this post was submitted on 10 Mar 2026
389 points (99.5% liked)

Technology

82518 readers
4536 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
389
MidnightBSD Bans Users in Brazil and California, Warns More Regions Could Follow (itsfoss.com)
submitted 1 day ago by throws_lemy@lemmy.nz to c/technology@lemmy.world
65 comments fedilink hide all child comments
 

MidnightBSD, a FreeBSD-based desktop operating system, has quietly updated its README to reflect a new geographic restriction. The project has added a clause that bars residents of any country, state, or territory with OS-level age verification mandates from using MidnightBSD

top 50 comments
sorted by: hot top controversial new old
[–] drath@lemmy.world 1 points 4 minutes ago

California L. Outsourcing child care to random people who are not even US citizens. Thats like forcing knife manufacturers to make the knives child-safe.

On a sidenote, while looking up the history of actual legal cases involving children in California, I stumbled upon a story of Joseph Hall, son of abusive, alcoholic, insignia wearing, salute throwing, nazi activist piece of shit Jeffrey Hall, whom, at age 10, he shot in his sleep after being given a gun by him, and for which he was put into juvenile detention centers for 12 years until he turned 23, instead of... idk... being declared a national hero and given a compensation for the society failing upon him.

[–] chunes@lemmy.world 5 points 1 hour ago* (last edited 1 hour ago)

I don't see why a volunteer who lives in, say, Germany has to give a single shit about the law in California or Brazil. It's up to those regions to block MidnightBSD if they're that fucking stupid.

[–] texture@lemmy.world 8 points 3 hours ago

ive been waiting to read headlines of this sort. cheers.

[–] Archr@lemmy.world 6 points 5 hours ago (2 children)

exasperated sigh I don't want to get too deep in it with people again. Here is a link to the California law and some clarifications. (I cannot speak for the Brazilian law as I am not from Brazil)

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

  • The law does not require ID verifications it only required that a parent indicate the age of their child when setting up their account.
  • The law's definition for operating system provider includes "general purpose computing device" so no, your toaster, microwave, and fridge are not included. (please remember that legal definitions do not always match how we would use the term in everyday conversation)
  • An "accessible interface" is not well defined here. But it could be as simple as a system call rather than a REST API call. Similar to open file or malloc. (this means no centralized government server storing the data)

I have said this in other posts, but the linux community sticking their heads in the sand and pretending these states don't exist just leave MS, Google, and Apple to decide how this is implemented. I am glad some distro maintainers are taking this seriously and looking at what is the minimum they would need to implement to comply with the law.

To be clear I do not support this law. The definitions are written so loosely that it leaves much of it up to interpretation. It is clear that they did not meet with anyone in the industry before voting.

[–] M0oP0o@mander.xyz 7 points 5 hours ago (2 children)

The law’s definition for operating system provider includes “general purpose computing device” so no, your toaster, microwave, and fridge are not included. (please remember that legal definitions do not always match how we would use the term in everyday conversation)

That does mean (by legal definitions in California) your toaster, microwave and fridge.

And really the choice of "pulling" support from areas with issue laws is the way, this law is not enforceable as written and is likely the easiest way for any OS to avoid legal issues. Just putting in a line that the OS is not supported in the state will not stop the OS being used but will stop legal issues from said state.

[–] TrippinMallard@lemmy.ml 2 points 4 hours ago* (last edited 4 hours ago) (1 children)

People put doom on microwaves, I'd call that general purpose computing.

After reading that.. it only pertains to commercially licensed?

[–] M0oP0o@mander.xyz 2 points 4 hours ago

Well its stupid broad, but I don't think they can even pretend to do things to non commercial products (as in not a product). I think this will just end up like the cancer warnings, companies will just put the label on everything.

[–] Archr@lemmy.world 0 points 4 hours ago* (last edited 4 hours ago) (1 children)

I'm sorry I am really not seeing what you are referencing from your link. This appears to be a link to the state administration manual which deals with how departments in the state of California operate.

This does not appear to be a law especially when you look at the procedure for revising the SAM.

Responsibility for updating SAM content is assigned to authoring state departments

Ie. Not assembly members.

