Add a required birth date prompt (YYYY-MM-DD) to the user creation flow, stored as a systemd userdb JSON drop-in at /etc/userdb/<user>.user on the target system.
Motivation
Recent age verification laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc. require platforms to verify user age. Collecting birth date at install time ensures Arch Linux is compliant with these regulations.
This is just a pull request, no changes yet.
The pull-request discussion thread has been locked, just like it happened for the similar thread in Systemd, owing to the amount of negative comments…
Discussion?
Yeah. That’s not what’s happening.
Censoring dissent, is what I hear is happening.
there’s so much shit to implement in linux, new shit to make, old shit to fix. preemptively adding this bullshit, without anyone even threatening any meaningful action, should be shot down in flames and this joker excluded from any and all FOSS avenues on account of spam and trolling.
I am sure the tali-fucking-ban are tali-fucking-banning women from using the computers by way of whatever passes for laws over there. is this bootlicker gonna implement “just a JSON field” to that end as well?
grow a spine, you corpo-fetishizing cowards. where’s the “fuck you, make me” attitude? what, california of all places is gonna ban linux? fucking lol.
evidently the systemd and arch requests were from the same guy.
This dude need to chill, he also pushed the systemd change, and in his blog he seems to believe android “advance flow” for sideloading protects users.
The one they are targeting is California’s AB-1043, which still have three quarters of a year before it comes into effect…
I think this dude might get too excited for his new subscription of claude code or whatever, and decided to spam every project with these request. Some of these are reasonable, some are compliance in advance.
Also this dude writes two freaking blog every week with LLM. If I were him, I would try to find some joy in my personal life…
I fully expect this person to not be even real and instead just another ai bot to push agenda for corporate scum
He’s the third highest contributor to archinstall.
https://github.com/dylanmtaylor
Still a dipshit but probably not a bot.
Fair enough that’s pretty surprising, so even Arch is not safe from lunatics… That is disappointing. As a Manjaro user, I am likely to pick up their changes via both systemd and since Manjaro is Arch based… Sad and disappointed by useful morons who have no fucking clue.
it’s so strange to me that he tried to add age verification scripting changes in archinstall. isn’t that the wrong place systemd makes sense but I’m puzzled by the archinstall pr
The thing that’s frustrating is that if the age verification laws weren’t there and they wanted to add a birthday field it wouldn’t seem bad. Details about the human using the account like first and last name are already stored. All you really need is username. But because it’s explicitly in reaction to age verification laws we have to be skeptical about adding it.
@JackbyDev @underscores Yes we do, because it is an erosion of our freedom.
You’re saying that in a post age verification world though, my whole point is that if this were there before it wouldn’t seem bad. I’m not saying we should add it now because it would’ve been fine before.
fascist cocks won’t suck themselves.
are you sure it’s even a person, not a bot? because this all screams either bot or seeking internet fame as the “hero to kids”.
“hero to kids”
tool of big baron.
I think he has repo pre ChatGPT with legitimate usecases, while that would not be a conclusive proof, I cannot imagine some chatbot would bother with this.
Yeah. He’s also the third highest contributor to archinstall. But even good developers can have shit beliefs.
I think Brodie Robertson interviewed them.
he only responded via text. that only further solidifies the account is a bot.
Never comply with advance. Nazi wants that. Make them fight for it. Let them sue, and get community funding for the case, and then delay the court case again and again, and maybe comply when they lose.
If you comply with advance, you are actively helping them, along with creating fear.
the law wouldn’t hold up in court anyway. its not practical for any ecosystem outside online sites.
accounts and users are the same thing, despite what the law says. it also doesn’t different a person from a user, meaning a compromised system that is complying with the law, its actions represent the user, and the account holder is held responsible.
its made to absolve meta/Microsoft/google from their actions in targeting kids with intentionally addictive content and making the “account holder” at fault.
It’s very obvious this is just an entry point to degrade even more of our privacy and rights. How many times is this kind of shit gonna keep happening and people will still fall for it.
Was this also true with the real name field?
