- cross-posted to:
- linux@programming.dev
- cross-posted to:
- linux@programming.dev
Some of you need to watch this video, and hang your head in shame.
Dylan Taylor has been receiving constant harassment, including threats to his life and safety, for actions done collectively by SystemD. The article by Sam Bent was explictly mentioned as part of the harassment campaign, and rightfully so.
I don’t think enough people realize that this is catastrophically bad. It’ll discourage people from becoming open source developers, it’ll discourage people from using Linux, and it’ll discourage legislators from taking the Linux community seriously.
If you ever wished ill upon another human being for complying with a relatively inconsequential law, you are better off never touching a computer again. The Linux community has collectively gone so far beyond what is acceptable here.
I’m going to bullet my thoughts on this whole thing because I’m annoyed by the general response, and the implementation as well:
This reminds me of when Guillermo Rauch from Vercel praised Trump multiple times. Bro, you’re not Tim Cook. You’re not Ellison, Zuck, or Musk. You’re not even on their level. You’re not going to get on their radar. I have PTSD from fellow tech folks being weirdly aligned with fascism and this whole dumb thing is giving me that vibe again. I don’t think this is that 1:1, but this is like the metal scene. You have to dodge the fascists that seem to weirdly permeate corners of the culture. People that refuse and get annoyed by right-wing labels, but still help right-wing grifters, are their own unique brand of pathetic.
I’ll be upset when a cloud-connected Linux component prevents the system from working unless the real name and birth date fields have been verified
until then, this is just as inert as the real name field which has been there for decades, and far less useful for surveillance than the real name field which has been there for decades
What else could the point of these fields be?
Except this field has been implemented explicitly for this age verification laws. If this was for some random birthday greeting when you open terminal, i think fewer people would be up in arms. context is everything.
if this moron implements compliance with laws that record a birthday today, what is stopping him adding 3rd party verification of id tomorrow? So far his track record is corporate bootlicker. You cannot trust projects where this guy is a contributer to
The pull request approval process? It’s quite easy to recognize that one change is harmless and another is not. The slope is not THAT slippery.
I completely understand objecting to the systemd change, I also object, but acting like the fascists have already won is a bit crazy.
No, let’s wait till we’re at the bottom of the slope. Then start objecting.
As I said, I also object, but you have to realize you’re literally just doing the slippery slope meme unironically. The part that makes it a fallacy is the unjustified assertion that more egregious changes are the inevitable result of the first one, except the first one is materially harmless and in line with existing PII fields in userdb. It’s completely reasonable to expect systemd to go no further than it already has.
It is slippery, I have described the process UK is taken here https://piefed.social/comment/10693725
Age verification laws: slippery slope. Sure. I agree.
Adding optional age field to systemd userdb: not slippery. Systemd isn’t being weaponized as an age verification suite. It’s just not happening.
it would be very interesting to see that attempt
but Poettering has already said that functionality doesn’t belong in systemd so I’m not sure where anyone would raise such a PR
seems like an Ubuntu/RedHat level distribution design to pull in a brand new age-verification / mass-surveillance component, or maybe modify an existing telemetry component
the birth date field only made it into systemd because it’s user metadata that is consistent with what is already stored there, whereas surveillance does not
for now, at least
again, I’d be very interested to see what happens with follow-up PRs
Poettering closed the pr that was reverting this age field. What happens is adding more and more control in the future to conform to whatever idiotic laws someone might make. Should we then also implement a filter for what you type online to conform with Russian law about calling their war “SVO”? Its their law after all, so why not make the rest of the world conform? Its already years older then this age verification?
Slippery slope
Also?
There is no filter here so the comparison isn’t valid.
If we’re just playing hypotheticals, turn the situation around. What if some Russian state program was required to run on every machine and if it detected people not in compliance with the law it updated their location field to say ‘jail’. Should we then remove the location field?
According to the guy doing birth date pr, we should pre-emptively comply, so yeah… how about enforcing bans on promotion of LGBT propaganda that has been law in Russia since 2013? https://en.wikipedia.org/wiki/LGBTQ_rights_in_Russia#National_laws
Oh I know, lets introduce a field that stores an array of your nationalities, so any app developer can request your nationalities and adequately fine you for spreading illegal content online if you are Russian citizen. After all you can do that using a linux machine, so we gotta identify this now too. And the law also applies to foreigners. This law has been in place far longer than California or BR one. Who gets to pick and mix which laws apply and which don’t? But wait its okay its just an optional array, you don’t have to use it…
Do you now see how insanely dumb this is? I am neither in Russia or USA, why should I have to put up with a censoring mechanism?
