this post was submitted on 18 Mar 2026
545 points (97.1% liked)
Linux
64546 readers
175 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 6 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You mean like email address, real name, location? Because those fields exist already. I'm not aware that they have ever caused any issues, even though real name and location should be more critical in a doxxing or surveillance context than "just" the date of birth.
I assure you, I don't have my email, real name or location stored in my userdb. Nobody makes me enter them. Nobody cares. Nobody would verify if I did. What's stopping me from entering 1970-01-01 as my DoB, if I enter anything at all?
If I'm the one storing, transmitting, querying and processing PII, I'm responsible for it. If my distro were to require email verification, proof of identity for the real name, records of my place of residence or employment to ensure the location is accurate, that would be an issue, and that would make the vendor liable for handling that data.
That is what the GDPR and related laws are actually concerned with, not the exact format or place they're stored. Otherwise, you'd have to ban me from creating text files: I might store someone's phone numbers in there.
I've been using Linux for many years and not even once I've seen those info being requested by the operating system.
There's a huge difference between YOU putting your info by your own accord wherever you want (look at what people do on Facebook) and an operating system requesting those.
In case you didn't notice, this whole ordeal is pushed by Meta to avoid being accountable for the shit they do on their platforms, they're trying to shift the responsibility to operating systems of all things, and that's not acceptable.
Is it though? As best as I could tell, this PR is literally just adding the field next to the others, not requesting shit.
Absolutely. I just disagree that this particular addition (particularly considering all the fuss about making sure it doesn't show up in logs and dumps and what not) is a problem. I don't think this is the hill that battle should be fought on. Adding or not adding it to systemd doesn't make the OS / distro built on top of it any less responsible for their handling of that data.
It does provide a standard and (somewhat) central place to implement the security aspects of it though.
That would be the case if everyone used systemd, but it's not, sysvinit distros still exist and they're not going away in the foreseeable future.
I could agree with this if the reason for this PR wasn't age verification, that's indeed a battle that needs to be fought, on every piece of the puzzle.
That's nice. Doesn't change the fact that it needs to be stored somewhere, if the maintainers end up facing legal pressure to implement it. Opposing one (optional) way to store it won't fix the issue, it'll just result in the same splintering of competing standards we see everywhere else, with the attendant difficulties in ensuring security and quality across the board. In other things, that might matter less, but if we're pissed about having to hand over PII to one instance, I'd be even more wary of it being stolen.
You'd be cutting off one leaf of a tree.
Are you going to oppose every other system that allows storing data too, because it might be used to store data for age verification?
No, it's a battle that needs to be fought at the focal points: lawmakers, law enforcement, developers implementing the verification tools, companies using them.
Spending time and energy waging a culture war over the most insignificant, replaceable, trivial part of it will achieve nothing. It sacrifices all nuance and bulldozes all discussion of other merits (or issues) systemd might have.
There are legitimate, reasonable complaints to have with systemd. "We added a data field, which we're trying to make sure doesn't end up in the wrong hands" isn't one.
Fuck these laws, and fuck the fascists using kids as pretense for surveillance.
Sure, but trying to apply it to the entire world when only a few countries are currently impacted is fishy at best.
And no, we don't know yet what the entire world will do about it, even if Meta is trying to lobby everyone, there's also a push for making opensource exempt from it, in that case those applying the PR have worked for nothing.
It depends, if the purpose is age verification then yes I will oppose it.
I didn't have any so far, for the very simple reason that I don't have the technical knowledge to judge by myself. This PR tho doesn't require any tech knowledge to understand what's going on.
The road to hell is paved with good intentions, even tho by reading the PR thread I'm not sure the intentions behind the push are actually good as you seem to believe.
That's something I fully agree with.
Let's hope it succeeds. Actually, let's hope the law is overturned entirely. And while we're at it, let's hope Meta fails, crashes, burns and takes all its bullshit down with it, but that's only tangentially related.
Then I'll not tell you what I intend to use that encrypted hash I'm writing to my app's data storage for.
Any data storage can be abused. This one is transparent about its content, but I don't see anything implying that you have to enter anything, let alone have to enter your actual birthdate. It can be used for parental controls, it can be used for age restrictions, but if I implement age verification, where I store that data on your machine is the least of your worries.
Where I store your ID on my machine, on the other hand, should be more concerning, and even more so the fact that I need your ID at all.
We can argue whether this is necessary, whether it can serve reasonable use cases (such as voluntary parental controls), but at the end of the day, it's such a small and exchangeable part of the system that it's not worth the shit people give systemd over it.
I think controlled, transparent storage is better than intransparent, and any storage is only as evil as the things using it. Target those things instead.
Yes, anything can be abused nowadays, but you can't cut yourself off technology, unless you want to live as a hermit, I'm pretty sure none of us wants that.
And no, I've never given my ID to anyone that's not my government, and I won't, if they classify me as a teen because of it, so be it.
Yes, what systemd is currently doing is pretty innocent compared to other things, I believe that's on purpose so people can easily accept it and they can do worse later. Corporations are behind this, don't forget that.
That point, I disagree on, because systemd (not) implementing this doesn't actually make it easier (or harder). Distros that want to comply would just write a file for it somewhere instead. Distros that don't comply will just not implement any verification process.
What systemd does here is offer a solution to secure it centrally (see the commit discussion about the most efficient and reasonable way to wipe that info from memory again). Considering the whole issue, I think its impact on feasibility of verification is minor, while the advantages of standardisation make it preferable to a wild growth of uncontrolled alternatives.
Another user pointed out the concept of anticipatory obedience to me, and in that context, corporations pre-emptively bowing to authoritarian surveillance is definitely a cowardly move. We agree on that.
Here's to hoping this entire discussion becomes just as pointless as you expect the PR to become. If that's what I end up being wrong about, I'll gladly take the L for cynicism and the W for privacy.
It doesn't as long as other init systems exist and people can luckily choose, hopefully that will always be the case.
Agree on that, I think that's the hope for everyone here.
Of course, which is why I said it was "somewhat" central earlier in the thread: it's not universal, even if systemd is widely used.
Other init systems generally also have ways to store data (not specifically dates, just in general), and some overarching standard for securely accessing them would be useful for intercompatibility, but that's a mess as it stands anyway.
Also agreed. Just because I personally come down on the systemd side of the debate doesn't mean everyone should have to use it. Standards are nice, but there always should be alternatives, in case a standard gets captured by twats (which kinda is the debate we're having: whether systemd has started bowing to fascists significantly enough to warrant migrating away).