Ageless Linux – Software for humans of indeterminate age

Something remarkable and unsettling is how the age verification debate has popped up almost simultaneously in the US, UK, and EU.

With the same logical fallacies. Pretty telling about how transnational lobbies and their interests work.

Controlling what children do online is a solved problem: Parenting and parental control applications.

Why are Linux operating system providers taking it upon themselves to comply with the California law especially if they are not selling anything. Since it is just a downloadable piece of software then it is up to California state to set up a firewall to protect themselves from such harmful software.

Let's say I am a generic linux developer who develops variants of Debian Linux while sitting in my basement in any part of the world.

If one country wants to ban my software because I don't ask for their age, then set up suitable protections for your citizens.

Don't force me to do that. I am not responsible for protecting your citizens.

That is like saying if Saudi wants your id to make sure only males can download operating systems, so now will I add another restriction.

At least China takes it upon themselves to ban sites that they deem harmful for their citizens rather than forcing devs.

Now this is what open source development should look like. I cannot believe a few days ago I was thumbing through an email thread on freedesktop.org about how they could implement the mandatory government API in dbus. Can they not read their own domain name?

The problem is we’re regulating individual behavior by adding to the surveillance apparatus. We should be regulating the companies and dismantling the surveillance that makes the apps addictive to kids.

It’s a way of socializing the losses, this time you lose civil liberties and they get to keep acting unrestricted

Meta is why all these laws are happening. Please reach out to media outlets with this investigation so it can get more coverage. People need to be talking about this.

https://tboteproject.com/

It is a stupid law but I feel people are overthinking this.

For compliance the os has to provide an age category to an application and an interface for the user to enter this data. We already have an api to provide information to applications. it's called the filesystem. and an interface to enter the data, that's called the shell. so everything is already there. If the user lives in california and wants to be compliant (wait a minute, let me stop laughing) all they have to do is put a file somewhere with a age category in it. if the application can't find it. well it's not their fault the law is stupid.

I adore their courage. I assume they feel prepared to mount a legal defense? It would seem silly to be this forward about willful noncompliance if they're just hoping to stay under the radar. I can't tell if this is driven by impulsive pettiness with no real plan for how to mount a legal defense, or if they're engaging in a clear-minded legal mission.

> Ageless Linux is a registered operating system under the definitions established by the California Digital Age Assurance Act (AB 1043, Chapter 675, Statutes of 2025). We are in full, knowing, and intentional noncompliance with the age verification requirements of Cal. Civ. Code § 1798.501(a).

"AB 1043 passed the California Assembly 76–0 and the Senate 38–0. Not a single legislator voted against it."

Amazing. We the people are not engaged. It really feels like we're at the end of history or something.

There is no way that this will happen on any Linux box that I use. And this is why I'm an enemy of device attestation and the requirement to register operating systems in the first place, no matter whether it is Apple or Microsoft.

The California law is actually the best form of age verification one can imagine. It only requires the OS to let the user to 'signal' their age. In other words, it's more like a checkbox asking if you're older than 18, instead of scanning your face or driving license. It doesn't require a cloud account either. Storing the ages the user inputted in /etc/ages besides /etc/passed and providing an API to read it is compliance.

How is it so bad that we need some civil disobedience movement over it? On the contrary to, UK's Online Safety Act and China asking all online platforms to verify your phone number?

To those who don't get it: this law is like the "Yes I'm 18+" button on porn sites.

Every kid knows they have to click that button to see the porn. It's not about keeping anyone out, it's about legal liability (i.e. making it easy for companies to blame you).

This is kind of neat, but the site design is very obviously Claude's handiwork. Has anyone else noticed this very distinctive look, which is a dark mode site with semi transparent cards with a thin less transparent border, maybe ten pixels of border radius... In the last six months this has shown up everywhere. Tools at work look like it. Blogs look like it. It's inoffensive but imperfect, and when so many sites look like it, it starts to look cheap.

I wonder if we can get a popular referendum to sentence Meta to capital punishment.

There would be great rejoicing.

In this case, yes, this is probably a violation of the law as it is written. But I doubt law enforcement even notices or cares. You’re not actually doing anything to the kids. Maybe hypothetically you’re not setting/respecting an age flag in a web browser, but that’s the worst thing going on.

So it’s a nice statement but ultimately hollow because the devs aren’t at any real risk of being arrested or fined. This isn’t like Rosa Parks refusing to move to the back of the bus.

Want to make a real statement about software freedom? You gotta do something that makes the normies mad, like making an OS that explicitly helps kids do sports betting, buy drugs, watch porn, and whatever else. Then people will notice, but unfortunately you probably won’t convince them that this law is bad.

Unless Microsoft, Apple, or Google refuses to comply then I think this law is where commercial OSes are headed. But Linux doesn’t really need to worry, because nobody is going to arrest a nerd waving his arms saying, “look at me everybody, I’m breaking the law!”

Age checks are 1 million times worse than cookie verifications.