Edit: sorry I didn't respond to your second point. From the Cali law:

1798.503(b) An operating system provider or a covered application store that makes a good faith effort to comply with this title, taking into consideration available technology and any reasonable technical limitations or outages, shall not be liable for an erroneous signal indicating a user’s age range or any conduct by a developer that receives a signal indicating a user’s age range.

[–] M0oP0o@mander.xyz 1 points 4 hours ago (1 children)

1798.503(b) An operating system provider or a covered application store that makes a good faith effort to comply with this title, taking into consideration available technology and any reasonable technical limitations or outages, shall not be liable for an erroneous signal indicating a user’s age range or any conduct by a developer that receives a signal indicating a user’s age range.

OR instead of having to collect that info at all you just put "OS not for cali" on the user agreement and just not deal with the risk.

[–] Archr@lemmy.world 1 points 3 hours ago (1 children)

You are right. I have no additional response to this that would not make me sound like an asshole.

[–] M0oP0o@mander.xyz 1 points 1 hour ago

What an odd thing to say. I do think that california based projects/products will try to follow (at least show an attempt) as you say but as big a market cali is there just is no reason for a OS (more so a donation funded linux one) to pander to one state.

[–] obbeel@lemmy.eco.br 1 points 4 hours ago

Didn't hear anything about it in Brazil. It's being done under the radar. Can't even find articles about it.

[–] TheSeveralJourneysOfReemus@lemmy.world 5 points 9 hours ago* (last edited 9 hours ago) (2 children)

how this would actually be enforced; maybe the official website and download mirrors for MidnightBSD will be out of reach for people in those regions. Of course, a tech-savvy crowd who uses MidnightBSD will know how to bypass such an embargo. It makes you wonder how effective such age verification laws are. Oh wait, some of these so-called public servants are also pushing for VPNs to be banned.

As it stands these laws are unenforcable, and plenty of businesses would be impacted. First, think of the meaning of ' internet connected device, with an operating system '; such vague definition. Is a modern fridge, sensor or monitoring system supposed to verify the age of any user that comes in touch with these? Impractical. Second, any commercial activity has computers running everything. These computers are not registered for any single user, but for the activity as a whole. The emplyees may insert a code when they operate the computer (emplyee - Id within the business) but that's it. Office complexes would be decimated by this stupid setup. And there comes the VPN ban. Again, plenty of businesses rely on vpn and private networks. Once again, this is quite possibly unenforceable without ruining the backbone of the infrastructure we collectively use. People writing laws like thes are quite possibly unable to understand how it runs. The lack of technical knowledge is staggering.

Also what about SERVERS ? What are we supposed to do?

[–] 001Guy001@sh.itjust.works 2 points 2 hours ago

They will either give special permissions to relevant businesses (maybe an expensive Super Premium Golden Access), or use selective enforcement to only go after people/businesses that don't comply to their overall authoritarianism and pose too much of a risk to the status quo.

[–] TrollTrollrolllol@lemmy.world 3 points 6 hours ago

They don't care about the details they just want control.

[–] shortwavesurfer@lemmy.zip 20 points 13 hours ago

That's absolutely brilliant. Don't let the rest of the world suffer for some people's government's stupidity. If the users in those regions disagree with their government, they can figure out other ways to get it and use it.

[–] MousePotatoDoesStuff@lemmy.world 38 points 15 hours ago (1 children)

You can't spell "based" without BSD.

Also, that's pretty much the main reason why FOSS OS are better than proprietary ones. They'll just say "okay, I guess we'll just stick to free countries" (while subtly gesturing at the nearest VPN).

Meanwhile, Windows and MacOS are going to fold like origami.

[–] mghackerlady@leminal.space 3 points 4 hours ago

OpenBSD did this because of cryptography laws and surprise surprise software written for it is now one of the vertebrae of our modern network stack

[–] ZombieCyborgFromOuterSpace@piefed.ca 33 points 18 hours ago* (last edited 18 hours ago) (1 children)

Good. I'm glad they're standing up to this insanity.

It's ironic though because it's a California based OS.

By the way, anyone tried gaming on BSD?

