Linux Distros Respond to Age Verification..

So, it's shaping up to be not so clear of a future for Linux operating systems. As many are already aware by now, states like California and Colorado have been proposing and working on bills that have officially passed that will require age verification or at least identification for operating systems, including anything based on Linux. This has been causing a lot of confusion and distributions are starting to have to make some hard decisions. as after nearly a week of this news, we now have some serious discussion among the community and in distribution forums about these requirements. So today, we'll be checking out what the fallout looks like with players like Canonicle, Fedora, System 76, and more even in the BSD world. Let's get into this by checking out what Fedora is saying. So, in the water cooler talk, tech talk for California age verification on the Fedora discussion forum, a member posts, are you aware of this? And what they're talking about is California's Digital Age Assurance Act, which will be effective January 1st, 2027, a little under a year now, mandates that operating system providers and application developers implement age verification measures to protect miners online. This includes collecting age information during account setup and providing age bracket signals to developers when applications are downloaded. And that was the start of this discussion over seven days ago in which we received a response from a Fedora project leader Jeff here. Greetings from the Fedora project leader. I was not personally aware of this. I'll look into it because this is a legal matter. I'm going to refrain from speculating or opining about this until I sync with the project's nominal legal assistance concerning impact. And this is all in reference to a bill published a few months ago which requires by that January 1st date age verification with respect to software applications and operating system provider as defined to provide an accessible interface at account setup that requires an account holder as defined to indicate birth date age or both. And a lot of people have been up in the air about this one because it's hard for Linux distributions and operating systems because this law here assumes that there's a single integrated OS vendor that controls account setup, app installation, and standardizing an API that could even hold this age bracket signal. This assumption could fit things such as Windows, Mac OS where you have a cloud account, but it's very hard to implement in a Linux ecosystem. That's why a lot of people have been not only up in arms about this, especially because Linux doesn't require a centralized account setup. You can create a local user without any type of online identity. It doesn't require email or phone login and can be installed and used fully offline. But these types of acts, including the one that was also submitted in Colorado. Yes, Colorado is part of this whole problem at this point. Now, this actor bill here leans on the fact that collecting age during account setup, but that doesn't really apply again to Linux. And Colorado also has a similar bill going through called age assetation on computing devices. Again, they want you to provide an accessible interface at account setup that requires an account holder to indicate and the birth date or age of the user of that device to provide a signal regarding the user's age bracket age signal to applications available in the covered application store. And it talks about operating system providers again being responsible for all of this. Well, that's why it's been catching a lot of people offg guard. For example, here in the Fedora project in which of course people are getting frustrated with. In another response from the Fedora project leader, I'm not sure it requires telemetry. I'm not aware of similar legislation in Colorado. As we just saw, I really don't want to get over my skis and speculate too much, but I'm hopeful that the biggest impact for the entire ecosystem is to figure out a way that we have an OS local API that applications can choose to query and ask the operating system what age bracket the current user is and then the application is able to make UI and UX choices based on the operating system provided information. But even with thoughts like this, Fedora is uncertain of exactly how this is going to show up legally. At the end of the day, this might be as simple as extending how we currently map UID to usernames and group membership and having a new file in Etsy to keep up with the age. It might be as simple as that. And we extend the administrative CLI and GUI tools to populate that file as a part of account creation. That might be the simplest and it solves a problem for the full ecosystem of Linux O operating systems. Then applications just have to start by looking at this file. But this is only guesswork as what compliance might actually mean or look like from these bills is completely unclear as it seems like a lot of the people who actually created the build don't have an idea of actually how some of the Linux operating systems actually work and just how many different choices that we actually have in Linux to choose what operating system we want to use. How do you get all of the operating systems using one API? Do you have to put it in the kernel? How in the world do you reconcile all the different app stores that are available for us? What if you use things from the command line interface or a terminal? There is so much that hasn't been thought through. That's why distributions are frustrated with these bills and rightfully so as as people have started posting on Ubuntu's forums as well. From this archive post here, we do get an answer, but on the unfortunate need for an age verification API for legal compliance reasons in some US states, a user poses the question, Aaron, here on what Ubuntu plans on doing in order to appease California and Colorado trying to get an understanding of how canonical the creators or the vendor for the most popular Linux distribution, which is Ubuntu. Given that this is related to legal stuff, I should preface this by saying I'm not a lawyer. Recently, a new law passed in California that requires OS vendors to provide some limited information about a user's age via an API that application distribution websites and application stores can use. This person poses the problem of the new California law and how it could potentially be approached by Ubuntu. Linux distributions like Debbie and Ubuntu, Fedora, and others would need to implement some sort of a system in order to make sure not to block users in California or Colorado, which is not off the table for some operating systems. We're going to talk about how they already are calling for the blockage of both these states. But before we do, if you enjoy videos and breakdowns like this, make sure to subscribe below and smash that like button on the way back up. The proposed solution, at least by Aaron here, is to create a standard Linux API