Add a required birth date prompt (YYYY-MM-DD) to the user creation flow, stored as a systemd userdb JSON drop-in at /etc/userdb/<user>.user on the target system.
Motivation
Recent age verification laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc. require platforms to verify user age. Collecting birth date at install time ensures Arch Linux is compliant with these regulations.
This is just a pull request, no changes yet.
The pull-request discussion thread has been locked, just like it happened for the similar thread in Systemd, owing to the amount of negative comments…
This dude need to chill, he also pushed the systemd change, and in his blog he seems to believe android “advance flow” for sideloading protects users.
The one they are targeting is California’s AB-1043, which still have three quarters of a year before it comes into effect…
I think this dude might get too excited for his new subscription of claude code or whatever, and decided to spam every project with these request. Some of these are reasonable, some are compliance in advance.
Also this dude writes two freaking blog every week with LLM. If I were him, I would try to find some joy in my personal life…
I fully expect this person to not be even real and instead just another ai bot to push agenda for corporate scum
He’s the third highest contributor to archinstall.
https://github.com/dylanmtaylor
Still a dipshit but probably not a bot.
it’s so strange to me that he tried to add age verification scripting changes in archinstall. isn’t that the wrong place systemd makes sense but I’m puzzled by the archinstall pr
The thing that’s frustrating is that if the age verification laws weren’t there and they wanted to add a birthday field it wouldn’t seem bad. Details about the human using the account like first and last name are already stored. All you really need is username. But because it’s explicitly in reaction to age verification laws we have to be skeptical about adding it.
@JackbyDev @underscores Yes we do, because it is an erosion of our freedom.
The timing makes me even more suspicious. Of all the times one could added this field, this is probably singularly the worst one. Right after discussions of mandatory age check? Seriously?
You don’t need to be suspicious, they’re explicitly adding it because of that. They said as much. Look at what they wrote under “Motivation.”
are you sure it’s even a person, not a bot? because this all screams either bot or seeking internet fame as the “hero to kids”.
I think he has repo pre ChatGPT with legitimate usecases, while that would not be a conclusive proof, I cannot imagine some chatbot would bother with this.
Yeah. He’s also the third highest contributor to archinstall. But even good developers can have shit beliefs.
Discussion?
Yeah. That’s not what’s happening.
Censoring dissent, is what I hear is happening.
You guys hear a lot but you don’t seem to listen
there’s so much shit to implement in linux, new shit to make, old shit to fix. preemptively adding this bullshit, without anyone even threatening any meaningful action, should be shot down in flames and this joker excluded from any and all FOSS avenues on account of spam and trolling.
I am sure the tali-fucking-ban are tali-fucking-banning women from using the computers by way of whatever passes for laws over there. is this bootlicker gonna implement “just a JSON field” to that end as well?
grow a spine, you corpo-fetishizing cowards. where’s the “fuck you, make me” attitude? what, california of all places is gonna ban linux? fucking lol.
I don’t know what people expect.
All big linux distros are going to be quickly a target, because the people who like age verification laws like that hate the idea of free software.
Putting a dummy, useless age input, is a good way to comply maliciously, and can be easily reverted if these stupid laws ever get removed.
It wouldn’t surprise me if obvious ways to bypass it appear a few seconds after the changes are validated.
The alternative is that these systems could be outawed in a lot of places, which would have a much more negative impact than an age field.
War is about knowing to take a hit to avoid defeat, sometimes.
This law affects so few people in the world, they can bugger off with their changes. No one on my entire content is affected by this stupidity.
This law affects so few people in the world
It’s not just one law (/statute).
Around a third of a billion and increasing, seems a strange quantity to dismiss as “so few people in the world”.
No one on my entire content is affected by this stupidity.
Continent?
How long will that last?
Continent Thank you yes
It’s not just one law (/statute). Around a third of a billion and increasing, seems a strange quantity to dismiss as “so few people in the world”. EU alone has more population than the affected regions by a few hundred million. Why should we be putting up with this nonsense in advance? This is absolutely wrong and how does this get affected by our GDPR laws? Please don’t forget that not everyone lives in a complete technocratic dystopia and we place more value on certain protections. Trying to predict when the next ludicrous right wing nonces will win and try to put through their own child molesting agendas in EU seems premature.
How long until USA becomes the new Noth Korea where you can only get 28 state sanctioned haircuts? Should we comply with this requirement too? You know its only a matter of time isn’t it? (If sarcasm is not clear, I apologise for nothing)
Found the corporationist bot.
War is about knowing to take a hit to avoid defeat, sometimes.
We have been taking hits since, like, 1965 at the least. Surely by this point it should have been enough?
Everyone I don’t agree with is a bot!
And what would refusing a field do?
What needs to be done is basically a revolt against current governments and capitalism, not nitpicking every privacy-invading law that comes, and then waiting patiently for the next one to come.
