this post was submitted on 22 Mar 2026
963 points (99.5% liked)
Technology
82940 readers
2767 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I... didn't say that? Not sure if you replied to the wrong person?
But I'll try to respond to what I can?
Assuming we are referring to the California legislature (I believe most/all of the US legislature if on the same grounds. The proposed EU "framework"s are very different), there is no requirement for third party verification.
It is literally the same check we already have. "Enter a random ass date that is more than 18 years ago". This doesn't "overcome" anything and, arguably, is a good law to get on the books so that you can say "Something is being done" before all the legislature and "frameworks" that want to be built around third party verification and "digital passports" do gain traction.
All of this is already happening and HAS already happened. You know all those stories about how google knows you are pregnant before you miss your first period? You know how you can quite often just click "verify you are human" and it processes without making you generate training data?
Hell, you know how targeted ads are a thing?
All of that is the same thing. It is about building profiles that tend to be so ridiculously specific that it isn't even "This user connecting from Norway actually lives in the US and is from Cleveland" and is more "Oh, this is Oswald Harvey using his nordvpn subscription that he got with a discount from a Spiffing Brit video. He tends to favor the endpoints that are 25% down the list"
Both of which speak towards why people need to educate themselves to understand what information is already out there.
Yes? I am sorry that protecting your privacy takes effort? I am sure that if you pay a random sponsor on an LTT video that they'll claim to do everything for you?
Like... I really don't know what to tell you?
Oh whoops, if I did, my bad. That's what I was understanding your comment about "it's literally the same check we already have" to be. You're saying there are already age checks for certain sites (and analysis of your web traffic and associated data being sold) and that this is no different, if I understand correctly. It is worth pointing out that while the California law requires no verification, the New York law potentially requires more than just a declaration of age. It's worse elsewhere in the world.
Right, but you see how this is also a bad thing right? Given that the FBI has now spoken about buying this data and uses it to target people, I would think that we would all want better privacy protections, not fewer.
I don't see how that should sway opinion about this being a good or a bad thing. It's a bad thing for everyone, right?
No, I am saying that. I was saying that calling this a slippery slope doesn't feel like it is based in the history of privacy erosion. I'd love to learn more about the original sin in all of this, but just because it isn't the first step doesn't mean we shouldn't fight against consolidated, government-mandated privacy violations, right?
I think you're misunderstanding me. I'm not complaining that it's difficult. I'm asking why we don't try and just fix the problem instead of letting something like this slide by because there are other, similar issues.
Correct-ish.
I would amend that to be "All of this information is already out there and you provide it, without thinking, often multiple times per day". But with the added caveat that this ONLY changes if a third party verification is required.
To my knowledge (and skimming what I can find), the New York bill also does not require third party verification. At least, as of 2025-S8102A.
But yes, fully agree regarding the rest of the world. People get EXTRA pissy if you point out the EU isn't magically doing exactly what they want it to do and always siding with "consumers" but... the frameworks and legislature being pushed through there are deeply alarming.
Do not expect companies (and company adjacent) orgs to protect your rights.
But also? The FBI doesn't need to "buy this data". They can just buy the same marketing data everyone already has on them (unless you go above and beyond to obfuscate that).
And this legislature has absolutely zero bearing on any of that.
No, it is not. Like I pointed out above: We always say "parents should watch what their kids are watching so that I can keep getting my goon on with tiktok" and all that nonsense. And do you know what the first step to ACTUALLY protecting kids online is? That's right. Restricting accounts based on age.
Adding a user provided birthdate to your account in systemd is no more dangerous than having a field for location or phone number. Having an API to fetch this from the OS IS concerning but is also very much in that realm of "This genuinely makes browsing the internet easier"as, depending on implementation, your computer can auto-verify you so you don't have to wipe the lube off your hand when you change sites.
And... its almost like those of us on open source OSes can maybe consider a way to go even farther with controlling what gets sent...
