Stores the user's birth date for age verification, as required by recent laws
in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc.
The xdg-desktop-portal project is addi...
Fork time? Maybe all the anti-systemd zealots were right all along…
is perfectly reasonable for a private person with limited funds to fight a legal battle with
Are you saying corporations like Red Hat sponsoring the development of systemd are thinking of “poor private devs” of whatever distro when taking such a decision than impacts the majority of distros?
Red Hat probably could afford to go to court over those laws. Maybe should, too. Maybe just passively ignore them until someone drags them to court for it. But all of that would be independent of this change.
impacts the majority of distros?
And just what is that impact?
“Here, you have a space to write stuff down.” So what? If I’ll never read it or verify the contents, what difference does it make?
That every distro will inherit a field containing a birth date, whether they want it or not.
“Here, you have a space to write stuff down.” So what?
That “stuff” is a personal information that not everyone is legally equipped to deal with. In EU there are specific laws protecting storage and usage of personal information.
Your "stuff"can potentially create more problems than the ones it tries to solve, assuming good intentions.
That “stuff” is a personal information that not everyone is legally equipped to deal with.
You mean like email address, real name, location? Because those fields exist already. I’m not aware that they have ever caused any issues, even though real name and location should be more critical in a doxxing or surveillance context than “just” the date of birth.
I assure you, I don’t have my email, real name or location stored in my userdb. Nobody makes me enter them. Nobody cares. Nobody would verify if I did. What’s stopping me from entering 1970-01-01 as my DoB, if I enter anything at all?
If I’m the one storing, transmitting, querying and processing PII, I’m responsible for it. If my distro were to require email verification, proof of identity for the real name, records of my place of residence or employment to ensure the location is accurate, that would be an issue, and that would make the vendor liable for handling that data.
That is what the GDPR and related laws are actually concerned with, not the exact format or place they’re stored. Otherwise, you’d have to ban me from creating text files: I might store someone’s phone numbers in there.
I’ve been using Linux for many years and not even once I’ve seen those info being requested by the operating system.
Otherwise, you’d have to ban me from creating text files
There’s a huge difference between YOU putting your info by your own accord wherever you want (look at what people do on Facebook) and an operating system requesting those.
In case you didn’t notice, this whole ordeal is pushed by Meta to avoid being accountable for the shit they do on their platforms, they’re trying to shift the responsibility to operating systems of all things, and that’s not acceptable.
Is it though? As best as I could tell, this PR is literally just adding the field next to the others, not requesting shit.
In case you didn’t notice, this whole ordeal is pushed by Meta to avoid being accountable for the shit they do on their platforms, they’re trying to shift the responsibility to operating systems of all things, and that’s not acceptable.
Absolutely. I just disagree that this particular addition (particularly considering all the fuss about making sure it doesn’t show up in logs and dumps and what not) is a problem. I don’t think this is the hill that battle should be fought on. Adding or not adding it to systemd doesn’t make the OS / distro built on top of it any less responsible for their handling of that data.
It does provide a standard and (somewhat) central place to implement the security aspects of it though.
It does provide a standard and (somewhat) central place
That would be the case if everyone used systemd, but it’s not, sysvinit distros still exist and they’re not going away in the foreseeable future.
I don’t think this is the hill that battle should be fought on.
I could agree with this if the reason for this PR wasn’t age verification, that’s indeed a battle that needs to be fought, on every piece of the puzzle.
That would be the case if everyone used systemd, but it’s not, sysvinit distros still exist and they’re not going away in the foreseeable future.
That’s nice. Doesn’t change the fact that it needs to be stored somewhere, if the maintainers end up facing legal pressure to implement it. Opposing one (optional) way to store it won’t fix the issue, it’ll just result in the same splintering of competing standards we see everywhere else, with the attendant difficulties in ensuring security and quality across the board. In other things, that might matter less, but if we’re pissed about having to hand over PII to one instance, I’d be even more wary of it being stolen.
You’d be cutting off one leaf of a tree.
I could agree with this if the reason for this PR wasn’t age verification, that’s indeed a battle that needs to be fought, on every piece of the puzzle.
Are you going to oppose every other system that allows storing data too, because it might be used to store data for age verification?