If you really don’t see this as a problem with governments instituting this you are exactly who I am talking about. Keep drinking the koolaid bud
Governments should not be requiring this of operating systems; it’s absurd on many levels.
But actually implementing it is still pretty innocuous.
need a “/s” on that last line?
Maybe just a clarification. Implementing optional fields is innocuous. Implementing requirements is not.
I don’t know what people expect.
All big linux distros are going to be quickly a target, because the people who like age verification laws like that hate the idea of free software.
Putting a dummy, useless age input, is a good way to comply maliciously, and can be easily reverted if these stupid laws ever get removed.
It wouldn’t surprise me if obvious ways to bypass it appear a few seconds after the changes are validated.
The alternative is that these systems could be outawed in a lot of places, which would have a much more negative impact than an age field.
War is about knowing to take a hit to avoid defeat, sometimes.
@[email protected] @[email protected] @[email protected]
The Brazilian flavor of age checking explicitly prohibits self-declaring (“vedada a autodeclaração”). Estimation of age via selfie or behavioral analysis, as well as the need for government-issued IDs, perhaps validation via credit card microtransactions, are some of the accepted age verification mechanisms for Lei 15211 (“ECA Digital” or, more informally known as “Lei Felca” due to the involvement of a YouTuber sub-celebrity on getting this thing to Brazilian lawmakers). Doing age bracketing via self-declared mechanisms, such as birthdate input or the usual consent button, risks fines and other provisions.
KYC (“Know Your Customer”) is, deep down, what these laws are going to be about, ID checks as sine qua non part of purposefully vague-worded laws with broad and outreaching enforcement, so tech organizations and companies worldwide, especially the smaller ones, will eventually find themselves in a situation where they are legally compelled to implement everything that’s being pushed as part of these dystopian laws. After all, it’s far from being just a Brazilian or a Californian thing.
Currently, yes, we’re seeing this law-concept restricted to a handful of places such as some USian states, as well as countries such as UK, Australia, Canada, now Brazil… Zoom out, however, and you’ll realize how this thing is gradually spreading worldwide because this is the only way for age verification to get effectively enforced.
You read it correctly, those laws are very likely getting to more and more countries, eventually turning KYC into part of international, industrial standards. Nothing too hard for big corps to do on their own, such as Google and Microsoft, even Canonical and Red Hat which are large companies, but small companies will end up being pushed into relying on non-free third-party KYC services in order to comply with age verification.
Such situation would end up benefiting the big players, with KYC services such as Persona becoming the new ubiquitous Cloudflare when it comes to this digital landscape. KYC gates, in this sense, would become the new CAPTCHA, Biometrics-as-a-service would become the new normal, true FOSS projects would become unlawful a priori while large corporations would thrive with another data point for tracking and advertising, and as the tolerance bar gets lowered, people will end up used to it, because any attempt to be against it will lead, at best, to social ostracization…
I don’t know, maybe I’m being overly pessimistic about it, but I can’t help but notice how dystopian things, some of which were long foretold and were warned about, are slowly taking away our privacy and freedom…
I don’t disagree with anything here.
But my point wasn’t “there’s nothing to worry about”, it was “an age field is the minimum they can do, and blaming them for it is pointless”.
My point is that this law is already there, and the fight needs to be brought where it matters, and the code of linux systems is not what is going to change politics. When someone is held at gunpoint, you don’t yell at them to fight back and curse them when they don’t, but you attack the attacker.
The law is completely not here, it affects very few people in the world, so they can bugger off with this nonsense change
I have no idea what to think because this sounds reasonable, but so do the arguments that it’s a slippery slope and complying now makes it easier to surveil us all later. (Yes, I know this is the name of a fallacy. I’m curious as to when is it a fallacy and when is it not. I can absolutely imagine people saying “slippery slope fallacy” and being right, I can also imagine a different situation where people say “slippery slope fallacy” to something and it happens exactly as the people whose claim is being denied with “slippery slope” fallacy said.)
I guess that is why controversial issues are controversial, no easy and obvious resolution?
A slippery slope isn’t always a fallacy. Yes, that is a specific name of a fallacy, which people commonly point out, but it is also the form of a valid logical argument. If there is support that this will happen, it isn’t a fallacy.
