I don't see why a volunteer who lives in, say, Germany has to give a single shit about the law in California or Brazil. It's up to those regions to block MidnightBSD if they're that fucking stupid.
this post was submitted on 10 Mar 2026
424 points (99.3% liked)
Technology
82549 readers
3779 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
With all these internationally spanning laws lately maybe it's time we also had some kind of framework for dispute resolution - mostly something like nations staying behind their citizens in stuff like this, telling the other coubtry tp pound sand / do it themselves.
ive been waiting to read headlines of this sort. cheers.
California L. Outsourcing child care to random people who are not even US citizens. Thats like forcing knife manufacturers to make the knives child-safe.
On a sidenote, while looking up the history of actual legal cases involving children in California, I stumbled upon a story of Joseph Hall, son of abusive, alcoholic, insignia wearing, salute throwing, nazi activist piece of shit Jeffrey Hall, whom, at age 10, he shot in his sleep after being given a gun by him, and for which he was put into juvenile detention centers for 12 years until he turned 23, instead of... idk... being declared a national hero and given a compensation for the society failing upon him.
You can't spell "based" without BSD.
Also, that's pretty much the main reason why FOSS OS are better than proprietary ones. They'll just say "okay, I guess we'll just stick to free countries" (while subtly gesturing at the nearest VPN).
Meanwhile, Windows and MacOS are going to fold like origami.
OpenBSD did this because of cryptography laws and surprise surprise software written for it is now one of the vertebrae of our modern network stack
exasperated sigh I don't want to get too deep in it with people again. Here is a link to the California law and some clarifications. (I cannot speak for the Brazilian law as I am not from Brazil)
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
- The law does not require ID verifications it only required that a parent indicate the age of their child when setting up their account.
- The law's definition for operating system provider includes "general purpose computing device" so no, your toaster, microwave, and fridge are not included. (please remember that legal definitions do not always match how we would use the term in everyday conversation)
- An "accessible interface" is not well defined here. But it could be as simple as a system call rather than a REST API call. Similar to open file or malloc. (this means no centralized government server storing the data)
I have said this in other posts, but the linux community sticking their heads in the sand and pretending these states don't exist just leave MS, Google, and Apple to decide how this is implemented. I am glad some distro maintainers are taking this seriously and looking at what is the minimum they would need to implement to comply with the law.
To be clear I do not support this law. The definitions are written so loosely that it leaves much of it up to interpretation. It is clear that they did not meet with anyone in the industry before voting.
The law’s definition for operating system provider includes “general purpose computing device” so no, your toaster, microwave, and fridge are not included. (please remember that legal definitions do not always match how we would use the term in everyday conversation)
That does mean (by legal definitions in California) your toaster, microwave and fridge.
And really the choice of "pulling" support from areas with issue laws is the way, this law is not enforceable as written and is likely the easiest way for any OS to avoid legal issues. Just putting in a line that the OS is not supported in the state will not stop the OS being used but will stop legal issues from said state.
People put doom on microwaves, I'd call that general purpose computing.
After reading that.. it only pertains to commercially licensed?
Well its stupid broad, but I don't think they can even pretend to do things to non commercial products (as in not a product). I think this will just end up like the cancer warnings, companies will just put the label on everything.
load more comments
(4 replies)
Didn't hear anything about it in Brazil. It's being done under the radar. Can't even find articles about it.
Same here, didn't hear a thing about this, I was actually kinda confused when I opened the article.
That's absolutely brilliant. Don't let the rest of the world suffer for some people's government's stupidity. If the users in those regions disagree with their government, they can figure out other ways to get it and use it.
That may be the best way to deal with the potential legal liabilities introduced by this unmitigated abject idiocy.
Good thing everybody can still torrent whatever they want from where ever they want. Or use IPFS. Or IRC DCC. Or Usenet. Or just a VPN.
Australian legislation specifically notes that all sites must age challenge users connecting via a VPN
Well, good for them. I'm not Australian, get to vote for Australian lawmakers or host websites in Australia.
Is Australia going to pay every single website admin for the burden of implementing this wonderful magical logic to detect a given source IP(v4) belongs to a VPN provider? What about IPv6?
If I host a simple static website on a static webhost in Denmark say, and provide some otherwise perfectly legal OS ISO's for download, how would I implement any logic at all? Why the fuck should I be subject to Australian laws?
The cookie acceptance of the GPDR was already bad enough and ruined so much of the Internet with no appreciative improvement of the privacy of visitors. If every Tom, Dick and Harry are going to place spurious demands on every website, it'll do nothing except raise enormous barriers to entry and ensure that only huge players with the capacity to comply with demands from legislators all over the world will even be able to "legally" run websites at all. And then we can't have an Internet or FOSS for that matter.