I don't want to give the impression that I don't find the whole direction of travel concerning, because I do, but as I understand it, the requirement is that the system administrator assigns ages to the users on their system. That seems pretty reasonable to me, and maybe even like a good idea in some scenarios. As far as I know, we aren't talking about software that fights against the interests of the system owner - that's the admin. In fact, I think this might be a feature I would even want.

LLMs have really made pushing out protest websites easier recently, hasn't it.

We've seen tonnes on HN recently

Reminds me of the DeCSS T-shirts [0] and the Penguin Liberation Front [1]. That logo was so cool for 16 years old me.

[0] https://en.wikipedia.org/wiki/DeCSS

[1] https://es.wikipedia.org/wiki/Penguin_Liberation_Front

1. By involving Debian prominently in its stunt, is this drawing fire upon Debian?

2. Are the pile of assertions they're making (which sound like legal arguments and stipulations to me) against Debian's interests?

I honestly think the pushback against the California law is a mistake. We are being presented with an increasing number of services demanding identity verification, in the form of ID verification and/or video verification. California is offering an alternative to that, an alternative that only requires you provide your age, without verifying it.

If the California law flops, the result isn't going to be no age verification. It's going to be increasing numbers of internet services requiring that you verify their identity with them through some shady third-party you have no control over, until you effectively can't use the internet without giving away your ID.

I'd prefer to have no age verification, but it's pretty clear that's not an option. People in power are using minors accessing porn and social media as a cover to push age verification, and it's believable enough that people are going along with it. Approaches where someone attests their age on an OS or account level are our best shot at disarming this push.

I think this falls under what lawyers call "being cute"

All of Linux should do this. Add to T&C that it cannot be legally used anywhere that requires an age check. Then have the big distros enforce it. See how long Silicon Valley lives with no Linux.

Seriously, we in the tech industry can help stop this 1984 stuff.

Everyone wants to find out your age now.

How about "age-agnostic Linux"? Just work?

The problem is that organizations providing infrastructure (such as message exchange, money exchange, physical entities exchange) are allowed by law to manipulate the stream, heavily advertise, provide credit etc all kind of scum. Depriving children from writing a message to parents and friends is nonsense. Exposing them to these for-profit organizations is questionable. But that is also questionable with the grown ups.

Some people are being played like a gosh dang fiddle.

Y'all are so pavlovian that you see Zuck/Meta and instantly rage.

The alternative to OS based verification isn't no verification. It's cloud-based verification

The cloud verifiers have all the interest in the world to making you hate the idea that this problem could be solved at the OS level without any third party involvement

maybe its being done by the people lobbying for the OS-based ID malarkey, so they can have something to point at and jump up and down

I may be missing something obvious but, what happens if people just lie about their age en masse?

Notice how it's just accepted that, while burdensome and of dubious necessity, sure, the government can mandate that all software providers, and soon all websites (at least those that support user-generated content) perform rudimentary age verification, which everyone assumes will eventually become government id- or biometric-based age verification.

But suggest banning industrial-scale generative AI--which facilitates fraud and ID theft, and whose voluminous, spam-like output is fast drowning out actual humans, much to the chagrin of advertisers and those tech companies deriving much of their revenue from advertising, which is what I suspect is the real sudden impetus for these laws--and people act like you're either crazy or an authoritarian.

But banning OpenAI/Anthropic/Gemini would fix a lot of this. It would also reduce the burden caused by AI scraper DDoSing, and make computer hardware cheap again.

I wish iOS 26.4 didn't bother because I'm stuck with an immovable "verify you're 18+" flag[0] in Settings even though it was well into the previous century when I was even near 18.

[0] I have no credit card and it won't accept debit cards. It also won't use the fact that I've had an Apple account and spent 10s of thousands in my own name at their damn shops, online and real life, over the last 2 decades (and Apple/partners have done at least one credit check on me in that period!) But that's fine, there's an alternative! A driving licence (don't have one of those either) or a national ID (also don't have one of those.) Can I use my passport? NOPE. Absolute farce.

I'm so glad I grew up in an age before all this bullshit, when I could do all the same things on a computer an adult could (and frankly, more). I never would have developed the knowledge and skills that led to my career in such a stifled environment as we are setting our kids up in today.

Great analysis that traces these laws back to Meta:

https://www.reddit.com/r/linux/comments/1rshc1f/i_traced_2_b...

The intent behind these laws is noble, but the implementation shows the deep-rooted corrupted nature of law making in these jurisdictions.

That said, the failure is shared evenly with the tech industry's refusal to work with governments to implement viable solutions.

Legislators favor their corporate benefactors, the tech industry favors its ideologies and freedom of developers and engineers. But who looks out for the regular individual? Who is making sure their interest is enforced first and foremost?

Consider these facts (and correct me if they're wrong):

1) it is possible to issue hardware to the public that verifies to computers and internet services alike the age of the bearer without disclosing anything else about the bearer.

2) Age verification laws for other things like drinking, smoking, and gambling all primarily require the seller to authenticate that the person has authentic identification, and their age is lawful for the activity.