No, it’s a battle that needs to be fought at the focal points: lawmakers, law enforcement, developers implementing the verification tools, companies using them.
Spending time and energy waging a culture war over the most insignificant, replaceable, trivial part of it will achieve nothing. It sacrifices all nuance and bulldozes all discussion of other merits (or issues) systemd might have.
There are legitimate, reasonable complaints to have with systemd. “We added a data field, which we’re trying to make sure doesn’t end up in the wrong hands” isn’t one.
Fuck these laws, and fuck the fascists using kids as pretense for surveillance.
Are you saying corporations like Red Hat sponsoring the development of systemd are thinking of “poor private devs” of whatever distro when taking such a decision than impacts the majority of distros?
Red Hat probably could afford to go to court over those laws. Maybe should, too. Maybe just passively ignore them until someone drags them to court for it. But all of that would be independent of this change.
And just what is that impact?
“Here, you have a space to write stuff down.” So what? If I’ll never read it or verify the contents, what difference does it make?
That every distro will inherit a field containing a birth date, whether they want it or not.
That “stuff” is a personal information that not everyone is legally equipped to deal with. In EU there are specific laws protecting storage and usage of personal information.
Your "stuff"can potentially create more problems than the ones it tries to solve, assuming good intentions.
You mean like email address, real name, location? Because those fields exist already. I’m not aware that they have ever caused any issues, even though real name and location should be more critical in a doxxing or surveillance context than “just” the date of birth.
I assure you, I don’t have my email, real name or location stored in my userdb. Nobody makes me enter them. Nobody cares. Nobody would verify if I did. What’s stopping me from entering 1970-01-01 as my DoB, if I enter anything at all?
If I’m the one storing, transmitting, querying and processing PII, I’m responsible for it. If my distro were to require email verification, proof of identity for the real name, records of my place of residence or employment to ensure the location is accurate, that would be an issue, and that would make the vendor liable for handling that data.
That is what the GDPR and related laws are actually concerned with, not the exact format or place they’re stored. Otherwise, you’d have to ban me from creating text files: I might store someone’s phone numbers in there.
I’ve been using Linux for many years and not even once I’ve seen those info being requested by the operating system.
There’s a huge difference between YOU putting your info by your own accord wherever you want (look at what people do on Facebook) and an operating system requesting those.
In case you didn’t notice, this whole ordeal is pushed by Meta to avoid being accountable for the shit they do on their platforms, they’re trying to shift the responsibility to operating systems of all things, and that’s not acceptable.
Is it though? As best as I could tell, this PR is literally just adding the field next to the others, not requesting shit.
Absolutely. I just disagree that this particular addition (particularly considering all the fuss about making sure it doesn’t show up in logs and dumps and what not) is a problem. I don’t think this is the hill that battle should be fought on. Adding or not adding it to systemd doesn’t make the OS / distro built on top of it any less responsible for their handling of that data.
It does provide a standard and (somewhat) central place to implement the security aspects of it though.
That would be the case if everyone used systemd, but it’s not, sysvinit distros still exist and they’re not going away in the foreseeable future.
I could agree with this if the reason for this PR wasn’t age verification, that’s indeed a battle that needs to be fought, on every piece of the puzzle.
That’s nice. Doesn’t change the fact that it needs to be stored somewhere, if the maintainers end up facing legal pressure to implement it. Opposing one (optional) way to store it won’t fix the issue, it’ll just result in the same splintering of competing standards we see everywhere else, with the attendant difficulties in ensuring security and quality across the board. In other things, that might matter less, but if we’re pissed about having to hand over PII to one instance, I’d be even more wary of it being stolen.
You’d be cutting off one leaf of a tree.
Are you going to oppose every other system that allows storing data too, because it might be used to store data for age verification?
No, it’s a battle that needs to be fought at the focal points: lawmakers, law enforcement, developers implementing the verification tools, companies using them.
Spending time and energy waging a culture war over the most insignificant, replaceable, trivial part of it will achieve nothing. It sacrifices all nuance and bulldozes all discussion of other merits (or issues) systemd might have.
There are legitimate, reasonable complaints to have with systemd. “We added a data field, which we’re trying to make sure doesn’t end up in the wrong hands” isn’t one.
Fuck these laws, and fuck the fascists using kids as pretense for surveillance.