Add a required birth date prompt (YYYY-MM-DD) to the user creation flow, stored as a systemd userdb JSON drop-in at /etc/userdb/<user>.user on the target system.
Motivation
Recent age verification laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc. require platforms to verify user age. Collecting birth date at install time ensures Arch Linux is compliant with these regulations.
This is just a pull request, no changes yet.
The pull-request discussion thread has been locked, just like it happened for the similar thread in Systemd, owing to the amount of negative comments…
Getting desktop Linux banned from somewhere like California instead of doing something that is effectively harmless is only helping Google, Apple, and Microsoft.
I think you’ve severely underestimated just how critical Linux is to the tech industry, and just how hard it would be for companies to move off of it.
If companies were afraid they’d have to face that kind of work, they would push back on our behalf.
Or they would make their own forks, we’d end up with a painful unmaintainable mess, and then they’d push back on our behalf.
You manage upwards against people unwilling to listen or comprehend by forcing them to experience the pain of their own poor decisions that they were already warned of. You don’t accomplish anything by proactively capitulating to bad requests.
Uh, “no u”.
Putting the birthdate into linux is only helping Google, Apple and Microsoft.
…you can’t just say and claim that. At least give me some argument why would that be helping those companies.
it’s not helping, they’re actually being set up to take the fall so to speak by Meta https://www.yahoo.com/news/articles/reddit-user-uncovers-behind-meta-154717384.html
Meta is lobbying for all this crap and forcing it on everyone else (including Linux) with the only exception being…Meta. Google, Apple, etc will be in the same boat as Linux with Meta leveraging itself as the potential only “safe harbor”.
On one hand. It’s the same as the standards we already have to store email adresses and phone numbers for Posix users it’s harmless. And honestly, it’s also useful for application developers that want to implement parental controls (and despite what the tinfoil hat gallery is saying this is important). It would stop being harmless if it was tied to real IDs, but currently that would be strawman argument.
On another hand, if you prevent Linux adoption in a large demographic, you remove a threat to big tech’s dominance.
(Thanks for actually engaging with the discussion).
Ok, sort of, maybe but this move is the move of big tech dominance. By caving to it, “linux” is positioning itself into a position of compliance with them, not opposition. What complying does is also removing the option to really oppose and evade big tech’s dominance.
We’re simply entering the era where installing an illegal operating system becomes a thing that is possible, because previously nobody cared to make an operating system illegal. And I would to have many distros to choose from that don’t comply with this, but I will pick the wacky silly outlier if I hate to. At least I like to think of myself as doing that.
I agree with your worries about the second point. Mandating thing like this by law is bad. But having a standard on its own is not. Ideally this should have come from an industry standard and not a legal one, but inaction is part of what got us into this mess.
I agree with this. Here’s where it gets weird. All these bills stem from meta lobbying. Why do they regulation in this specific thing when they’re totally capable of forming a standard committee or something with Microsoft and Google?
because it’s all part of a larger project to collect usable data. you can’t force standards, but you can force laws.
if you build a standard and no one follows it. then it’s wasted time and money. Meta, Google and Microsoft all have a vested interest in user data. more so with law enforcement buying it in bulk to build identity profiles of /individuals/.
if tomorrow they got added to the law to store and transmit a string of your government ID, would you be more resistant?
the issue is, VPNs hide your ISPs assigned IP. till now there has been a higher difficulty in differentiating traffic from the same IP with similar metadata. the more user specific metadata that’s added, the easier it is to differentiate devices and users.
this makes targeting specific devices with malware for spying significantly easier. at the very least.
but at a bigger point of view, it gives provable cause because the way the law is written implies every user that installs the OS becomes a OS distributor and every user is a minor by definition, even if the API flag says otherwise.
I recommend you read that again and if the words “probable cause” don’t come to mind you don’t understand the risk of a “minor” identifying as a adult.
Google, Microsoft, and Apple also already account for the vast majority of desktop OS installations
And you think that the data they get being “is an adult” or “is a child we’re not allowed to collect data on”, per the API part of the specification is useful for that?
If Microsoft and Google are also angling for this why is it only meta lobbying?
I think meta has some scheme to profit from this stuff, possibly also at the expense of Google, Microsoft, Apple in addition to consumers.
Because they knew some people in the OS community would take the bait.