I just want to make sure that we do agree on a few things.

1. Requiring actual ID verification and/or face scans is bad and cannot be effectively anonymized.
2. That many of the current bills do not require ID verification or face scans. This includes the California one that the systemd merge request cites as well as the Colorado one that it mostly identical.
3. The laws in their current form are poorly written and clearly misunderstand how modern general purpose computers work and are referred to.

Given that, I think we can ultimately agree that the NY, UK, Germany, and I think also the Brazil laws are bad and cannot be fixed with simple updates to language.

So let’s focus on the law’s that do not require actual verification since that is what the systemd change cites.

What issues do you have outside of that they are poorly written and ineffective or that they are a slippery slope/frog in a pot/tip of the spear?

This is not about my comfort this is about what these laws actually require rather than some imaginary law that has not even been written yet.

I figured that someone might latch onto that “necessarily” and that’s the great thing about open-source. If that distro/application/os does misuse your data then don’t use it or fork it.

However… ive read the associated analysis of the California bill that reads directly on legislative intent:

quoting he Cali Senate Judiciary Committee analysis : file:///home/jspaleta/Downloads/202520260AB1043_Senate%20Judiciary.pdf

Why are we listening to a person who tried to link a file directly from their downloads folder?

Also the original post that the article is referencing on the fedora forums is suggesting that we remove all networking support from baseline linux as some way to comply/circumvent the law.

I’m sorry, but I just can’t take anything said in that forum post seriously.

Sure I can chime in here.

You did actually read the post correct? Not just the title? The original poster, Jef, is talking about implementing a Unix socket or a dbus protocol similar to what apple already has. They are literally just referencing their definition for a struct.

So no this will not be ID verification, it won’t ask for face scans, and it won’t necessarily send the data anywhere.

The article is just using the big A word as some boogeyman to generate clicks and further rile up the community.

The systemd change is benign and this is not proof of your slippery slope theory.

Edit: I swear literacy rates in the linux community must be dropping.

Ahhh. And then you have people like me who have been seeding for years but are way too socially anxious to even start any of that process. (:

That only bans the use of anthropic for government use. So no government entities or contractors could use it. We already do this for some other companies. BOD 17-01

Edit. Granted what they are doing for anthropic is slightly different since it is an executive order not a BOD.

But. That’s the point. If no one breath tests then the car does not start. Hence it being an ignition interlock device. The whole point of the device is to stop drunk people from driving. If there is a sober person then obviously the drunk person should not do the test since that would lock the car.

“lawyers” can’t bring charges for this law. Only the AG. If people don’t like what the AG is doing then they can just start a recall election.

I am not sure on what interval they do but from what I have read online and from talking with someone I know who has one. They constantly phone home. Even when parked and turned off. This means that it will drain your battery and if you don’t drive for long enough (from what they said a week or two) then you can end up with a dead battery. Additionally, when driving, the device requires the driver to re-blow every 45-60 minutes. So the driver needs to pull over and test again otherwise their alarm will go off.

As far as what tampering prevention mechanisms they have I have no idea. I would assume they keep that as secret as possible.

Edit: the devices (at least the ones from intoxalock) require the driver to pay a subscription fee to keep the device working (about 100$/month) and also costs a 75$ fee for each time the driver needs to get it unlocked after a failed test.

The device doesn’t just phone home while driving. It does it constantly. It’s likely that any tampering would alert the vendor and by proxy the court.

Not sure that I would really agree that these are backdoor. Since disabling the vehicle remotely is kinda the express intention of this device. Just a consequence of how they designed them to not be circumvented by the operator.

Fuck Verizon for this exact reason. Never buy from them direct if you can help it.

FIPS updates/approvals always take a long time.

Just to clarify the law does not allow your os to transmit your dob. Only your age bracket.

But that is effectively what this bill does, just rather than a check box it is a date entry. There is no verification requirement. Only indication (attestation).

You are right. I have no additional response to this that would not make me sound like an asshole.

I’m sorry I am really not seeing what you are referencing from your link. This appears to be a link to the state administration manual which deals with how departments in the state of California operate.

This does not appear to be a law especially when you look at the procedure for revising the SAM.

Responsibility for updating SAM content is assigned to authoring state departments

Ie. Not assembly members.

Edit: sorry I didn’t respond to your second point. From the Cali law:

1798.503(b) An operating system provider or a covered application store that makes a good faith effort to comply with this title, taking into consideration available technology and any reasonable technical limitations or outages, shall not be liable for an erroneous signal indicating a user’s age range or any conduct by a developer that receives a signal indicating a user’s age range.

exasperated sigh I don’t want to get too deep in it with people again. Here is a link to the California law and some clarifications. (I cannot speak for the Brazilian law as I am not from Brazil)

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

• The law does not require ID verifications it only required that a parent indicate the age of their child when setting up their account.
• The law’s definition for operating system provider includes “general purpose computing device” so no, your toaster, microwave, and fridge are not included. (please remember that legal definitions do not always match how we would use the term in everyday conversation)
• An “accessible interface” is not well defined here. But it could be as simple as a system call rather than a REST API call. Similar to open file or malloc. (this means no centralized government server storing the data)

I have said this in other posts, but the linux community sticking their heads in the sand and pretending these states don’t exist just leave MS, Google, and Apple to decide how this is implemented. I am glad some distro maintainers are taking this seriously and looking at what is the minimum they would need to implement to comply with the law.

To be clear I do not support this law. The definitions are written so loosely that it leaves much of it up to interpretation. It is clear that they did not meet with anyone in the industry before voting.

The intentions for the law?

AB 1043 offers a scalable, privacy-first approach that helps keep kids safe while holding tech companies accountable.

-Assemblymember Wicks

This ia a quote directly from the author of the bill link for reference.

Now of course the obvious question many people might ask is “are they being truthful?” But that is a question that people will have to answer for themselves.

Just want to clarify something about your comment since it feels like you have not had a chance to read the law yet.

(this is in reference to the Cali law but I am told the Colorado one is basically identical). The Cali law does not, in any way, require ID verification, it only requires that a parent attest to the age of their child when setting up an account for them.

This is not my argument for this exact law or any of these laws. I just want to make sure we all understand what we are talking about before going for the pitchforks.

While I can’t comment on any case law surrounding compelled speech. I don’t thing that this would qualify as compelled speech.

Just based off a quick web search it seems that compelled speech is more about the government telling news organizations to report what they tell them.