Correct. But I would bet my bottom dollar that at least a few of the folk insisting this is the evil US (fair) forcing their will upon the world don't realize their own governments might actually even be ahead of the game. Like apparently a bunch of live service games disabled chat in the UK in the past day or two?
Again, that privacy already eroded away years ago. Pretending otherwise is just lying to yourself and increasing your own risks.
The door to your home fell off and all your windows are shattered. Does it make ANY sense to freak out that your ex still has a key to your front door?
And that is why... it is more than a bit tinfoil hat but I really do wonder how much of this "outrage" is being intentionally stoked to distract from the very real concerns. If you actually care about your privacy then you need to educate yourself on what you should have been doing for years now. And consider getting on that.
Yes, let's try to fix it. Complaining about a single field being added to a user profile (that already has user provided location, phone number, email, etc) ain't it.
Focusing on the third party verification component.. is part of it.
But also understanding that all of this is out there and never coming back is more important.
One of the biggest con jobs facebook has ever done is to pretend that they let you delete your account. And they do. Except... not really. Because User 1234 who has the real name field of "Fred Jones" was deleted. But User 1235 "Daphne Blake" isn't and she has lots of pictures of her and Fred. And Old Man Wilkinson also has pictures of his home that some meddling potheads raided last month. So removing metadata from THEM would violate their digital rights.
So (simplifying), User 1234's "real name" field is indeed voided. But their profile remains the same so all associations with Daphne and Shaggy and all the mansions remain the same. Same with the knowledge that some blonde haired d-bag with an ascot went to school with Red Herring. And that he is related to Skip and Peggy Jones. And that his name is suspected to be "Fred Jones" for the purposes of making sure to protect his identity in case someone registers as him and can't provide ID to prove that.
But folk just fixate on "Delete your profile so that zuckerberg can't control you!" and ignore all that.
Because understanding things is hard.
I think I'm following what you mean. To me, though, (using your house analogy) it isn't that your ex has a key, it's that the government is demanding that your door remain open. Sure, it's already off the hinges, but it's a whole lot easier to put a door back on than to fight the government about it. It's not currently illegal to protect your data through extreme measures, but this is the beginning of laws that make it illegal. That is why this is worth fighting over to me. What's more, I can hate and fight against more than one thing, so it's not a huge issue to be against this.
And sure, all this data is out there, but that isn't true for future generations. Old data becomes stale. It just seems like such a defeatist attitude to me to cede ground on this, especially when the laws you mentioned actually being worried about would use this as precedent. It's certainly easier to argue for an ID requirement when you have the data on millions of users lying about their age and use it as justification for a more controlled implementation.
But either way, I think I need to step away here. I feel like I understand you, I just disagree and to continue beyond this without doing more reading on the topic, laws, and trends won't really help, I think (the last I saw for the New York law was that determining what was an adequate attempt to verify age was fell on the AG, who seemed to be leaning towards third party verification. I'm already out of date with developments there).
It's not "ceding ground". It is picking and choosing battles.
What does adding a DOB field to a user account do? Absolutely nothing that the Location, Email, Phone Number. whatever fields didn't already do.
What does adding libraries to fetch cost us? Yes, I dislike that on principle. But it provides an OS functionality that is genuinely useful (age restricting accounts) and... it is one that I can work around should I ever need to.
What does it get us? It is an immediate response to "There is no way for parents to protect their children from this vile content" because... it is exactly that. It is an immediate response to "We can't manage school systems" and "We want to provide a way to lock this down but those evil OSes won't let us".
Versus "holding the line" and ceding absolutely nothing... and then getting blindsided because this is a feature downstream companies actually want. So rather than implement it their way with all the hooks into remote databases at the systemd level, it is instead a wrapper for
useraddcommands.They don't need a precedent. They are already pushing their own (often more restrictive) laws.
And that is what EVERYONE should be doing. Understand what is being demanded. Understand what is being done. And understand what the actual meaningful impact is.