Kogasa

I don’t support the change. That’s not my point. My point is that if we’re going to argue the dev being threatened isn’t a victim because he’s actively harming privacy, we should be aware that the changes he proposed are not actually harming privacy at all.

Age verification laws: slippery slope. Sure. I agree.

Adding optional age field to systemd userdb: not slippery. Systemd isn’t being weaponized as an age verification suite. It’s just not happening.

You don’t, and you don’t have to fill them in with accurate information, so it isn’t.

It’s mostly not going to be used at all.

As I said, I also object, but you have to realize you’re literally just doing the slippery slope meme unironically. The part that makes it a fallacy is the unjustified assertion that more egregious changes are the inevitable result of the first one, except the first one is materially harmless and in line with existing PII fields in userdb. It’s completely reasonable to expect systemd to go no further than it already has.

No, it literally just can’t violate your privacy in any way. You have complete control over what, if anything, is placed in that field. No information about you can be gained or disclosed by virtue of the systemd change alone. You can think it’s a bad change because it signals intent to follow a trend of supporting privacy-invading age verification, but you can’t say this specific change in itself is privacy-invading.

“user is likely accessing service from a *nix device” isn’t PII. of course anything can be used for fingerprinting, but this type of “leak” is about as insignificant as it gets. It’s not what most people would consider a violation of their privacy.

It may be inconsequential in a literal sense if the law isn’t enforced meaningfully, which is probably pretty likely. I don’t really care what California law says and I doubt they’ll try to convince me.

I don’t think the changes in question are “upholding” any law, but rather giving system admins and software devs a convenient/predefined way to attempt to comply with the law if they choose. “Upholding” the law would be requiring the field to be filled or checked.

That said, to your point, if someone proposed a race field “so that devs can implement segregation if they choose,” I’d find that reprehensible even though it doesn’t do anything on its own. Similarly, I object to the systemd change.

Do you think that would prevent or discourage age verification software from existing? It’s not as if a systemd user field is the only place a user’s birthday could be stored.

Realistically, age verification software that is seriously attempting age verification isn’t even going to touch the systemd field, because why would it? The field could only be trusted if it is managed by an age verification service anyway, in which case the service could just as easily store the data outside of systemd.

what is stopping him

The pull request approval process? It’s quite easy to recognize that one change is harmless and another is not. The slope is not THAT slippery.

I completely understand objecting to the systemd change, I also object, but acting like the fascists have already won is a bit crazy.

Adding birthday fields is not privacy invading in itself.

Can’t speak for this person as I wouldn’t have volunteered to make these changes myself, but it’s possible that he thinks implementing “harmless” versions sooner can provide a legal basis to decline to provide “harmful” versions later.

I’d personally wait for the legal challenges against non-compliant systems before moving into malicious compliance if necessary.