this post was submitted on 18 Mar 2026
306 points (98.1% liked)

Linux

63844 readers
2310 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago
MODERATORS
AgreeableLandscape@lemmy.ml
nooter692@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz
306
Systemd preparing to comply with age verification laws (github.com)
submitted 13 hours ago* (last edited 11 hours ago) by skyline2@lemmy.dbzer0.com to c/linux@lemmy.ml
140 comments fedilink hide all child comments
 

Fork time? Maybe all the anti-systemd zealots were right all along...

Edit: To address whether it is likely that this change will affect users: Gnome is planning a stronger dependence on userdb, the part of systemd where this change is being implemented. https://blogs.gnome.org/adrianvovk/2025/06/10/gnome-systemd-dependencies/

you are viewing a single comment's thread
view the rest of the comments
[–] ominouslemon@sh.itjust.works 7 points 9 hours ago (1 children)

I believe this only stores that information. It's not a system of declaring an age

[–] dsilverz@calckey.world 1 points 8 hours ago

@ominouslemon@sh.itjust.works @linux@lemmy.ml

The git PR specifically mentions a birthDate, a data struct that feels like it could easily be tampered with (therefore, far from "confiável" (trustworthy) as explicitly required by "deverão ser adotados mecanismos confiáveis de verificação de idade" ("trustworthy age checking mechanisms must be adopted")).

Thinking of age checking as some kind of OAuth flow, one would ideally store the authz token from whatever age checking provider validated the user's age, instead of some plain data which, depending on the provider, wouldn't even be handed to the application.

I can sort of imagine the following, hypothetical flow:

  1. Human tries to access the system for the first time
  2. System asks for human consent to proceed with age checking
  3. Human (is compelled to) accept going through age checking shenanigans
  4. System redirects human to 3rd-party age checking provider interface (e.g. Persona).
  5. Provider proceeds with whatever means necessary for the human to upload ID and/or selfie, who does whatever is required from them by the provider interface.
  6. In case of IDs, the provider talks with gov databases (e.g. Receita Federal do Brasil for CPF "Cadastro de Pessoa Física") in order to attest the validity of the ID. In case of selfie, provider communicates with a facial recognition model/algorithm/platform.
  7. Provider gets the information necessary for age-bracketing, appends it to their own DB with a signing hash, then returns the digest of said hash as a token to the system.
  8. System receives the authorization payload and confirms with the provider whether it's a valid token.
  9. Provider replies positively, perhaps with some kind of checksum, regarding validity of the token.
  10. System stores the token to hand it to whatever subsystem (for OSes, a software; for online platforms such as social media, a module/route) requesting age info.
  11. Subsystem allows or denies human access.

Some age checking models (such as EU) seems to be doing a similar thing to what I hypothesized above: the EU Digital Wallet returns a token, instead of PII. A token that can be checked against the Digital Wallet API for validity (theoretically) without disclosing who the user is (in practice, it'd be another, pretty reliable piece of traceable data despite any "anonymity")

I'm not sure whether a similar thing will be implemented here in Brazil (we got an official gov app, gov.br, which can already be used for "social log-in" by 3rd-party platforms, but I don't know whether it's ready for age check provisioning).

As far as I know Brazil and Brazilians, it's highly likely we'd end up with dependencies on Microsoft or Google services because Brazilian gov can't help but handing its own sovereignty to US tech corps, which adds to the dystopia.

I must make something very clear: I'm far from agreeing with this dystopia, I deeply despise this whole "age check" thing going on worldwide; I'm just thinking as a DevOps would.