this post was submitted on 22 Mar 2026
826 points (99.5% liked)
Technology
82940 readers
2700 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I was wondering when I would see this headline. I wonder if any other big names do similar
Linux Distros (so far) Refusing Age Verification
EDIT
I recommend going to Ageless Linux's site and reading up on their take on the whole issue. They clearly illustrate how poorly thought out the California law is.
I also wonder whether or not grapheneos, or open source Linux OSs in general, will face any repercussions for failing to comply to these regulations due to the relatively low user count.
Hate to say it but systemd, the init system of most Linux distros, already has PRs with maintainer backing to implement DoB recording.
Some people can't kneel fast enough.
DoB recording, and ID age verification, are two different things though.
No, they're the same in this context.
Which already has a revert commit https://github.com/systemd/systemd/pull/41179
The self-important creator of Systemd has personally blocked that PR, if I'm hearing correctly, which would suggest he or his employer Microsoft is all in on it.
"I'm not picking a side" and "this future proofs standardization" is of little comfort, that is seriously suspect. I ought to look to alternatives to SystemD(odge the issue failed).
He left MS in January
That has already been closed
Maybe this'll take the shine off that wunderkinder mess and people will finally be free to choose something more reliable. I love how RH pushed this beta software so hard and my reboots are now just shite -- unreliable and occasionally ridiculously delayed.
I'll be glad to see the back of that metastatic shitball.
That's just systemd adding a birthdate field to their userdb. Doesn't require that it be filled out or accurate, and especially doesn't require it to be validated against a government database. I don't see it as fundamentally any different from adding a userdb field for favorite color, phone number, or blood type.
Without 3rd party validation, I really don't see the privacy issue with an age field. Without verification, it is, at worst, one more byte available to hash into a unique identifier, but you can feed that field from /dev/random at every query and poison even that hypothetical.
You are absolutely right, we are not in fact getting screwed, they are just applying the lube for later. (Shamelessly stolen from elsewhere)
Why the ever loving fuck does an init system even need a user database?
Honest to God, if FIFA were giving out a World "Understanding UNIX" Prize, Poettering would be the inaugural, and only, winner. Never in the field of operating systems has one man driven so much enshittification through sheer force of cluelessness coupled with supreme arrogance. And in a world that Steve Ballmer still occupies, that's one hell of an accolade.
Systemd is more than an init system. Systemd was designed to be different from previous Unix-style single-/narrow-purpose services. Many distros making the switch seems to indicate that such a switch had significant enough upsides or necessities. No?
I read an article about why Systemd became what it is, and why it makes sense, and that made sense to me. Integration and a fully designed system has advantages over disconnected utilities and systems you have to connect and negotiate, especially on system- and boot-up level concerns.
Whoosh.
Plesse don’t give them any ideas. Here’s a list of what’s currently included
https://systemd.io/USER_RECORD/
I imagine people behind this law are pretty interested in this small but powerful user base. I would just boldly assume that a lot of people responsible for independent software and privacy advocates are using Linux etc. So its a interesting user base for sure. But regulating open source software luckily is pretty much impossible and they wont give up their(our) privacy without a fight. Also, we will see how much the user base will grow when these regulations get tighter.
They can simply say on their download pages that residents of Brazil and California are not allowed to use their OS.
Genuine question:
is Graphene a "big name"? They talk a big game and are probably one of the biggest alternative phone OSes but all results I can find are putting them at 250k users and less than 2% of the Android market share.
But, more importantly: Do they at all care about US government contracts? Red Had have RHEL. ubuntu have whatever they call their premium OS for enterprise users. Google and Apple are obvious.
Frankly I think they are the largest os vendor that is going to take a principled stance on this.
GrapheneOS has a deal with a hardware manufacturer, Motorola. I'd consider this refusal to be a big deal on those grounds alone
Big name for government backed hacking tools to list them separately on supported devices / OS cause it's more secure.
"More secure" is a minefield of marketing and intentionally misleading the populace. In a "perfect" world, everyone would believe that just putting something in a txt file protects it from The Government. Its akin to how so much media has pushed the "if you're a cop you have to tell me" myth.