In this hypothetical situation, why are you choosing to install software that does this? This software could just as easily store the data in a flat text file in your .config directory, it doesn’t need systemd in order to exist. Systemd choosing to not add those fields would not prevent the software from existing.
In any hypothetical situation where you’re forced to use some hypothetical privacy invading software, that software would still be able to do everything exactly the same even if it has to store your information outside of systemd.
Not having a field in systemd doesn’t mean that the data can’t be stored, it just means that the data has to be stored in a text file instead.
Systemd also has fields to store your realName and location. That same hypothetical situation applies to that data too. Your REAL NAME gives much more information about you than your birthDate and the location field is big enough to store your exact GPS coordinates. Like birthDate, these fields are not a problem (they’ve existed since the 60s) if you don’t install software that uses them.
If you don’t want software that tracks your location, don’t install software that tracks your location. If you don’t want software that requires your real name, then don’t install software that requires your real name.
If you don’t want software that requires your birthDate for age verification, then don’t install software that requires your birthDate for age verification.
Its not a hypothetical situation, it is happening, although right now to mobile phones and tablets if we stick with Russia example. Il let you envision what direction this is going to. But hey its a law. There are linux tablets out there, should maybe they add this pre-installed app?
https://brusselssignal.eu/2025/08/russia-orders-pre-installed-app-on-all-domestic-mobile-phones-and-tablets/
By the way that law is there since 2025. Its pretty obvious that we should pre-emptively comply?
That is my plan when we know the position of other distributions, I will be moving to one that does not use systemd. My argument with this is that the reasons for this change are clearly to comply with local laws that don’t affect majority of the system users. There is no need in this change to be global. It should not exist.
rejecting the revert is completely separate from accepting additional age-check / mass-surveillance PRs, you know this and you are being willfully ignorant
I would be very upset and very surprised if hypothetical follow-up PRs were merged into systemd, and I’m betting they will be rejected
How is it different? The ready acceptance of additional fields specifically for age verification is clearly proof enough that any further bullshit will be accepted just as quickly. PR description clearly outlines it is for the sole purpose of age verification…
Whats wrong with Age verification? its fine to verify age, the problem with the age verification laws is the issue of how age is being verified. In this case its fine because its local first and privacy respecting.
Age verification requires doxxing yourself in order to actually work, and if it doesn’t require doxxing yourself then it won’t work and it can be bypassed, so pointless capitulation granting ease into more authoritarian forms in the future. You don’t see why any actually functional age verification is a problem while fascists are trying to control all the digital architecture?
No it doesnt. If I ask are you 18 and you reply no/yes that is verifying your age without doxing you. This field is for when the user is NOT admin on the machine. This field would be filled out by the parent when they’re setting up their kids machine.
What is the point of a field like this if you can literally put anything in it you want? Your not verifying anything. The next logical step is to add proof.
That isn’t the next logical step for systemd, which is what this post is about.
The reason systemd stores this information is that systemd stores user information and this is user information.
If some future application comes along that wants to require age verification and use that field to store the data, then you can simply choose to not install it. Problem solved.
Removing birthDate doesn’t stop these programs from existing. If there isn’t a birthDate field then they can simply decide that they’re going to store the birthdate in the user’s ‘location’ field instead and it would work perfectly fine. Are you going to remove the location field too? All of the text fields?
Adding a specific birthDate field is simply recognizing that this software exists (which, it does) and that systemd is the logical place to store user metadata (which it is).
If you don’t like the software that will do age verification then don’t install that software.
Its not suitable for proving your age. Its adding a field which is a stepping stone to future gating and more control over something that isn’t even applicable to most of the users of the system.
Why not then add a live filter to ensure that you don’t call Putler’s war in Ukraine and call it “SVO” as you are supposed to? Its the law over there and many years older than this one. People already have gone to prison for not complying with it. But hey lets make that a part of linux too. Its law after all… Do you see how stupid it is to blindly comply to something that doesn’t even apply to you?