[–] ryannathans@aussie.zone 13 points 18 hours ago (5 children)

Gaming on BSD isn't as bad as you'd expect. There are Linux compatibility tools that let you run proton/wine on FreeBSD

Random shit breaks sometimes but once you get past the steep learning curve you can play a lot of titles

load more comments (5 replies)
[–] Peruvian_Skies@sh.itjust.works 82 points 23 hours ago (10 children)

Speaking as a brazilian resident, the law will not be enforced. No such laws are ever enforced here. Everybody openly pirates everything, people sell retro gaming systems preloaded with thousands of ROMs openly online and in physical shops, and the government doesn't even have 1% of the surveillance infrastructure needed to make enforcement attractive. The law is just electoral posturing and lip service to please evangelical idiots... but I repeat myself.

[–] obbeel@lemmy.eco.br 1 points 4 hours ago (1 children)

MidnightBSD chose to be out of Brazil, like it happened with Rumble. This law will be enforced.

If you live in Brazil and probably South America for some time, you'll know that it is hard to get hardware from Europe even from Ebay. It simply "does not ship to your destination". Now with the Mercosur + EU agreement that may be easier, but if software keeps leaving, the hardware and hardware culture won't be able to make up for it.

It's just software leaving the margins, and it will get worse if Google keeps pushing Android and Mobile culture further. Brazil may just become as corporate-centric as India.

[–] Peruvian_Skies@sh.itjust.works 1 points 1 hour ago (1 children)

How do you mean about India? Please pardon my ignorance.

[–] obbeel@lemmy.eco.br 1 points 39 minutes ago

India is heading for IT centric jobs in large corporations, planning to be "the brain of the world". With many IT consulting systems all over the world going through India. That's the plan. And that will be done by large Indian corporations, like the Tata consulting mentioned on the article.

https://www.ft.com/content/b3c0b486-07a2-11dc-9541-000b5df10621

[–] ruan@lemmy.eco.br 2 points 6 hours ago (2 children)

Speaking as a brazilian resident, the law will not be enforced. No such laws are ever enforced here. Everybody openly pirates everything, people sell retro gaming systems preloaded with thousands of ROMs openly online and in physical shops, and the government doesn’t even have 1% of the surveillance infrastructure needed to make enforcement attractive. The law is just electoral posturing and lip service to please evangelical idiots… but I repeat myself.

The law will most likely be enforced where it matters: smartphones from companies that "manufacture" them in Brazil (which is like 90% of market share of smartphones in Brazil).

So both Android and iOS will most likely start requiring some official ID to be provided or facial recognition to setup the device and/or to access both Play Store or App Store, which yeah, seems a bit concerning.

Also, if you read the law: https://www.planalto.gov.br/ccivil_03/_ato2023-2026/2025/lei/L15211.htm, or in this PDF in English: https://www.gov.br/mdh/pt-br/assuntos/noticias/2025/novembro/brasil-apresenta-avancos-em-seguranca-digital-da-infancia-e-lanca-eca-digital-em-ingles-durante-cupula-social-do-g20-na-africa-do-sul/eca-digital-ing-v2.pdf?ref=itsfoss.com, you can see the only thing an operating system (that does not come with under 18 age improper content, like pornographic content, in it's installation media) really needs to implement is a self-declaration of being "age appropriate" to use the system, otherwise deny the installation of the OS.

Art. 12. Os provedores de lojas de aplicações de internet e de sistemas operacionais de terminais deverão:

I – tomar medidas proporcionais, auditáveis e tecnicamente seguras para aferir a idade ou a faixa etária dos usuários, observados os princípios previstos no art. 6º da Lei nº 13.709, de 14 de agosto de 2018 (Lei Geral de Proteção de Dados Pessoais);

II – permitir que os pais ou responsáveis legais configurem mecanismos de supervisão parental voluntários e supervisionem, de forma ativa, o acesso de crianças e de adolescentes a aplicativos e conteúdos; e

III – possibilitar, por meio de Interface de Programação de Aplicações (Application Programming Interface – API) segura e pautada pela proteção da privacidade desde o padrão, o fornecimento de sinal de idade aos provedores de aplicações de internet, exclusivamente para o cumprimento das finalidades desta Lei e com salvaguardas técnicas adequadas.