that creates a call to get a user's age bracket, which was supplied at setup. First, you would set your age, then you'd set your birth date, and then the operating system could be called to get the age bracket at any point. Some of the privacy proposals and protections that this outlines here is that we only return the age bracket, that we store the data in root only and not readable by applications by default, run the service as a system service, and let distributions decide where and how that data is stored. But it's still tricky as different Linux distributions use different system components. Possible places could be using something like accounts service to actually manage a user's account or XDG desktop portal or a completely new system service. But older distributions might not actually be able to update easily. This idea takes inspiration from the file manager debus interface which would look something like this. In Linux, debus is a system that lets programs talk to each other. For example, if a music player asks the system what is the volume set at, then the system would reply with a simple value. So this is where an API would come into play. The API would just define the way to ask a question and get an answer from the operating system. And a lot of Linux developers would actually prefer this approach if they went down this route as for example now Ubuntu, Debian, Fedora and Arch would have a standardized way of actually needing to support one interface as the operating system and get the age bracket and still having each distribution decide on how it actually stores and manages that age information internally. It just creates an API for calling for that information to be the same. That way applications can use it in the same way. This is all fine and dandy, but the real problem here is why in the world are they collecting age data? But we actually get a response from Canonicle and Ubuntu on exactly what issues this brings to us. And this is Ubuntu's response to the California's Digital Age Assurance Act. This is after that post that was brought up. And we're going to get into this, but let's talk a little bit about why these bills want age data. Well, the claim here and the primary motivation is claimed to be child safety. Lawmakers want to make these operating systems and app stores know whether a user is a minor so they can enforce certain protections. But these things can be easily bypassed. And not only that, by centralizing a user's profile, this means we can just collect more data and profile users in a more targeted way, which is absolutely wild, especially if we start getting it in Linux. as we'd see things like data collection for advertising and trying to get you hooked to certain pricing and features and then just the potential for expansion beyond aid. Critics are already questioning the bill and scope creep if the operating system level of identity becomes normal. What can future laws and other attributes be required? Are you going to need identification verification? Are you going to need citizenship status? Are they going to start mandating parental controls or even political content restrictions by age? These all are true risks that come with creep of laws like this. Also, privacy concerns as well. Do you trust that the API only returns a bracket or your birth date, age, and identification records if that has to be stored in the future? So, the core philosophy here is to protect children. But critics would say that this is just a way to create infrastructure for internet age control, identification requirements, and moving the internet towards regulated identity layers. This is not good. And we're already seeing distributions like Ubuntu here scrambling to figure out what they're going to do. So this is from the vice president of engineering over at Canonicle. So pretty high up. Over the past couple of days, there have been a lot of commentary about Ubuntu and how it'll respond to California's new digital assurance act. Mind you, Colorado is in the picture now as well, which will require operating systems to collect age information at account setup and expose an age signal to eligible applications from 2027. Canadle is aware of the legislation and is reviewing it internally with legal counsel, but there are currently no concrete plans on how or even whether this is pretty important here, Ubuntu will change in response. The recent mailing list post is an informal conversation among Ubuntu community members, not an announcement. So what we just read a moment ago, again, don't think that was an announcement or even a proposal. That was just community members trying to pose ways of adhering. Anyways, while the discussion contains potentially useful ideas, none have been adopted or committed to by Canonicle. When we have a clear plan, we will publish it through our usual channels. I think Canonicle is just buying time here. It makes a lot of sense. They don't want to make a rash decision, especially before seeing how the community actually responds to bills, which I think is a fine way of doing this. Give it some time. What kind of backlash are these bills going to see? Can we see legislation that changes these requirements? I think these are important questions for everyone to ask, especially if you're living in one of these two states. If you're in one of these two states, California or Colorado, it may actually be time to reach out to your legislators and or representatives to give your concerns and get a better understanding of why this is being done. So, in a completely different way, Midnight PSD posted on X that they're going to flat out exclude residents in California. until we have a better plan. We have modified our license to exclude residents of California from using Midnight BSD for desktop use effective January 1st, 2027. So, if you are in California and you and you're currently using Midnight BSD, you technically aren't going to be able to after the first of the year. In my mind, this is an acceptable response. The operating systems should get to make this choice if they don't want to do business somewhere they don't have to. This has sparked a lot of conversation and replies and is directly combating the California bill. I assume we're going to see something for Colorado as well here soon, but this is definitely another approach at least by operating systems. I haven't seen this quite yet in Linux, but I'm sure it's going to happen more and more as a similar discussion is now taking place in FreeBSD. And the question here is, will FreeBSD be available in California in 2027? and which of course led Midnight BSD to also start talking about this new California law for age verification checks with a decision still to be made. Will they go the route of free BSD or are they going to try to comply? But one thing's for sure, a lot of people are talking about this on Hacker News. We got plenty of people with one interesting post here. I envision system admins rebooting 10,000 servers. Each one asking to verify the operator's age. And