System76 on Age Verification Laws
blog.system76.com606 points by LorenDB 11 hours ago
606 points by LorenDB 11 hours ago
I don’t like to shill for companies, but I’m glad System76 made a statement. The addendum does feel like their legal team made them add it though:
> Some of these laws impose requirements on System76 and Linux distributions in general. The California law, and Colorado law modeled after it, were agreed in concert with major operating system providers. Should this method of age attestation become the standard, apps and websites will not assume liability when a signal is not provided and assume the lowest age bracket. Any Linux distribution that does not provide an age bracket signal will result in a nerfed internet for their users.
> We are accustomed to adding operating system features to comply with laws. Accessibility features for ADA, and power efficiency settings for Energy Star regulations are two examples. We are a part of this world and we believe in the rule of law. We still hope these laws will be recognized for the folly they are and removed from the books or found unconstitutional.
Anyways, it feels like all sides of the political spectrum are trying to strip away any semblance of anonymity or privacy online both in the US and abroad. No one should have to provide any personal details to use any general computing device. Otherwise, given the pervasive tracking done by corporations and the rise of constant surveillance outdoors, there will be nowhere for people to safely gather and express themselves freely and privately.
> No one should have to provide any personal details to use any general computing device
I agree. I also agree with S76 that some laws regarding how an operating system intended for wide use should function are acceptable. How would you react to this law if the requirement was only that the operating system had to ask the user what age bracket it should report to sites? You get to pick it, it isn't mandatory that it be checked, and it doesn't need to be a date, just the bucket. Is that still too onerous?
I ask because I feel like if we don't do something, the trajectory is that ~every website and app is going to either voluntarily or compulsorily do face scans, AI behavior analysis, and ID checks for their users, and I really don't want to live in that world.
The main problem with the "report your age to the website" proposals is that they're backwards. You shouldn't be leaking your age to the service.
Instead, the service should be telling your device the nature of the content. Then, if the content is for adults and you're not one, your parents can configure your device not to display it.
It may often times be trickier than that - content often mixed of course. My 10 y/o hit me with a request yesterday to play Among Us where the age verification system wanted my full name, address, email, AND the last 4 digits of my SSN. I refused.
There's a good chance that they're never going to verify any of the information you give them, in which case it's another download for Mr M Mouse of 1375 E Buena Vista Dr, 32830, with a SSN that ends in 1234.
Giving fake info feeds the machine. It means you still consume, and a bad actor profits.
I disagree. Giving fake info adds noise to the mechanism, makes it useless. Ultimately I'm inclined to believe that privacy through noise generation is a solution.
If I ever find some idle time, I'd like to make an agent that surfs the web under my identity and several fake ones, but randomly according to several fake personality traits I program. Then, after some testing and analysis of the generated patterns of crawl, release it as freeware to allow anyone to participate in the obfuscation of individuals' behaviors.
You might want to take a look at differential privacy. It takes an unintuitive amount of noise to make the system useless.
You also need to account for how "easy" it is to de-anonymize a profile.
(Sorry I don't have links to sources handy.)
> You might want to take a look at differential privacy
Differential privacy is just a bait to make surveillance more socially acceptable and to have arguments to silence critics ("no need to worry about the dangers - we have differential privacy"). :-(
Sounds a bit like AdNauseam Firefox extension.
In my vision, it's the opposite of ad blocker, it's something that generates non existent traffic and views beyond what I would have done.
Last century my dad would give our pets names out with our real phone #(oddly or by mistake). The pets did start getting phone calls.
If the info becomes bad, it becomes much less useful and valuable.
I’m in the us and we o need some rights to privacy.
I would assume its fake and an attempt at identify theft at some level of the system. Is their PC infected at the OS level or just a fraudulent browser extension or something more like a popup ad masquerading as a system dialogue? A less trusting person would assume any request made by a computer is totally non-fraudulent and would gladly submit any requested private information.
"Dad, I can't do my math homework, a pop up says you need to provide a copy of your bank statement, your mom's maiden name, and a copy of your birth certificate, SS card, and drivers license, and can you hurry up Dad, my homework is due tomorrow morning." And people will fall for this once they get used to the system being absurd enough.
The fraud machine must be kept fed...
> It may often times be trickier than that - content often mixed of course.
So put the content tag at the granularity of the content.
Awesome. Now you have a system where every blog entry, every Facebook post needs a lawyer consultation.
Around 20 years ago, Germany actually made a law that would have enforced such a system. I still have a chart in my blog that explained it, https://www.onli-blogging.de/1026/JMStV-kurz-erklaert.html. Content for people over 16 would have to be marked accordingly or be put offline before 22:00, plus, if your site has a commercial character - which according to german courts is every single one in existence - you would need to hire a someone responsible for protecting teenagers and children (Jugenschutzbeauftragten).
Result: It was seen as a big censor machine and I saw many sites and blogs shut down. You maybe can make that law partly responsible for how far behind german internet enterprises still are. Only a particular kind of bureaucrat wants to make business in an environment that makes laws such as this.
Later the law wasn't actually followed. Only state media still has a system that blocks films for adults (=basically every action movie) from being accessed without age verification if not past 22:00.
> Now you have a system where every blog entry, every Facebook post needs a lawyer consultation.
You have that with any form of any of these things. They're almost certainly going to be set up so that you get in trouble for claiming that adult content isn't but not for having non-adult content behind the adult content tag.
Then you would be able to avoid legal questions by labeling your whole site as adult content, with the obvious drawback that then your whole site is labeled as adult content even though most of it isn't.
But using ID requirements instead doesn't get you out of that. You'd still need to either identify which content requires someone to provide an ID before they can view it, or ID everyone.
That's an argument for not doing any of these things, but not an argument for having ID requirements instead of content tags.
Funnily enough, marking content that's harmless as only for adults was also punishable, though that might have been in context of a different law. That would be censorship, blocking people under 18 from accessing legal content, was the reasoning. Welcome to German bureaucracy.
But you are right. It's an argument that the "just mark content accordingly" is also not a better solution, not that ID requirements are in any way better. The only solution is not to enable this censorship infrastructure, because no matter which way it's done, it will always function as one.
> Funnily enough, marking content that's harmless as only for adults was also punishable, though that might have been in context of a different law. That would be censorship, blocking people under 18 from accessing legal content, was the reasoning. Welcome to German bureaucracy.
That's how you get the thing where instead of using different equipment to process the food with and without sesame seeds, they just put sesame seeds in everything on purpose so they can accurately label them as containing sesame seeds.