You’d rather put a big target on linux systems for stupid fucks to label it as “the big danger for our kids” which would just bring nothing good.
You want to stop taking hits, then stop waiting for them and then pretend that dodging is the only solution.
What needs to be done is basically a revolt against current governments and capitalism,
I’m doing my part on that, you are invited to also do yours. But also do realize that “a revolt against current governments and capitalism” is a class action, not something that we can do by ourselves like patching an OS to remove age verification is.
And big linux groups cannot remove age verification as easily as users can, as a big group is likely to be sued while an individual isn’t as much.
I have no idea what to think because this sounds reasonable, but so do the arguments that it’s a slippery slope and complying now makes it easier to surveil us all later. (Yes, I know this is the name of a fallacy. I’m curious as to when is it a fallacy and when is it not. I can absolutely imagine people saying “slippery slope fallacy” and being right, I can also imagine a different situation where people say “slippery slope fallacy” to something and it happens exactly as the people whose claim is being denied with “slippery slope” fallacy said.)
I guess that is why controversial issues are controversial, no easy and obvious resolution?
A slippery slope isn’t always a fallacy. Yes, that is a specific name of a fallacy, which people commonly point out, but it is also the form of a valid logical argument. If there is support that this will happen, it isn’t a fallacy.
I this case, a user-entered field is useless to “protect children” (being generous and assuming this is the actual reason for the laws). Children will just lie, as they have been doing for decades. The state will point to this as the law not fulfilling its stated goals, so they’ll need to verify age through other means. Even if the goal isn’t surveillance of people, this is still likely to be the result logically. This means the slippery slope argument is valid.
It could be a slippery slope. That’s why the point is not to just accept it and move on, but to comply while pushing back against it.
And complying right away, but with a bullshit field, is a good way to signal “we do not agree, and we’re going to always find a way to fight back”.
Taking a hit to avoid defeat, does not mean surrendering. It just means that you need to recognise when a battle is lost. In a way, the other side of the slippery slope is the sunk cost fallacy, where you refuse to admit that something is a lost cause and you keep on pushing, making things worse.
It’s a matter of balance and reason, which people nowadays reaaaally struggle with.
They’re not handing over private crypto keys here. It’s a database entry that the person installing the system can put whatever they like in.
and it happens exactly as the people whose claim is being denied with “slippery slope” fallacy said
But this is the crux of the fallacy. What evidence is anyone providing that there is indeed an insidious chain of events we are enabling by adding the birthdate field? Are there examples of cases similar to this in history?
EDIT: I can tell people are getting emotional about this because I’m being down voted for just asking a question that elaborates the point someone is making.
Thank you for replying without attacking me (as I’ve seen other people do to each other on this topic). I upvoted you.
@Solumbran@lemmy.world @pglpm@lemmy.ca @linux@programming.dev
The Brazilian flavor of age checking explicitly prohibits self-declaring (“vedada a autodeclaração”). Estimation of age via selfie or behavioral analysis, as well as the need for government-issued IDs, perhaps validation via credit card microtransactions, are some of the accepted age verification mechanisms for Lei 15211 (“ECA Digital” or, more informally known as “Lei Felca” due to the involvement of a YouTuber sub-celebrity on getting this thing to Brazilian lawmakers). Doing age bracketing via self-declared mechanisms, such as birthdate input or the usual consent button, risks fines and other provisions.
KYC (“Know Your Customer”) is, deep down, what these laws are going to be about, ID checks as sine qua non part of purposefully vague-worded laws with broad and outreaching enforcement, so tech organizations and companies worldwide, especially the smaller ones, will eventually find themselves in a situation where they are legally compelled to implement everything that’s being pushed as part of these dystopian laws. After all, it’s far from being just a Brazilian or a Californian thing.
Currently, yes, we’re seeing this law-concept restricted to a handful of places such as some USian states, as well as countries such as UK, Australia, Canada, now Brazil… Zoom out, however, and you’ll realize how this thing is gradually spreading worldwide because this is the only way for age verification to get effectively enforced.
You read it correctly, those laws are very likely getting to more and more countries, eventually turning KYC into part of international, industrial standards. Nothing too hard for big corps to do on their own, such as Google and Microsoft, even Canonical and Red Hat which are large companies, but small companies will end up being pushed into relying on non-free third-party KYC services in order to comply with age verification.
Such situation would end up benefiting the big players, with KYC services such as Persona becoming the new ubiquitous Cloudflare when it comes to this digital landscape. KYC gates, in this sense, would become the new CAPTCHA, Biometrics-as-a-service would become the new normal, true FOSS projects would become unlawful a priori while large corporations would thrive with another data point for tracking and advertising, and as the tolerance bar gets lowered, people will end up used to it, because any attempt to be against it will lead, at best, to social ostracization…
I don’t know, maybe I’m being overly pessimistic about it, but I can’t help but notice how dystopian things, some of which were long foretold and were warned about, are slowly taking away our privacy and freedom…
I don’t disagree with anything here.