Maybe legislators should stop writing half-baked laws the consequences of which they apparently cannot comprehend.
It applies to websites not hosted in Australia, that may have Australians visiting the site via VPN
Enforcement is going to be interesting to watch
There are already services that catalogue VPN sources for webmasters to implement block lists
That's why a said static webhost, i.e. paying for the ability to serve files, not run scripts or manage the webserver configuration. Sure, the hosting provider could be made responsible for the implementation, but now they have been encumbered with the burden and liability of policing which hosted sites needs this bullshit enabled and which are just a blog about making strawberry preserves or something.
Point is, it's complete and utter twattery of the highest order. Never mind enforcement, I don't even see how it would be reliably or consistently implemented.
And all that is in any case absolutely futile, because there's still the matter of people being perfectly able of obtaining those self-same ISO's from any number of other sources that are even more difficult to police, like the ones I originally mentioned, and about a thousand more where they came from.
load more comments
(1 replies)
Speaking as a brazilian resident, the law will not be enforced. No such laws are ever enforced here. Everybody openly pirates everything, people sell retro gaming systems preloaded with thousands of ROMs openly online and in physical shops, and the government doesn't even have 1% of the surveillance infrastructure needed to make enforcement attractive. The law is just electoral posturing and lip service to please evangelical idiots... but I repeat myself.
Remember what the maintainer of The Pirate Bay once said?
Never be too certain something won't be enforced, as the power of capitalists are far worse than the public can imagine.
Maybe I'm too pessimistic, but this may just be the start. Big corps may find their way to control every aspect, step by step.
You're right to give that warning, but Brazil isn't a surveillance state like China or the USA. Our demons are different.
Of course, that could change in the future so a law like this shouldn't stand regardless.
This is different from pirating. The government will be going after the developers like they did Kim Dotcom.
Not the Brazilian government, is what I'm saying. At most they'll tell ISPs to block a few websites, and they won't comply without a judicial order. Our Supreme Court, STF, is actually sane unlike our legislators, so no such order will be given.
Speaking as a brazilian resident, the law will not be enforced. No such laws are ever enforced here. Everybody openly pirates everything, people sell retro gaming systems preloaded with thousands of ROMs openly online and in physical shops, and the government doesn’t even have 1% of the surveillance infrastructure needed to make enforcement attractive. The law is just electoral posturing and lip service to please evangelical idiots… but I repeat myself.
The law will most likely be enforced where it matters: smartphones from companies that "manufacture" them in Brazil (which is like 90% of market share of smartphones in Brazil).
So both Android and iOS will most likely start requiring some official ID to be provided or facial recognition to setup the device and/or to access both Play Store or App Store, which yeah, seems a bit concerning.
Also, if you read the law: https://www.planalto.gov.br/ccivil_03/_ato2023-2026/2025/lei/L15211.htm, or in this PDF in English: https://www.gov.br/mdh/pt-br/assuntos/noticias/2025/novembro/brasil-apresenta-avancos-em-seguranca-digital-da-infancia-e-lanca-eca-digital-em-ingles-durante-cupula-social-do-g20-na-africa-do-sul/eca-digital-ing-v2.pdf?ref=itsfoss.com, you can see the only thing an operating system (that does not come with under 18 age improper content, like pornographic content, in it's installation media) really needs to implement is a self-declaration of being "age appropriate" to use the system, otherwise deny the installation of the OS.
Art. 12. Os provedores de lojas de aplicações de internet e de sistemas operacionais de terminais deverão:
I – tomar medidas proporcionais, auditáveis e tecnicamente seguras para aferir a idade ou a faixa etária dos usuários, observados os princípios previstos no art. 6º da Lei nº 13.709, de 14 de agosto de 2018 (Lei Geral de Proteção de Dados Pessoais);
II – permitir que os pais ou responsáveis legais configurem mecanismos de supervisão parental voluntários e supervisionem, de forma ativa, o acesso de crianças e de adolescentes a aplicativos e conteúdos; e
III – possibilitar, por meio de Interface de Programação de Aplicações (Application Programming Interface – API) segura e pautada pela proteção da privacidade desde o padrão, o fornecimento de sinal de idade aos provedores de aplicações de internet, exclusivamente para o cumprimento das finalidades desta Lei e com salvaguardas técnicas adequadas.
§ 1º O fornecimento de sinal de idade por meio de APIs deverá observar o princípio da minimização de dados, vedado qualquer compartilhamento contínuo, automatizado e irrestrito de dados pessoais de crianças e de adolescentes.
§ 2º A autorização para download de aplicativos por crianças e adolescentes dependerá de consentimento livre e informado dos pais ou responsáveis legais, prestado nos termos da legislação vigente, respeitada a autonomia progressiva, vedada a presunção de autorização na hipótese de ausência de manifestação dos pais ou responsáveis legais.