§ 1º O fornecimento de sinal de idade por meio de APIs deverá observar o princípio da minimização de dados, vedado qualquer compartilhamento contínuo, automatizado e irrestrito de dados pessoais de crianças e de adolescentes.

§ 2º A autorização para download de aplicativos por crianças e adolescentes dependerá de consentimento livre e informado dos pais ou responsáveis legais, prestado nos termos da legislação vigente, respeitada a autonomia progressiva, vedada a presunção de autorização na hipótese de ausência de manifestação dos pais ou responsáveis legais.

§ 3º Ato do Poder Executivo regulamentará os requisitos mínimos de transparência, de segurança e de interoperabilidade para os mecanismos de aferição de idade e de supervisão parental adotados pelos sistemas operacionais e pelas lojas de aplicativos.

The part where the operating system must implement age verification is here:

Art. 12. Os provedores de lojas de aplicações de internet e de sistemas operacionais de terminais deverão:

I – tomar medidas proporcionais, auditáveis e tecnicamente seguras para aferir a idade ou a faixa etária dos usuários, observados os princípios previstos no art. 6º da Lei nº 13.709, de 14 de agosto de 2018 (Lei Geral de Proteção de Dados Pessoais);

Which has been officially translated in the PDF to :

Art. 12. Providers of internet application stores and terminal operating systems shall:

I – take proportional, auditable, and technically secure measures to ascertain the age or age range of users, subject to the principles provided for in Art. 6 of Law No. 13,709, of August 14, 2018 (Brazilian Data Protection Law);

The II there, that states:

II – allow parents or legal guardians to configure voluntary parental supervision mechanisms and to actively supervise the access of children and adolescents to applications and content; and

Is totally optional, there's no way any judge in Brazil could enforce that as mandatory to be implemented in all OSes and punish any OS that denies installation for under 18 age citizens of Brazil and does not provide such parental supervision mechanisms.

Now, for any digital media or computer application that either contains or provides direct access to age restricted content from the internet I suppose article 9 applies:

Art. 9º Os fornecedores de produtos ou serviços de tecnologia da informação que disponibilizarem conteúdo, produto ou serviço cuja oferta ou acesso seja impróprio, inadequado ou proibido para menores de 18 (dezoito) anos de idade deverão adotar medidas eficazes para impedir o seu acesso por crianças e adolescentes no âmbito de seus serviços e produtos.

§ 1º Para dar efetividade ao disposto no caput, deverão ser adotados mecanismos confiáveis de verificação de idade a cada acesso do usuário ao conteúdo, produto ou serviço de que trata o caput deste artigo, vedada a autodeclaração.

§ 2º Para os fins desta Lei, consideram-se impróprios ou inadequados para crianças e adolescentes os produtos, serviços ou conteúdos de tecnologia da informação que contenham material pornográfico, ou quaisquer outros vedados pela legislação vigente.

§ 3º Os provedores de aplicações de internet que disponibilizarem conteúdo pornográfico deverão impedir a criação de contas ou de perfis por crianças e adolescentes no âmbito de seus serviços.

So, yeah, if you are providing an operating system that itself comes with any age restricted content as Brazilian law stipulates (such as pornographic content), I think self-reporting of age would be damned insufficient due to § 1º there:

Art. 9. Providers of information technology products or services that make available content, products, or services whose offer or access is improper, inadequate, or prohibited for persons under 18 (eighteen) years of age shall adopt effective measures to prevent their access by children and adolescents within the scope of their services and products.

§ 1. To effectuate the provision of the caput, reliable age verification mechanisms shall be adopted for each user access to the content, product, or service referred to in the caput of this article, with self-declaration being prohibited

If there's anything I'm missing here please point out.

[–] Peruvian_Skies@sh.itjust.works 1 points 1 hour ago

Great analysis. But I've never heard of an OS that comes pre-loaded with porn, or with any media content other than the wallpapers and a few stock samples. Though I suppose there's nothing stopping anyone from creating Bukkake Linux and shipping it.

[–] obbeel@lemmy.eco.br 1 points 4 hours ago

It's government trying to control people all over again.