But my point wasn’t “there’s nothing to worry about”, it was “an age field is the minimum they can do, and blaming them for it is pointless”.
My point is that this law is already there, and the fight needs to be brought where it matters, and the code of linux systems is not what is going to change politics. When someone is held at gunpoint, you don’t yell at them to fight back and curse them when they don’t, but you attack the attacker.
The law is completely not here, it affects very few people in the world, so they can bugger off with this nonsense change
“We’ve determined you’re using an illegal OS. You’re under arrest!”
People get arrested for ones and zeros all the time.
Or you know, just getting a lot of accesses blocked, your ISP blocking you, etc.
No matter how you put it, it’s more risk than inputting a bullshit field at install.
My ISP doesn’t know which os I’m using, I behind two NATs and a proxy…
Good for you.
Now what about others that are not in your situation? What if this gets flagged as a suspicious behavior? What if your ISP blocks access to devices that are not allowed by a third party (government or company)?
You can always make a slippery slope. The difference is that complying for now brings nothing bad, not complying brings more focus and puts a target on linux and its users.
Everyone is behind at least one NAT, the wifi router.
No wifi here.
I prefer my health.
And not to have security vulnerability to echo location 3D picture of everything in my house.
Lol
Generally provided by the ISP, no?
Gentoo/Artix
Never comply with advance. Nazi wants that. Make them fight for it. Let them sue, and get community funding for the case, and then delay the court case again and again, and maybe comply when they lose.
If you comply with advance, you are actively helping them, along with creating fear.
the law wouldn’t hold up in court anyway. its not practical for any ecosystem outside online sites.
accounts and users are the same thing, despite what the law says. it also doesn’t different a person from a user, meaning a compromised system that is complying with the law, its actions represent the user, and the account holder is held responsible.
its made to absolve meta/Microsoft/google from their actions in targeting kids with intentionally addictive content and making the “account holder” at fault.
Imo, the move would be if all linux distros were to let the date come and go and just geo block all requests from countries and zip codes that do this. Users breaking the law would not be the problem of the organization making the OS. If they’re not “offering” the OS in those zip codes, refuse all service, patches, updates, everything, they would not be legally responsible.
Getting desktop Linux banned from somewhere like California instead of doing something that is effectively harmless is only helping Google, Apple, and Microsoft.
I think you’ve severely underestimated just how critical Linux is to the tech industry, and just how hard it would be for companies to move off of it.
If companies were afraid they’d have to face that kind of work, they would push back on our behalf.
Or they would make their own forks, we’d end up with a painful unmaintainable mess, and then they’d push back on our behalf.
You manage upwards against people unwilling to listen or comprehend by forcing them to experience the pain of their own poor decisions that they were already warned of. You don’t accomplish anything by proactively capitulating to bad requests.
Uh, “no u”.
Putting the birthdate into linux is only helping Google, Apple and Microsoft.
…you can’t just say and claim that. At least give me some argument why would that be helping those companies.
it’s not helping, they’re actually being set up to take the fall so to speak by Meta https://www.yahoo.com/news/articles/reddit-user-uncovers-behind-meta-154717384.html
Meta is lobbying for all this crap and forcing it on everyone else (including Linux) with the only exception being…Meta. Google, Apple, etc will be in the same boat as Linux with Meta leveraging itself as the potential only “safe harbor”.
It’s very obvious this age verification bullshit is just an entry point to degrade even more of our privacy and rights. How many times is this kind of shit gonna keep happening and people will still fall for it?
Was this also true with the real name field?
If you really don’t see this as a problem with governments instituting this you are exactly who I am talking about. Keep drinking the koolaid bud
Governments should not be requiring this of operating systems; it’s absurd on many levels.
But actually implementing it is still pretty innocuous.
need a “/s” on that last line?
Maybe just a clarification. Implementing optional fields is innocuous. Implementing requirements is not.
I thought that the law hasn’t even passed yet? Why are distros so eager to show legislators that they’re on board for being regulated?
The only one apparently eager to implement this is the dylanmtaylor Github user, who has created PR’s for systemd, archinstall, and Ubuntu. Maybe more.
My Linux based IOT devices will now need age verification for default accounts…? And now any devices will expect to have non-shareable specific accounts…? So to open my fridge and use its apps I need to verify as me…? I’m me?
I thought it was an optional field, like the name field
In systemd it would be optional. This post is about the OS making it a requirement to ask the user birthdate and using said optional field to store it.
It might be for now or in the current implementation but the implication that this information, should it exist, can then be validated and enforced on a service or application level with this value or expansion to more formal forms of identity and age verification is where we are forced to meet dystopia and exchange pleasantries while the guardians watch over our sanctioned play dates.