even better, each time a web server forks off a process, okay, this is a hyperbole, but sometimes you need a hyperbole to point out its absurdity. But not to worry, very large companies somehow managed to get exemptions and carve outs from California laws that burden most of us. It's the golden rule. Whoever has the gold rule stares at the PG&E bill. Do you remember this disappointing billionaire tax? No idea of how this will affect much of Foss. For example, source code and binary repos being blocked. I haven't read the fine print. And this is one of the problems. There's a ton of guesses on who would be exempt or not or which app would require it and which would not. How many operating systems are under this umbrella? Our servers are databases, containers. What in the world are they talking about when they're talking about applications and operating systems as almost every single device runs an operating system at this point? It is absurd at the lack of clarity that we're getting. So much so, this is kind of a funny one. DB48X made a stand. This is actually an open- source project to build a modern version of the classic HP RPL calculator system. Who has had to make a stance against all of this? In a recent commit, commit CA83E25. They added a legal notice regarding California and Colorado bills. As a consequence of the recent legislative activity in these two states, California residents may no longer use the DB48X after January 1st, 2027, and Colorado residents may no longer use DB48X after January 1st, 2028. Congratulate your state for taking away your calculators at this point. Like I said, there are so many devices with operating systems on them. And there's no way to actually collect this type of information, even if you wanted to on systems like this. Embedded systems are going to suffer the most with unclear legislative law that falls on its face right out the gate. This is not a good approach to how we should allow for laws like this to get passed. It needs to be talked about and very transparent with the public if you want to even attempt to approach something like this, which again, I'm completely against. But nonetheless, we're living in a world where we have to contend with these types of things, where our calculators have to take a stance against legislative law. So, I'm sure the fallout will continue as we get more and more discussion going in our favorite distributions in this not so clear future for Linux operating systems. And another interesting one is the response from System 76's stance on bills requiring their operating system to provide age verification. For those of you unaware, System 76 is the team behind wonderful gaming distribution called Pop OS and they are actually in the state of Colorado. They produce hardware for Linux. They have an operating system for Linux and they just released their desktop for Linux. So they're very heavily Linux focused and now their state is trying to bring in age verification. Anyways, one of the lead developers at System 76 posts, "We at System 76 are talking internally about what this bill and a similar Colorado bill would mean for our business. Any provider of an operating system that may be used in these states would have to do the same. This includes Canonical, Elementary OS, Purism, Red Hat, Susan, many more. Community develop operating systems offered for free may even be required to comply or face fines likely directed at whomever provides the operating systems in these states. If the operating system is developed in internationally, but there is any business relationship with anyone in these states, including support pre-installed hardware or otherwise, it is likely to make someone liable. The fines for non-compliance are plainly stated in the bill and are extreme. What it boils down to is that system 76 is going to have to abide by the rules here. And from the dev, I personally hate this bill and the idiot lawmakers who have pushed it. However, it has passed unanimously minus three votes not recorded in the California Assembly, which has 60 Democratic and 20 Republican members, and it is expected to pass in even more states. And in having to comply with this, I think the scariest and saddest things about these bills are the scope they have and the lack of technological understanding demonstrated and how much liability is shifted on the operating system providers, including those of free and open source operating systems. I am also seriously dismayed by the nonchalant attitude of naive commentators who believe open source is somehow off the hook just because it would be better for us all to be off the hook. I would also clarify that the bill does not in any way require unique identification of users. Who's to say they won't do that in the future in order to comply with the requirements. There are many options for operating systems to implement the requirements without having to change experience, privacy and security of the vast majority of users. But I believe the other issue is once we open this can of worms, what else is going to come of this? Signed, my deepest and dearest disdain to Gavin Newsome and the California State Assembly. And now we have something also in Colorado where System 76 is based out of. Definitely a sad day for operating system vendors. I want to hear about what you think in the comment section below. Does any of this make sense? Please feel free to post some updates on other distributions that have been making their own decisions. This is not just stopping at a US level. Brazil is already making and passing a bill of their own for age verification as well. So, how do you even know if countries will require similar rules together? Imagine one operating system having to do hundreds of different ways because there's hundreds of countries all wanting different types of information collected. This just seems like a horrible path to go down. Anyways, that's about it. I'll catch you in another video. Thanks for watching. Linux can be hard to understand, but I take the most commonly used terms, commands, and subjects in Linux, and I break them down into simple to read documents, including Linux terms, flashcards, a checklist, a cheat sheet, and a mindm. And if you're ready to level up your Linux experience and knowledge, go to savvy.com now and get access to these sheets.

NEW Bill & Law that could change Linux as we know it. California and Colorado are pushing for age verification in operating systems including in Linux based ones. How are Linux distros responding to all of this? Let's check out the latest.. My Linux Bundle is here: 📚 https://savvynik.com Share this free tool and support Small YouTubers https://editbulk.com (I made this tool to help creators) Useful Commands/Links: Discord: https://discord.gg/P9QC2km https://youtu.be/19Y3ODtM9-Y https://discussion.fedoraproject.org/t/california-age-verification/181968?replies_to_post_number=7 BILLS: https://leg.colorado.gov/bills/SB26-051 https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB1043 #linux #pc #tech