§ 3º Ato do Poder Executivo regulamentará os requisitos mínimos de transparência, de segurança e de interoperabilidade para os mecanismos de aferição de idade e de supervisão parental adotados pelos sistemas operacionais e pelas lojas de aplicativos.
The part where the operating system must implement age verification is here:
Art. 12. Os provedores de lojas de aplicações de internet e de sistemas operacionais de terminais deverão:
I – tomar medidas proporcionais, auditáveis e tecnicamente seguras para aferir a idade ou a faixa etária dos usuários, observados os princípios previstos no art. 6º da Lei nº 13.709, de 14 de agosto de 2018 (Lei Geral de Proteção de Dados Pessoais);
Which has been officially translated in the PDF to :
Art. 12. Providers of internet application stores and terminal operating systems shall:
I – take proportional, auditable, and technically secure measures to ascertain the age or age range of users, subject to the principles provided for in Art. 6 of Law No. 13,709, of August 14, 2018 (Brazilian Data Protection Law);
The II there, that states:
II – allow parents or legal guardians to configure voluntary parental supervision mechanisms and to actively supervise the access of children and adolescents to applications and content; and
Is totally optional, there's no way any judge in Brazil could enforce that as mandatory to be implemented in all OSes and punish any OS that denies installation for under 18 age citizens of Brazil and does not provide such parental supervision mechanisms.
Now, for any digital media or computer application that either contains or provides direct access to age restricted content from the internet I suppose article 9 applies:
Art. 9º Os fornecedores de produtos ou serviços de tecnologia da informação que disponibilizarem conteúdo, produto ou serviço cuja oferta ou acesso seja impróprio, inadequado ou proibido para menores de 18 (dezoito) anos de idade deverão adotar medidas eficazes para impedir o seu acesso por crianças e adolescentes no âmbito de seus serviços e produtos.
§ 1º Para dar efetividade ao disposto no caput, deverão ser adotados mecanismos confiáveis de verificação de idade a cada acesso do usuário ao conteúdo, produto ou serviço de que trata o caput deste artigo, vedada a autodeclaração.
§ 2º Para os fins desta Lei, consideram-se impróprios ou inadequados para crianças e adolescentes os produtos, serviços ou conteúdos de tecnologia da informação que contenham material pornográfico, ou quaisquer outros vedados pela legislação vigente.
§ 3º Os provedores de aplicações de internet que disponibilizarem conteúdo pornográfico deverão impedir a criação de contas ou de perfis por crianças e adolescentes no âmbito de seus serviços.
So, yeah, if you are providing an operating system that itself comes with any age restricted content as Brazilian law stipulates (such as pornographic content), I think self-reporting of age would be damned insufficient due to § 1º there:
Art. 9. Providers of information technology products or services that make available content, products, or services whose offer or access is improper, inadequate, or prohibited for persons under 18 (eighteen) years of age shall adopt effective measures to prevent their access by children and adolescents within the scope of their services and products.
§ 1. To effectuate the provision of the caput, reliable age verification mechanisms shall be adopted for each user access to the content, product, or service referred to in the caput of this article, with self-declaration being prohibited
If there's anything I'm missing here please point out.
Great analysis. But I've never heard of an OS that comes pre-loaded with porn, or with any media content other than the wallpapers and a few stock samples. Though I suppose there's nothing stopping anyone from creating Bukkake Linux and shipping it.
It's government trying to control people all over again.
Bolsonaro (Flávio) will probably make an argument saying that under him people will be free from control or something like that, but it's just bullshit. What we would get under him is brazilian ICE (Internal Customs Enforcement - isn't that funny).
It’s government trying to control people all over again.
... Are you going to argue the current state of affairs in Brazil where international multibillion-dollar companies directly earn money from child exploitation done in their "social networks" and don't want to collaborate with Brazil's judicial system most of the times, or argue they can't do anything, or that they can't be liable for the user generated content.... is all fine?
This law mainly intends to create judicial means to make those companies that control big social networks that are widely used in Brazil more responsible towards previous existing laws, by making them liable to implement mitigatory measures to restrict access of children (or any person under 18) to content forbidden by Brazilian law (deemed as inappropriate for such ages).
Also, I don´t know what the hell do you think, but like, Brazil is not the USA where the federal government does not have info on all citizens.
Here in Brazil virtually 100% of citizens already have official government IDs, where the person "biometry" is collected (fingerprints and user facial photo), which contains basically associates a person's very sensitive info (full name, local and date of birth, affiliation, photo, fingerprints) with a government unique ID (CPF). Brazilians are basically obliged to get such ID at birth. There are laws (LGPD) that force the federal government to be very careful whilst storing and handling such data, and give citizens rights to sue anyone, private companies or the government itself, if their data is mishandled or collected and used for different means of what the person allowed for such data to be used. Also, there already exists the "gov.br" app, which stores citizens facial 3D info for more than like, half of the population.