I this case, a user-entered field is useless to “protect children” (being generous and assuming this is the actual reason for the laws). Children will just lie, as they have been doing for decades. The state will point to this as the law not fulfilling its stated goals, so they’ll need to verify age through other means. Even if the goal isn’t surveillance of people, this is still likely to be the result logically. This means the slippery slope argument is valid.
It could be a slippery slope. That’s why the point is not to just accept it and move on, but to comply while pushing back against it.
And complying right away, but with a bullshit field, is a good way to signal “we do not agree, and we’re going to always find a way to fight back”.
Taking a hit to avoid defeat, does not mean surrendering. It just means that you need to recognise when a battle is lost. In a way, the other side of the slippery slope is the sunk cost fallacy, where you refuse to admit that something is a lost cause and you keep on pushing, making things worse.
It’s a matter of balance and reason, which people nowadays reaaaally struggle with.
They’re not handing over private crypto keys here. It’s a database entry that the person installing the system can put whatever they like in.
and it happens exactly as the people whose claim is being denied with “slippery slope” fallacy said
But this is the crux of the fallacy. What evidence is anyone providing that there is indeed an insidious chain of events we are enabling by adding the birthdate field? Are there examples of cases similar to this in history?
EDIT: I can tell people are getting emotional about this because I’m being down voted for just asking a question that elaborates the point someone is making.
The justification of the slippery slope is pretty simple.
They ask to add in a DoB field that must be filled out and reported at all times. So we add it into our systems and say no big deal. If you hate it put down your birthday as 1900-01-01 and call it a day.
But what is the problem with a self reported, unconfirmed field like this? It is utterly useless BECAUSE it is a self reported, unconfirmed field. It doesn’t solve any problem AND it doesn’t provide any real personal information. So why even ask for it?
The two options are malicious intent and stupidity that tech can’t be worked around.
We can skip the latter as stupid people will always be stupid. So the former, malicious intent. When they point out that this new law isn’t actually fixing things because of the fact people are lying about their age they will inevitably say we need government IDs added to the system. They will not only make sure you are the correct age for content, but know WHO is viewing such content and they will be tracking it.
Now you might say, wait there is a third option, benevolent people actually wanting safety. Creating a system where personal information is mandatory to your interaction with the internet creates a security target that we all know cannot be covered. And we also know that all tech can be broken so kids will find a way around this stuff. Using your parent’s ID, a globally shared fake ID, hacking the protocol for certification. they will get around it.
The slope is slippery because the only options are
- Stupid => which falls down the hill on accident
- Benevolent => which falls down the hill because its a vertical cliff face that can’t be scaled
- Malicious => they push you down the hill because they are assholes
yes. every time in the history of gnu software when a function is added without a purpose its for a later feature.
otherwise there is no need for the form? since when do we leave empty forms in software that can be used to store strings, that hold no meaning…
only two uses for this. to implement the full API later or to have a string the user normally does not see that becomes a perfect place to store malware. full stop.
complying with the API is a act of absolute stupidity…
This law affects so few people in the world, they can bugger off with their changes. No one on my entire content is affected by this stupidity.
Outlawed software.
Lol
Lmao even.
In soviet america software outlaws you.
“We’ve determined you’re using an illegal OS. You’re under arrest!”
People get arrested for ones and zeros all the time.
Or you know, just getting a lot of accesses blocked, your ISP blocking you, etc.
No matter how you put it, it’s more risk than inputting a bullshit field at install.
My ISP doesn’t know which os I’m using, I behind two NATs and a proxy…
Good for you.
Now what about others that are not in your situation? What if this gets flagged as a suspicious behavior? What if your ISP blocks access to devices that are not allowed by a third party (government or company)?
You can always make a slippery slope. The difference is that complying for now brings nothing bad, not complying brings more focus and puts a target on linux and its users.
Everyone is behind at least one NAT, the wifi router.
Generally provided by the ISP, no?
