×
![]()
Brazil, California, Colorado, UK, who's next? A bunch of politicians are passing legislation around the world, requiring operating systems to verify the age of users. Of course, it's all for the betterment of the kids.
Some projects in the Linux ecosystem – notably systemd and xdg-desktop-portal – have started adding support for storing and retrieving a user's birthdate. Just another field in a user database — they already store your office number anyway. That's what people who support this say. You don't have to really put your birthday in, it's harmless.
This is happening in the broader context of governments introducing age verification laws for online services. Surely, if software is expected to enforce age restrictions, it needs a way to know a user's age. So the plumbing gets built.
I am pretty sure that this is just how it starts. This looks like textbook salami tactics on the way to requiring der Ausweis for using your own computer.
To my surprise, a large number of users of open-source software support this, or at least do not object. A common response – one I've seen repeated – is that open source projects and distributions aren't doing anything wrong. They're just complying with the law.
I have to admit, organizations don't have the same freedom to ignore laws as individuals do. It's far easier for a government to enforce compliance against a handful of visible projects or companies than against millions of users. For maintainers, especially those living in jurisdictions where these laws apply, non-compliance is a real legal and personal risk.
At the same time, "it's the law" isn't a satisfying end to the discussion, because the content of the law matters.
Not all laws are equal. History is full of examples where compliance was technically justified and morally questionable. It's one of the discussions where it's impossible not to invoke Godwin's Law almost immediately. I am guilty of that, but I'll repeat it anyway. Everything Nazis did, they did legally. I doubt that I need to go elaborate more on "legality" != "legitimacy".
I'll admit that drawing extreme comparisons can veer into strawman territory. But my concern isn't really about any single law – it's more about trajectory. Systems built for one purpose have a tendency to be expanded and repurposed.
Today it's a date of birth in userdb. Tomorrow it could be legal photo ID for accessing information on the Internet.
Once the infrastructure exists – standardized fields, APIs, integration points – it lowers the barrier for future requirements that go beyond the original intent. That's the part that makes people uneasy, even if they can't point to a specific next step.
What's also striking is how quickly this is being adopted. OSS projects seem to be racing to implement support. There is very little pushback. The question of whether this should exist is quickly overshadowed by how to implement it cleanly.
Once it's everywhere, opting out stops being a realistic option. It's tempting to say, "If you don't like it, switch distros." But that only works if there's somewhere meaningful to switch to.
If every major distribution adopts the same mechanisms within a short timeframe, the choice disappears.
For me, the problem isn't really about any one project or maintainer. I understand why they're doing this. I understand the legal pressure.
What bothers me is the broader direction of things.
I don't live in a dystopian police state (yet!), and I'd prefer not to be governed by laws from such places.
A couple of days ago there were reports that the Fedora project seems to be looking for a way to comply with age verification legislation. I doubt that they will make it region-specific, and that means that I will have to find a different distro as I don't want to support/comply with the shitshow that is the US. I am not abandoning the Fedora ship right away, but I will be looking for alternatives.
Maybe I am overreacting. I hope I am. But in reality, I know that I am not.