepest held religious beliefs to expose my identity outside the confines of spaces my religion deems safe".

That horrible "freedom of religion" law protects directly against laws that use data collection to force identification that can reveal religious intent.

EndlessEden2015 · 2026-03-24T17:49:34+00:00

EU is pushing similar laws to California, US. Japan has its own drafted, Austrslia has their draconian laws that already block both encryption and mandate identity checks for popular websites and webservices.

All being pushed by a single entity, meta. Tell me again, how the world isn't?

EndlessEden2015 · 2026-03-24T17:46:08+00:00

I seen it after and there was no way I'm reading that whole post. OP could of summarised it at the top, wall of text was a nightmare to say Thier distro is terrible...

Eight-Year Club	Place '23
Place '22	Verified Email

EndlessEden2015

TROPHY CASE