Isps provide modems. You can add your own router and manage the network yourself if you’re so inclined. Why do all these threads have people like you that don’t know basic things about computing and networking commenting on this?
not really, the law is written that complaince makes you complicit. every user is a child. there is no adult users.
it’s a really messed up law…
above all else, even if the API is used properly, unless it’s giving false positives, it creates a metric that can be tracked to form patterns. these are all a advanced method to identify individuals to unmask online identities…
As I said, it’s a loss. It is not going to bring anything good, and can only bring bad stuff.
But my point is that the alternative of ignoring this law would just worsen the situation.
If you want to fight a law, you need to do it with meaningful measures. You find flaws, you revolt, but you don’t just ignore the law and hope to not be attacked for it.
If a big linux distro does it, it will lead them to endless legal battles that will ruin them, and then what?
The strategy here is to accept the loss, mitigate it as much as possible, and attack the source, which is politics, governments, and popular support and understanding.
Explain to people why it’s bad, burn down the government, and fix the system. If we only fight the symptoms when they target us, we’ve already lost.
Found the corporationist bot.
War is about knowing to take a hit to avoid defeat, sometimes.
We have been taking hits since, like, 1965 at the least. Surely by this point it should have been enough?
Everyone I don’t agree with is a bot!
And what would refusing a field do?
What needs to be done is basically a revolt against current governments and capitalism, not nitpicking every privacy-invading law that comes, and then waiting patiently for the next one to come.
You’d rather put a big target on linux systems for stupid fucks to label it as “the big danger for our kids” which would just bring nothing good.
You want to stop taking hits, then stop waiting for them and then pretend that dodging is the only solution.
What needs to be done is basically a revolt against current governments and capitalism,
I’m doing my part on that, you are invited to also do yours. But also do realize that “a revolt against current governments and capitalism” is a class action, not something that we can do by ourselves like patching an OS to remove age verification is.
And big linux groups cannot remove age verification as easily as users can, as a big group is likely to be sued while an individual isn’t as much.
Please don’t make me switch distro :(
What does he mean by required? This law would apply to a tiny fraction of users - no one in my continent for example. I hope he understands there’s no way it should be required for everyone.
This law affects exactly 0 users on my entire content… So why do I need this nonsense? Even systemd change is bullshit and doesn’t affect me or anyone on my continent.
My Linux based IOT devices will now need age verification for default accounts…? And now any devices will expect to have non-shareable specific accounts…? So to open my fridge and use its apps I need to verify as me…? I’m me?
I gotta take out my ID to do docker run --rm hello-world
If you have a fridge with an app
GET OUT
You laugh but have you seen hdd prices recently? cold storage problems require modern solutions!
I thought it was an optional field, like the name field
It might be for now or in the current implementation but the implication that this information, should it exist, can then be validated and enforced on a service or application level with this value or expansion to more formal forms of identity and age verification is where we are forced to meet dystopia and exchange pleasantries while the guardians watch over our sanctioned play dates.
In systemd it would be optional. This post is about the OS making it a requirement to ask the user birthdate and using said optional field to store it.
ISO Standard corpofascism ruse. It’s optional until it’s not / “the first dose is free”.
Ok, so the systemd change was acceptable (since it was optional), this is absolutely not. Fuck this shit. If it’s coming to NixOS I’m going to do everything I can to stop it, and otherwise I’m keeping a Nixpkgs patch that reverts the commit
Imo, the move would be if all linux distros were to let the date come and go and just geo block all requests from countries and zip codes that do this. Users breaking the law would not be the problem of the organization making the OS. If they’re not “offering” the OS in those zip codes, refuse all service, patches, updates, everything, they would not be legally responsible.
Getting desktop Linux banned from somewhere like California instead of doing something that is effectively harmless is only helping Google, Apple, and Microsoft.
I think you’ve severely underestimated just how critical Linux is to the tech industry, and just how hard it would be for companies to move off of it.
If companies were afraid they’d have to face that kind of work, they would push back on our behalf.
Or they would make their own forks, we’d end up with a painful unmaintainable mess, and then they’d push back on our behalf.
You manage upwards against people unwilling to listen or comprehend by forcing them to experience the pain of their own poor decisions that they were already warned of. You don’t accomplish anything by proactively capitulating to bad requests.
