- cross-posted to:
- linux@programming.dev
- linux@lemmy.world
- cross-posted to:
- linux@programming.dev
- linux@lemmy.world
Per the very first reply on their thread discussing it in their forums, which I linked directly to for the post title:
We’ll NEVER require any verification or identification from the user.
However, what’s gonna happen should the attempts to age-gate the XDG portal screw over alt-init distros like Artix too? My guess is maybe they start blocking regions which force age gating like Arch Linux 32 is doing.
A password is litterally the OS verifying you are who you are claiming to be.
Neither is putting in a date of birth.
I think there’s some confusion here about the concept of “identification”.
A date of birth is generally considered identifying information because it can be used to implicate other information about your real-life self, and it can have real-life consequences for you if it is known. It discrimantes and differentiates you from other individuals in ways that have real-life implications.
What does a password identify about you? Well it verifies that you are “the same person who set the password on the OS”.
So to compare and contrast, A DOB identifies you as…
Having entered a password identifies you as…
To consider the act of entering a password as an “identity” is pretty bizarre, and frankly the notion seems contrived just to be argumentative.
Wow sounds like they should only return an age bracket to mitigate most of those risks.
Also if your system is compromised it’s insane to think your DOB is the problem and not everything else on your system that can ID you.
Isn’t it even better just to take nothing related to your age at all?
But there isn’t “the problem”; there are multiple problems. Isn’t it good to have fewer problems?
Also it’s not just your system getting compromised that could be an issue. Say you put your age or age bracket in. Then some application or website retreives that, and stores it on their end, mapped to your user id or email or whatever. Then that system gets compromised. Even if your personal computer is perfectly safe and sound, they still got it.
That’s a real good case for the application website not storing it (which is in the CA law)
What about the websites that will store it anyway, despite it being illegal? And what about if the laws change?
What if they write a new law that says your computer must kill your nan and sleep with your mam? what if? What if? What if?
But actually I have a real answer to that question! In that scenario, I would… use a distro like Artix that chooses not to comply with that law 🤘
By all of your responses so far, I assume you would just be okay with computer and OS manufacturs obeying?
Correct me if I’m wrong, by this rhetorical question you’re saying “It’s unrealistic to think that the laws will change, or that websites will break the current laws”. Is that right?
No, it is the OS verifying what you know. The OS doesn’t care if you gave your password to anyone, just that whoever is opening the PC knows the password.
Verifying who you are would be biometric verification or ID verification.
In my case I require a password and a hardware key on login. That is still not verifying that I am myself, only that I know the password, and have the hardware key. If I added fingerprint scanning then I would have the holy trifecta and only then verify who I am.
If you think about it like that none of the proposed laws verify anything, even the worst one just verified you logged into the account with credentials for someone who put their DOB in the age bracket returned by the API
And that’s why I fear what comes next now that the infrastructure has been set for sharing sensitive data like DoB. Brazil’s law already stated that self-reporting age is not sufficient.
By that logic you should disconnect from the Internet entirely and use templeOS.
OR, we can just use a distro like Artix that doesn’t comply with the law.