Why are people worried about age bracket category (optional, defaults to "over 18") but they're not worried about remote attestation (will be mandatory to view any website)?
The other day someone commented on this site that in the age of agentic coding "maintaining a fork is really not that serious of and endeavor anymore." and that's probably the case. I'm sure continuously rebasing "revert birthday field" can be fully automated.
Then the only thing remaining is convincing a critical mass that development now happens over at `Jeffrey-Sardina/systemd` on GitHub.
I believe Debian doesn't ask for a e-mail address on installation, but the username is obviously necessary if you're going to login. I leave "Users full name" empty and it's fine.
The e-mail address also has a use, for important notifications. There are cases where the OS tries to send an email. But as I mentioned, I don't even know where to set it I've never been prompted and if I was I would leave it empty.
Any app that has access to your age category has access to your home directory where much juicier things live. Probably including your email address, and all your passwords.
There is a stupid new California law, which requires that all operating systems must demand the age of any user, and then the OS must implement an API through which any application can ask which is the age of the current user.
This information is supposed to be passed by browsers to the sites you visit, so that they would implement age verification.
The systemd maintainers are among the first who have rushed to be compliant with the new law, even if compliance with abusive laws does not seem the right solution. In the so-called land-of-the-free, any law that commands people how to use their own property in circumstances when what they do cannot affect in any way other humans, should have been struck down as anti-constitutional. Laws might require Web sites to have some kind of age verification, but they may not decide what people can or cannot run on their own computers.
If the legislators were so concerned about age verification, there are easy and non-invasive solutions, like providing a way for each adult to obtain (without recording this transaction) a device that generates one-time codes for age verification (like they were used for online banking before the current fashion of using smartphone apps). Or if that is too expensive, some printed cards with a list of codes with temporary validity could be used, or other such methods that can verify age without providing user identity. Even such methods are worse than the right solution, which is to use parental controls instead of age verification at the sites.
The requirements of the law are incredibly stupid and for now they are trivial to circumvent, but the fear is that this is only the beginning. After the legislators see that they can force anyone to work to implement such ridiculous demands, they will demand more, eventually leading to privacy-restricting measures that will no longer be easy to circumvent.
It goes nowhere of course, but people seem to think that the age verification laws that are currently being drafted everywhere somehow make this the obvious next step.
They don't understand that it's still all on your computer and you can of course set the birthdate to whatever you want (or not set it at all).
The existence of the user birthday field is mass surveillance, but the GECOS field, which contains your full name and street address, and the username, which often contains parts of your name and is mandatory, somehow are not. Full access to your home directory, which includes all of your passwords and usernames and confidential data, also somehow is not an invasion of privacy.
systemd also stores the real name of the user using this computer in the same user record. Why not remove that as well, as it could uniquely identify the user of the computer? Or the uuid field...
Why are people worried about age bracket category (optional, defaults to "over 18") but they're not worried about remote attestation (will be mandatory to view any website)?
The other day someone commented on this site that in the age of agentic coding "maintaining a fork is really not that serious of and endeavor anymore." and that's probably the case. I'm sure continuously rebasing "revert birthday field" can be fully automated.
Then the only thing remaining is convincing a critical mass that development now happens over at `Jeffrey-Sardina/systemd` on GitHub.
Here is the changes:
https://github.com/systemd/systemd/commit/71ad73569d9a5e2588...
Wow. Literally right next to the birthday field, which is apparently a gateway to mass surveillance, is physical location, which is apparently not?
Context/related submission:
Store birth date in systemd for age verification
https://news.ycombinator.com/item?id=47436240
The birthdate doesn't actually get sent anywhere, right?
Why would adding a field for a birthdate be "mass surveillance" anymore than having fields for email, full name, etc.?
Because it's the first step.
“Information, once collected, will be misused.”
― Richard Stallman, How Much Surveillance Can Democracy Withstand?, 2013
So that's also for email address, username, right?
I believe Debian doesn't ask for a e-mail address on installation, but the username is obviously necessary if you're going to login. I leave "Users full name" empty and it's fine.
The e-mail address also has a use, for important notifications. There are cases where the OS tries to send an email. But as I mentioned, I don't even know where to set it I've never been prompted and if I was I would leave it empty.
Any app that has access to your age category has access to your home directory where much juicier things live. Probably including your email address, and all your passwords.
Don't forget location.
It doesn't, and it's optional.
Perhaps I wasn't paying enough attention to this fork's commits, but what is actually happening with the birth date and where does it go?
There is a stupid new California law, which requires that all operating systems must demand the age of any user, and then the OS must implement an API through which any application can ask which is the age of the current user.
This information is supposed to be passed by browsers to the sites you visit, so that they would implement age verification.
The systemd maintainers are among the first who have rushed to be compliant with the new law, even if compliance with abusive laws does not seem the right solution. In the so-called land-of-the-free, any law that commands people how to use their own property in circumstances when what they do cannot affect in any way other humans, should have been struck down as anti-constitutional. Laws might require Web sites to have some kind of age verification, but they may not decide what people can or cannot run on their own computers.
If the legislators were so concerned about age verification, there are easy and non-invasive solutions, like providing a way for each adult to obtain (without recording this transaction) a device that generates one-time codes for age verification (like they were used for online banking before the current fashion of using smartphone apps). Or if that is too expensive, some printed cards with a list of codes with temporary validity could be used, or other such methods that can verify age without providing user identity. Even such methods are worse than the right solution, which is to use parental controls instead of age verification at the sites.
The requirements of the law are incredibly stupid and for now they are trivial to circumvent, but the fear is that this is only the beginning. After the legislators see that they can force anyone to work to implement such ridiculous demands, they will demand more, eventually leading to privacy-restricting measures that will no longer be easy to circumvent.
It goes nowhere of course, but people seem to think that the age verification laws that are currently being drafted everywhere somehow make this the obvious next step.
They don't understand that it's still all on your computer and you can of course set the birthdate to whatever you want (or not set it at all).
tl;dr: it's a tinfoil hat fork
This does a terrible job explaining, but it seems to be in protest of age verification laws in operating systems.
The only commit is removing a user birthday field.
The existence of the user birthday field is mass surveillance, but the GECOS field, which contains your full name and street address, and the username, which often contains parts of your name and is mandatory, somehow are not. Full access to your home directory, which includes all of your passwords and usernames and confidential data, also somehow is not an invasion of privacy.
systemd also stores the real name of the user using this computer in the same user record. Why not remove that as well, as it could uniquely identify the user of the computer? Or the uuid field...
Because this is a reactionary political statement and not a well thought out privacy project