3) The secure method of authenticating users requires MFA, a FIDO2 compliant device like a Yubikey is the most secure means of the 2nd factor of authentication. It requires knowing a secret, and physically touching the device.

Knowing all this, it is possible to issue the public devices that receive a challenge from a government operated server, require the user to tap on the device, and then enter a pin to respond with a signed version of the challenge, to verify they possess the device. The device could be sold or given to the public without any registration, the only thing required would be showing and verifying your valid ID at the point of sale (from a government office ideally).

This is just one solution, but the burden could be passed onto the government, and the tech industry to implement solutions that work with that.

If we had that, I wouldn't agree with it, but I would also not have a problem with requiring insertion of an age verification device to start installing Linux -- of course the installer wouldn't know it's in California, it would rely on the people installing it to tell them it is. And when selling devices in california, by default they could require inserting this device to proceed, but I see nothing preventing users from installing their own custom OS lawfully if they too the device elsewhere, and how can the device tell it is at "elsewhere", even if it has a GPS there is no law requiring GPS to be turned on for that purpose.

---

The key thing you should all consider is that this is the will of the people to the most part. Most people agree that access to tech should be age restricted, although to what degree is a different story. This isn't the 90s, using an OS is not a novel or special thing you do, it is similar to driving a car except we depend on these devices more than cars!! Things the public depends on, things a country depends on, will always require regulation of some sort.

Forget about what it was like for you in your nostalgic days of experimenting with Linux or whatever. These are not those days. this is happening. if you can stop age verification laws, please go ahead, you have my full support. But I don't see that happening. We will get shitty situations where third party companies bribing politicians collect our physical ID scans, and we'll be forced to not only disclose our identity to everyone and their mother on the internet, we'll be forced to let these 3rd parties and the government track every site we visit at this rate.

Corrupt lawmakers are one half of the problem, technologists refusing to adapt and make best of the situation and propose privacy preserving solutions is the other half. I'm glad so many are willing to go all-or-nothing and die on their hills, but there is no reason they have to drag everyone else with them.

large print and I'm in

I agree that measures like this, in which some character willfully finds practical ways to challenge a law, may faster lead to it being forcefully looked upon and probably amended. I also agree that age restriction software implementation may open the door to more tolerance regarding social control (under certain administrations). But as with most subjects that transcend borders and are multifaceted by nature with respect to any approach meant to deal with them, the age restriction digital regulation is prone to become a hard problem. There is the moral aspect that a child should be prevented from the worlds harm until the age of maturity because neurologically they lack the mechanisms that help them discern the world on their own, thus needing external support. There is the problem of the controlling entity, the enforcer, the authority, which is not impeccable. There is the problem of the speculator entity which hijacks the situation, creates certain narratives based on mass perception and may drive the process towards their own personal interests. There is the ideological perspective that only operates based on its underlying rules and filter every decision according to its ideological convictions. And this list is probably not exhaustive. So I think an appropriate angle to tackle this (or anything) is the balanced view. Which is hard. But from my current understanding: the law itself is well intended, just like a cop is put in the street from the good intention of protecting citizens, but just like the cop can turn bad... the entity enforcing the law can also. But the law itself.. is inherently a good point. A psychologically healthy point. A child should be .. somehow protected from situations in which, in lack of discerning, will almost always choose the bad option that is being offered... just for testing it, if not for anything else. So parents have rules, schools have rules, etc.. and no, they are not perfect. Nothing is. Should we give up on rules or the creation of new rules, just because they are not perfect? Well, in my opinion, that is precisely what a child would say, when presented with a new rule that does not entirely suite them. And that brings in the psychological argument. A mind that rejects a car seat belt simply because they don't want to be told what to do, and lack the perspective that it's simply a protective measure, which is ultimately imposed because of the lack of education characteristic of the individual rejecting it... is simply that.. an uneducated mind. Which in psychology means the individual has a mental age that is smaller than their biological age. So it boils down to education. But education starts when we are 0 days old. From parents, neighbors, schools and government... they all have to do their part. Each one. But when the parent does their job, the child complains... when the school does its job, the child and sometimes (more often I'd say) the parent complains... when the government tries to do its job, the parents, children and schools complain... so isn't this the perfect ouroboros. Now on top of this... the speculative entity comes and takes advantage of the situation. It manipulates narratives and entices the participant groups at each other's throats, steering the outcome for personal gain. This is all an entanglement that cannot be easily solved. It is human nature at its best. The perfect paradigm does not exist. So I guess the answer would be... what lesson can we gain out of this... (and this is with respect to every one's own perspective). I for one would welcome initiatives that try to protect, steer and show a righteous path.. even if the initiative is distorted by exterior forces, and try to work with it, iterate on it and implement it as best we can... as opposed to no action at all out of fear that the same exterior forces will act against us.

I feel like I need to read the prompt to understand what this website wants me to download here. What is it installing? What is it promoting?

I can not help but think that this is performative AI slop

We get it, you’re against the government and big tech

cool

[dead]

[flagged]

[flagged]

I like the idea, and hope that they are ready to challenge the law. However, the text in this website has a very distinct Claude feel to it.