But mostly I see it listed more as a way to build up precedent/probable cause. I forget which country it was, but Graphene was specifically listed as being used by criminals/drug dealers. Whether that is true or not isn't the point. The point is that now, using Graphene, counts against you for the purposes of pressing charges or taking you to a black site.
Which is the reality of a lot of laws. Let's say it is declared illegal to have the text of Animorphs 01 in your possession. Cops aren't going to be going door to door to find out if you are a Friend of Katherine. But if they raid your home because they decided you are a drug dealer or a dissident and find it? That is an extra charge. Or their suspicion that you had it is the entire reason they raided in the first place.
Which IS the reality with a lot of "decency" laws. That isn't to say they are all evil (CSAM being pretty universally accepted as being banned for a reason) but it is important to always understand how enforceable a law is and whether it actually changes anything.
Here is the popular phone cracking company Cellebrite's leaked slides showing them telling the people they're selling their tools to that they can't as easily (if at all, depending on device state) crack GrapheneOS as they can stock Android:
https://grapheneos.social/@GrapheneOS/112462758257739953 (This is just a well-summarized and explained post from GrapheneOS themselves, but the original leak was independent of them, and the slides and final interpretation are no different from what GrapheneOS is showing, thus I wouldn't consider this just "marketing")
Objectively, if you have a GrapheneOS phone, and you plug it into a Cellebrite machine, it will not have its data extracted if it's before first unlock, or after first unlock but on the lock screen. (as long as you've updated your security patches since like 2022, which most GrapheneOS phones will be) A stock Android phone, or even many iPhones were not as resistant to brute forces or even full file system extractions as a Pixel with GrapheneOS.
GrapheneOS also has additional features that can make the cracking process even more difficult, such as disabling USB even after first unlock when on the lock screen, automatically rebooting after set period to return the phone to BFU state, or setting a duress PIN that wipes the phone, which could be triggered via a brute force before the real PIN is guessed.
Also, in case you want to look at the diagrams in the post more since they don't really explain all the acronyms, here's a key:
You might be referring to Catalonia, Spain?
In their case, it was more about Pixel phones in general being used by criminals, and GrapheneOS being their OS of choice which made cracking them harder, rather than GrapheneOS itself being considered criminal or suspicious, but I get where you're coming from.
You could also be referring to the UK, but that was regarding a journalist with GrapheneOS, but the charge was refusing to unlock his phones. And yes, I said phones, because he was also carrying an iPhone, and they wanted that password too. So in this case the charge wasn't GrapheneOS-specific.
There's also France, who was going after GrapheneOS because they wanted an encryption backdoor, but GrapheneOS just said no, so they told police to consider any Pixel with GrapheneOS "suspicious", but not to consider it a crime in itself. (nor did they have the legal authority to do so) GrapheneOS actually migrated all their server infrastructure out of France as a result of this.
Generally speaking, even in those areas, this (fortunately) just isn't true. You are more likely to be considered suspicious in Catalonia if you have... a Pixel, GrapheneOS or not. You're likely to be criminally charged in the UK... if you don't give up your password, GrapheneOS or not. And you're likely to be considered "suspicious" in France... but can't be charged with anything for it, and the only way they'll know if you have GrapheneOS installed is if you were already arrested for something else and had your phone seized.
Practically speaking, it's better to support an OS that protects your data, but could increase the risk of you getting in trouble for protecting your data, than an OS that doesn't protect your data, and gives it all to the authorities, making whether or not you're considered criminal pointless. After all, you could voluntarily unlock your GrapheneOS phone in any of these jurisdictions and stop facing any of these possible consequences, and it would carry the same implication as a non-GrapheneOS phone that does it whether you provide your PIN/password or not.
So this:
Just isn't (at least currently) the case, since no regions currently doing anything against GrapheneOS have made the act of having GrapheneOS installed in itself a crime.
Not to say this couldn't change, and you're totally valid in assuming that governments will try to push this, but at least currently, using GrapheneOS will not in itself increase the chance of you going to a black site.
Big enough for a headline, not big enough to make a difference.
I would go so far as to say they are only big enough to make an updoot-bait headline at that.