So, if anything, you are like, 30 years late into government "controlling" people in Brazil.
Bolsonaro (Flávio) will probably make an argument saying that under him people will be free from control or something like that, but it’s just bullshit. What we would get under him is brazilian ICE (Internal Customs Enforcement - isn’t that funny).
If that's your concern, be sure the government already possess all this data, but, unlike the USA, there are government workers here at multiple levels that would be a big barrier for such misuse of the data like Elon Musk did with DOGE, collecting data of the US citizens for personal use in a few weeks. First anyone to do that would have to get rid of "stability" of the public servants, so all public servants at such positions in Brazil could be replaced by people politically aligned to the government, and/or all public companies that handle sensitive data for the government, like DATASUS and SERPRO, would have to be privatized.
Controlling people in the way you mean goes all the way back to "Revolta das Vacinas" and the higienistas. That's not what I mean. What I mean is digital control over what people do. You think Brazil doesn't have the US technology to control what people do over the web, but look at all the Amazon and Oracle datacenters that keep appearing on Brazil.
It might not be direct technology transfer, but it is at least licensed to process brazilian info and, if with Bolsonaro, to help the government with direct knowledge against public interest.
CPF, fingerprint, photos,... that's all well knowledge of fingerprinting the citizen. But what about the digital fingerprint? That could be much larger: what you do, your psychological profile, and what you do on your free time.
Can you imagine; all those companies in contract with the government. Suddenly they have access to your profile and how you respond to everything. I'm not talking directly about the democratic government here, since it doesn't matter if it is Lula or Bolsonaro on this. But you have to keep in mind that the personal interest, by which I mean the interest of the peoples initiative, association and expression, is defended by the left, not the right.
You're in for a surprise if you think the government doesn't want absolute control. In an age where people use their phones, are constantly online. Maybe you will find out there people who "just want to get in peace to their homes", or "just want to be left alone", or that the basic for life is "being able to walk carelessly on the streets". It's the complete reversal of what is human and what we need to be human: connection, food, water, development.
People need education and knowledge, but more than that, people need the right to build, the right to tinker, the right to find out who they are, the right to find out what's best for everyone in society and for their own groups, the right to participate democratically.
None of which are guaranteed in Brazil right now, and certainly won't be with Bolsonaro. Don't be surprised if Bolsonaro talks trash of the Fediverse or of what the radical left thinks is freedom of expression and association.
The problem is, of course, if those evangelical idiots end up in power again they now have the power to wield it. (or to at least try)
load more comments
(9 replies)
Good. I'm glad they're standing up to this insanity.
It's ironic though because it's a California based OS.
By the way, anyone tried gaming on BSD?
Gaming on BSD isn't as bad as you'd expect. There are Linux compatibility tools that let you run proton/wine on FreeBSD
Random shit breaks sometimes but once you get past the steep learning curve you can play a lot of titles
load more comments
(6 replies)
how this would actually be enforced; maybe the official website and download mirrors for MidnightBSD will be out of reach for people in those regions. Of course, a tech-savvy crowd who uses MidnightBSD will know how to bypass such an embargo. It makes you wonder how effective such age verification laws are. Oh wait, some of these so-called public servants are also pushing for VPNs to be banned.
As it stands these laws are unenforcable, and plenty of businesses would be impacted. First, think of the meaning of ' internet connected device, with an operating system '; such vague definition. Is a modern fridge, sensor or monitoring system supposed to verify the age of any user that comes in touch with these? Impractical. Second, any commercial activity has computers running everything. These computers are not registered for any single user, but for the activity as a whole. The emplyees may insert a code when they operate the computer (emplyee - Id within the business) but that's it. Office complexes would be decimated by this stupid setup. And there comes the VPN ban. Again, plenty of businesses rely on vpn and private networks. Once again, this is quite possibly unenforceable without ruining the backbone of the infrastructure we collectively use. People writing laws like thes are quite possibly unable to understand how it runs. The lack of technical knowledge is staggering.
Also what about SERVERS ? What are we supposed to do?
They will either give special permissions to relevant businesses (maybe an expensive Super Premium Golden Access), or use selective enforcement to only go after people/businesses that don't comply to their overall authoritarianism and pose too much of a risk to the status quo.
They don't care about the details they just want control.
This is a feature and not a bug. The biggest distro maintainers will try to comply and the smallest ones will start banning usage or even closing up shop.
Im just glad BSD is getting press.
view more: next ›