Bolsonaro (Flávio) will probably make an argument saying that under him people will be free from control or something like that, but it's just bullshit. What we would get under him is brazilian ICE (Internal Customs Enforcement - isn't that funny).

[–] caschb@lemmy.world 3 points 10 hours ago

The problem is, of course, if those evangelical idiots end up in power again they now have the power to wield it. (or to at least try)

[–] lastlybutfirstly@lemmy.world 20 points 17 hours ago (1 children)

This is different from pirating. The government will be going after the developers like they did Kim Dotcom.

[–] Peruvian_Skies@sh.itjust.works 4 points 10 hours ago

Not the Brazilian government, is what I'm saying. At most they'll tell ISPs to block a few websites, and they won't comply without a judicial order. Our Supreme Court, STF, is actually sane unlike our legislators, so no such order will be given.

[–] atkdef@lemmy.dbzer0.com 37 points 19 hours ago (1 children)

Remember what the maintainer of The Pirate Bay once said?

Never be too certain something won't be enforced, as the power of capitalists are far worse than the public can imagine.

Maybe I'm too pessimistic, but this may just be the start. Big corps may find their way to control every aspect, step by step.

[–] Peruvian_Skies@sh.itjust.works 9 points 10 hours ago

You're right to give that warning, but Brazil isn't a surveillance state like China or the USA. Our demons are different.

Of course, that could change in the future so a law like this shouldn't stand regardless.

load more comments (5 replies)
[–] xxce2AAb@feddit.dk 102 points 1 day ago* (last edited 1 day ago) (1 children)

That may be the best way to deal with the potential legal liabilities introduced by this unmitigated abject idiocy.

Good thing everybody can still torrent whatever they want from where ever they want. Or use IPFS. Or IRC DCC. Or Usenet. Or just a VPN.

[–] ryannathans@aussie.zone 11 points 17 hours ago (2 children)

Australian legislation specifically notes that all sites must age challenge users connecting via a VPN

[–] Dultas@lemmy.world 2 points 9 hours ago

That should be fun for people self hosting.

[–] xxce2AAb@feddit.dk 22 points 17 hours ago* (last edited 17 hours ago) (1 children)

Well, good for them. I'm not Australian, get to vote for Australian lawmakers or host websites in Australia.

Is Australia going to pay every single website admin for the burden of implementing this wonderful magical logic to detect a given source IP(v4) belongs to a VPN provider? What about IPv6?

If I host a simple static website on a static webhost in Denmark say, and provide some otherwise perfectly legal OS ISO's for download, how would I implement any logic at all? Why the fuck should I be subject to Australian laws?

The cookie acceptance of the GPDR was already bad enough and ruined so much of the Internet with no appreciative improvement of the privacy of visitors. If every Tom, Dick and Harry are going to place spurious demands on every website, it'll do nothing except raise enormous barriers to entry and ensure that only huge players with the capacity to comply with demands from legislators all over the world will even be able to "legally" run websites at all. And then we can't have an Internet or FOSS for that matter.

Maybe legislators should stop writing half-baked laws the consequences of which they apparently cannot comprehend.

[–] ryannathans@aussie.zone 8 points 17 hours ago* (last edited 17 hours ago) (1 children)

It applies to websites not hosted in Australia, that may have Australians visiting the site via VPN

Enforcement is going to be interesting to watch

There are already services that catalogue VPN sources for webmasters to implement block lists

[–] xxce2AAb@feddit.dk 11 points 17 hours ago* (last edited 17 hours ago)

That's why a said static webhost, i.e. paying for the ability to serve files, not run scripts or manage the webserver configuration. Sure, the hosting provider could be made responsible for the implementation, but now they have been encumbered with the burden and liability of policing which hosted sites needs this bullshit enabled and which are just a blog about making strawberry preserves or something.

Point is, it's complete and utter twattery of the highest order. Never mind enforcement, I don't even see how it would be reliably or consistently implemented.

And all that is in any case absolutely futile, because there's still the matter of people being perfectly able of obtaining those self-same ISO's from any number of other sources that are even more difficult to police, like the ones I originally mentioned, and about a thousand more where they came from.

load more comments
view more: next ›