How is it not suitable? If I setup my kids age and an app wants to use the portal to check if he is over 18 and it returns no. That suitable age verification and its privacy respecting. Which is what is being suggested.
There are already parental control packages exist in the Linux infrastructure which are not tied to low level modules such as systemd https://github.com/biglinux/big-parental-controls if you want, you can install it. Its fork is available in the Arch ecosystem for example that mentions it complies with the BR implementation (https://github.com/jersobh/arch-parental-controls)
Why do I need MORE parental controls shoved down my throat when I do not desire it nor wish for it? But this time in a core component of alot of linux distributions.
Oh and before you tell me “but ExoticCherryPigeon, its an optional field”, sure, but here is the example of the slippery slope curtsey of UK:
Take a look at the history of this act https://en.wikipedia.org/wiki/Online_age_verification_in_the_United_Kingdom
We are now at the point where I need to use a CC to tell some 3rd party that I want a wank.
And what else is happening now? They are suing websites not based in UK! https://en.wikipedia.org/wiki/Online_Safety_Act_2023#Enforcement, but that’s not all, although not at the law stage, there are some talks about also now restricting VPN’s https://www.techradar.com/vpn/vpn-privacy-security/uk-government-says-it-may-age-restrict-or-limit-childrens-vpn-use-following-new-consultation.
A lot of websites also not based in UK jurisdiction have simply self censored UK users before they get ISP level blocked.
If this is not an example of a slippery slope, I don’t know what is!
TL;DR tools already exist, we do not need more tools that will be a privacy nightmare
You don’t and you don’t have any parental controls being shoved down your throat, you have a JSON field that you can choose to enter data in or not. It does not control anything, it is not validated by anything (outside of compliance with ISO 8601) and it is not required to be set to anything.
Who controls what is installed on your system? If it is you, then you can save yourself from parental control software by not installing parental control software.
So when application developer such as Discord (an example) builds on top of these age controls and decides to not allow access to channels which are marked 13+?
What do you expect will happen?
Don’t be logical. You’re supposed to cry fascist and hurl slippery-slope fallacies like this is the Reichstag Fire.
This guy social medias
Death threats are understamdable cause his move makes damage to huge amount of people. It is like a terrorism
Why does anybody submit changes to any project? Probably a wide variety of reasons.
I hope that you can see that there are people who see this addition as being not a big deal: optional field, no verification, GECOS fields already storing ‘realName’, ‘location’, etc.
It doesn’t seem like a huge stretch to understand why a person would submit a simple update when they don’t think it’s of world changing significance.
I’m one of those people so maybe I can help.
Yes, we are. That’s why I don’t use their software or services. The major, and most important, reason why this isn’t a big deal to me is that Apple, Meta and Microsoft don’t choose the software that is part of my system. We’re not in commercial software land, this is the FOSS world. Here, I get to choose what happens on my system because I am the one in completely control.
If a project decides that I have to submit to age verification then I simply won’t use their project, it’s just that simple. But, that is not what is happening here. There is no verification of any sort, nor is the operation of systemd affected by this field in ANY way.
I don’t buy the slippery slope argument that’s being presented around this topic which makes the change seem like the beginning of fascisim or the end of privacy or whatever other hyperbolic situations that people are breathlessly inventing to justify their outrage.
We already have fields to store personal data and those fields are optional and rarely used. They exist because they are needed in some cases and in the cases where they are not needed they do not do anything. The birthDate field is exactly the same as the realName field in that sense. It only does something if you choose to install software that uses it.
This field will NEVER affect you unless you choose to install software on your system that requires it.
What’s happening here is that people are treating this single JSON field as a stand-in for age verification. It is not. If someone wants to meaningfully fight age verification laws then they need to involve themselves in politics instead of social media brigading and harassment campaigns against developers.
In my view, this ‘situation’ exists because it allows hoards of people to appear to be ‘doing something’ without actually doing anything. It’s low effort activisim. People find it much easier to write self-righteous and hyperbolic comments and to get into internet fights than to do the hard work required to affect the politicians and laws that are passed.
On top of this we have the signal boosting effect of trend following, clickbait-driven sites and content creators looking to boost ad revenue by playing up outrage and drama.
I disagree with these laws, but this is not the hill where the battle is being fought. It is a pointless distraction and one that is being used to actively target a person for harm.
