18
Age verification on Systemd and Flatpak
(cybrkyd.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 04 Apr 2026
18 points (100.0% liked)
technology
24325 readers
273 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 5 years ago
MODERATORS
It's reasonable to assume the next legal step is to outlaw lying about your age. IP logs associated with an age of 126 would be easy targets. You could lie about your age with something more realistic, but then it's another avenue of device fingerprinting.
A better thing to do would run a script that edits your age every boot, randomly between 25 and 65, along with an always-on vpn that keeps switching locations.
Or just switch to a distro without systemd, like KaOS. That's probably the direction I'll head next.
The push is towards identity attestation with digital signatures issued by authorities. Of course that's still quite the technological leap from having an dob field in a user database, but that's just a part of what's required by the Californian legislation. The NY legislation already tried to include identity providers. And EU countries already have the IDs, the EU is just not in a strong position to require OSes to implement uniform support.
EU has been trying to push for government identities on social media for like 15 years. And online IDs even longer.
Yeah I highly doubt this specifically will be any meaningful change or particularly the coming avenue for change, but I don't necessarily think that's fully it, because it has always been just as technologically feasible DRM currently is ("Secure"/"Trusted^(treacherous)^" Computing, TrustZone, TEE(s), Secure Element(s), ME, TPM, SGX, TDX et al..) all designed trusting the manufacturer first then the user second if even at all, all widely used(or capable) almost without exception today. I just don't think the appetite or need has gotten truly there yet. but with with how suffocatingly American core internet infrastructure and historicaly entrenched design elements are, when truly threatened i can see the dropping of the "open" internet facade becoming much much much worse that won't be as solvable as just some configs or applying some patches. ignoring the liberal dogs with unimaginable cognitive dissonance and white hubris that somehow imagine building around the exact same panopticon but painted blue with stars, and "European"^(whatever\ this\ is)^ will somehow be spectacularly different. i can't tell if my thinking is just borderline conspiratorial, but there is wayyy to much undeserved trust in this stuff that just because it hasn't been weaponized more overtly yet doesn't mean in more desperate scenarios/stronger positions it wont or cant be.
(I agree with you I'm just talking into the aether getting carried away typing saying the same thing but worse and convoluted. I need some sleep :( )
(removed my doomer disjointed rambling about actually important and real security being wrapped into "trusted" computing. truly free computing died soon after it was born; it is possible, but only in a better world. the last time I smiled was on August 19th, 1991. etc...)-
They aren't that far off with UEFI and secure boot. I remember that there was a legit scare in the Linux community that community distros might be left behind.
And you are also overlooking what's already happening on Android, you might still be able to run a custom FW but some apps just refuse to work. I could see regulations demanding that all adult apps require a signed firmware as a start. Many of the EU identity attestation apps already don't work on custom FW and might only have option or two in your country. Many government services will be a lot harder to access if at all without those ID apps, already the case for some services.
And no the EU doesn't truly care to get digital sovereignty, or they wouldn't require ID apps that require google attestation. We already know the US government digitally sanctions people and turns of their digital access to US services they need.
Its really not reasonable to assume either of those things. If shit like this really takes off it'll be less like the linked discussions and more like DRM, with proprietary software (and hardware, if they want it to stick), linked to an online service that "verifies" your age externally.
I think you're offering way too much good faith to a government that believes in prisonlabormaxxing and genocidemaxxing.
I'm not assuming good faith lol, those mechanisms just wouldn't be effective, and assuming the government thinks about linux users enough to chase down IP logs of users with a particular fake age is childish, and that's all assuming that the PRs being discussed even do anything of the sort (sending the age stored in the user db to external services willy nilly).
If age verification crap catches on it won't be totally unenforceable mandates like "its illegal to lie about your age" it'll be technological solutions ala DRM and they'll be more effective (but still circumventable with a little expertise probably). And for now, I do expect that the legal mandates will remain on service providers, not individual users. We're simply too much effort to prosecute for meaningless bullshit
You would think hippies and immigrants and trans people are too much effort to prosecute for meaningless bullshit too.
A
can't see on your face that you lied about your age when you installed ubuntu 9 months ago, but they can identify members of those groups and single them out for harassment, culminating in disproportionate prosecution for minor offenses. These things are not comparable. A better comparison would be digital piracy.
This is a ridiculous hill to die on, idk why I'm even replying
They didn't need your face, they have your digital footprint, and if you aren't being extremely mindful of what personal information you leak online, they have WAY more data collected on you already than you should be remotely comfortable with.
Of course, but that has nothing to do with your prediction that I took issue with. I'm not saying this shit isn't dystopian and going to get worse or that age verification isn't going to be a part of that, but the specific childish predictions of "operating systems add age verification that literally is just asking the user what their age is and just send it willy nilly to cloud services -> government outlaws lying about your age -> services log ages and IPs -> the government gets that info and uses that to track down and prosecute people with the exact maximum age".
The reason there's generalized harassment of oppressed groups and not of digital pirates (or age liars) is 1) because pigs don't actually care about digital piracy that much, its not baked-in to settler society in the way that white supremacy, patriarchy, etc. are, and 2) because pigs can't really see it. 2 could change, we could get the watch dogs future world where everyone is facial recognition-ed at all times and that's linked back to their digital footprint to such a granular level of detail that random beat cops can see that you pirated a movie last night or that you signed up to facebook with a false name/age. But even if that changes, point #1 will not change on its own, changing the law doesn't suddenly make cops or the legal system at large give a shit to enforce it, it'll just get used as another way of harassing the marginalized people they already wanted to harass.
"I'm a white dude so it'll never happen to me"
disengage
Avoiding systemd is getting harder and harder though. Some sort of script or plugin would probably be best.
That's exactly why it should be avoided. The vision of the FOSS operating system was that parts were interchangeable, and you aren't locked into any one thing.
People raised the alarm bells on systemd years ago and unfortunately it seems they were correct all along.
Eh. I'm not really on the systemd hate train that a lot of people are. I think having a unified interface is good actually. Plus it's modular enough that you can absolutely add/remove components in your distro.
I also really don't think that this is a sign that they were correct, the whole point of my comment was to point out how ridiculously small this change is and it has no visible path towards becoming anything more.
systemd's whole thing is being the glue, so it makes sense for them to expand their API when changes are being proposed. Doing that ahead of time saves them headache later since people will splinter into other workarounds.
If the "age verification" stuff ends up centralizing on a systemd module, that's good actually since it means you're less likely to see people implementing it themselves in ways that are harder to see or disable.
If all of that flows through systemd, you can just turn it off on the API layer and anyone who uses it (which at this point, will probably be a lot of people since they're ahead of the game) hands off that control to a thing you as a sysadmin have easy control over.
Systemd went out of it's way to preemptively grovel in front of the US Empire before it was even asked to - that's reason enough to hate it.
The path is visible to anyway paying attention. I fear this is like climate change, all the warning signs are there, but Westerners find it way more comfortable to ignore the problem and bury themselves in treats and online media and kick the can down the road until it grows exponentially worse.
Maybe? Time will tell, but I don't see anything like this being mainstreamed without forks and pushback. This isn't Microsoft doing something behind closed doors.
If lying about your age is illegal then not verifying your age at all is probably also illegal. You probably wouldn't be able to access any commercial, online software or websites using an unverified distro
Again, that's outside the control of systemd. If they need to provide an interface, they need to provide an interface. If you don't want to use that interface you don't have to, but I'd rather have that commercial stuff pinging a known open API than doing something sketchy internally.
This would be a significantly better problem to deal with than having the OS compromised in the first place.