Uh, “no u”.
Putting the birthdate into linux is only helping Google, Apple and Microsoft.
…you can’t just say and claim that. At least give me some argument why would that be helping those companies.
it’s not helping, they’re actually being set up to take the fall so to speak by Meta https://www.yahoo.com/news/articles/reddit-user-uncovers-behind-meta-154717384.html
Meta is lobbying for all this crap and forcing it on everyone else (including Linux) with the only exception being…Meta. Google, Apple, etc will be in the same boat as Linux with Meta leveraging itself as the potential only “safe harbor”.
On one hand. It’s the same as the standards we already have to store email adresses and phone numbers for Posix users it’s harmless. And honestly, it’s also useful for application developers that want to implement parental controls (and despite what the tinfoil hat gallery is saying this is important). It would stop being harmless if it was tied to real IDs, but currently that would be strawman argument.
On another hand, if you prevent Linux adoption in a large demographic, you remove a threat to big tech’s dominance.
(Thanks for actually engaging with the discussion).
On another hand, if you prevent Linux adoption in a large demographic, you remove a threat to big tech’s dominance.
Ok, sort of, maybe but this move is the move of big tech dominance. By caving to it, “linux” is positioning itself into a position of compliance with them, not opposition. What complying does is also removing the option to really oppose and evade big tech’s dominance.
We’re simply entering the era where installing an illegal operating system becomes a thing that is possible, because previously nobody cared to make an operating system illegal. And I would to have many distros to choose from that don’t comply with this, but I will pick the wacky silly outlier if I hate to. At least I like to think of myself as doing that.
I agree with your worries about the second point. Mandating thing like this by law is bad. But having a standard on its own is not. Ideally this should have come from an industry standard and not a legal one, but inaction is part of what got us into this mess.
Mandating thing like this by law is bad. But having a standard on its own is not.
I agree with this. Here’s where it gets weird. All these bills stem from meta lobbying. Why do they regulation in this specific thing when they’re totally capable of forming a standard committee or something with Microsoft and Google?
because it’s all part of a larger project to collect usable data. you can’t force standards, but you can force laws.
if you build a standard and no one follows it. then it’s wasted time and money. Meta, Google and Microsoft all have a vested interest in user data. more so with law enforcement buying it in bulk to build identity profiles of /individuals/.
if tomorrow they got added to the law to store and transmit a string of your government ID, would you be more resistant?
the issue is, VPNs hide your ISPs assigned IP. till now there has been a higher difficulty in differentiating traffic from the same IP with similar metadata. the more user specific metadata that’s added, the easier it is to differentiate devices and users.
this makes targeting specific devices with malware for spying significantly easier. at the very least.
but at a bigger point of view, it gives provable cause because the way the law is written implies every user that installs the OS becomes a OS distributor and every user is a minor by definition, even if the API flag says otherwise.
I recommend you read that again and if the words “probable cause” don’t come to mind you don’t understand the risk of a “minor” identifying as a adult.
Because they knew some people in the OS community would take the bait.
I thought that the law hasn’t even passed yet? Why are distros so eager to show legislators that they’re on board for being regulated?
The only one apparently eager to implement this is the dylanmtaylor Github user, who has created PR’s for systemd, archinstall, and Ubuntu. Maybe more.
The California bill was approved and signed into law back in October:
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
Its only one state, the rest of the world for now still have some fucking sense. If anything its disproportionate to appease a local government with global systems, whats next? Appease North Korea? Or Putin? Block Linux from working in Ukraine? How fucking insane is this dipshit to add changes to a global product for a thing that affects only 40m people out of fucking billions?
But hasn’t taken effect yet:
This bill, beginning January 1, 2027, would require, […]
Gentoo/Artix
I’ve started updating my own Arch install script to work with Artix instead. Hopefully have it done in a few days.
Artix has a calamares installer, do you need a script?
I don’t need it, no. Its more akin to an unattended installer with a answer file - once you start the script you only need to input the new password for root and user account and thats it.
Yes, this is the way. Big ups.