Nothing is going to happen on your system unless you choose to let it happen. No software update by any project will ever change this.
The only thing that will change it, and the thing that people should focus on, are the laws in the places where they live.
If the field did not exist software could not be made to utilize it.
Do you think that would prevent or discourage age verification software from existing? It’s not as if a systemd user field is the only place a user’s birthday could be stored.
Realistically, age verification software that is seriously attempting age verification isn’t even going to touch the systemd field, because why would it? The field could only be trusted if it is managed by an age verification service anyway, in which case the service could just as easily store the data outside of systemd.
Who gets to decide what software should and should not be allowed to exist?
If someone wanted to store a birthDate (and, evidence exists to say that they do) then the most logical place to store that user detail is with all of the other user details… in systemd.
You can choose what you put on your system, that’s the Free in FOSS. But, you cannot choose what other people put on their systems.
Its not leaving a lot of choice if it’s part of systemd and I’d wager far more people do not want this than were asking for it. There’s no benefit to it except for the government and corporations that want your data.
The field doesn’t do anything by itself. There is zero harm inflicted on people using systemd. There are probably lots of features of systemd that you don’t want or use and the entire negative effect that you suffer is a few megabytes less free storage space.
The only way the field would be used is if a person decided to use a different piece of software that wants a birthdate. If they don’t choose to install such a program then the field is no more a danger than the realName or location fields. They have scary sounding labels but do absolutely nothing unless the user chooses to use them.
It leave the door open for this to happen. A malicious software may not advertise that it is harvesting your demographic information. Now that this is in place it’s one more thing we have to worry about when evaluating software. There is absolutely no reason to be storing PII in a centralized spot where anything and everything can request it. If I want an app to have any of that shit I’ll enter it on a case by case basis.
You can say “well don’t put it in there” but what happens when big monopolistic corporations start requiring it to use some service of theirs that you don’t have an alternative for? Now I have to maintain a separate PC for that shit? Fuck that.
If you choose to use a service that requires age verification then that service will store your age verification information on your computer somewhere. If it is stored in systemd, malicious programs will be able to access it. If it is not stored in systemd, malicious programs will still be able to access it.
If you choose to not use a service that requires age verification, then you will not store any age verification information on your computer to be stolen by malicious software. Even if systemd has a birthDate field you will not store any age verification information.
The difference in these two scenarios is your choice to use age verification or not. The location where the data is stored doesn’t change the scenario.
I ve got a feeling he wont change his mind. This kind of people are just too optimistic
Because the real fight is not on the internet or computers.
People protesting (legally and peacefully) have been targeted based on social media accounts. This is closing the gap to allow similar fascist behavior on an even more personal level.
Yes, this is bad. People should not be targeted because of what they wrote.
On a personal level.
Yeah, that would be bad. Kind of like a targeted harassment campaign of a person because of what they wrote.
It’s one thing to be against age verification or software that does age verification or platforms that require age verification. That isn’t what is happening here.
That fight is political, this is an engineering problem.
You could argue that this enables age verification, it doesn’t. Age verification software can exist without this field, it could store your birthdate in .config/EvilAgeVerificationApp/userinfo.txt.
The field is an optional entry, systemd doesn’t require it or verify it. It is simply the most logical place, from an engineering perspective, to store the data.
It’s one battlefront of many, and a fairly significant one. As we’ve become on online society, computer software has come to encode human rights to expression and privacy. Those rights are worth fighting for.
But it probably realistically has to be organized on it, since that is the global communication network…
What I’ve learned is that it’s basically impossible to convince people that the only real way to solve this is violent revolution.
Given your lack of history of violent revolution (I’m assuming), I’d guess it’s because you look like a hypocrite for sitting behind a keyboard and telling others to do something you’re not willing to do yourself.
I’ve already spent years of my life in activism (the actual kind where you do work and try to build community, inevitably get added to watch lists, etc) trying to motivate others. I’ve helped with Food Not Bombs, etc. I’ve done a decent amount of “walk the walk” but I’ve also got a life to live. The US is deep into a propaganda hole that I’m afraid is gonna take a long time to climb out of and people have goldfish brains. I don’t really care how I come off to folks on the internet.
Well, you come off like you’re promoting violence.
The real fight is on multiple fronts.