this post was submitted on 22 Mar 2026
1934 points (99.5% liked)

Technology

83032 readers
4078 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
1934
GrapheneOS refuses to comply with new age verification laws for operating systems — group says it will never require personal information (www.tomshardware.com)
submitted 2 days ago by throws_lemy@reddthat.com to c/technology@lemmy.world
227 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] JGrffn@lemmy.world 5 points 2 days ago (1 children)

Yeah, to be completely honest, the one place where you actually could trust this kind of information is on your own local (and ideally libre-oriented) OS, never leaving your device and instead obfuscated through an API that's exposed to whatever services need to do an age check, with the potential for additional security impositions or other concessions from data requesters due to the leverage of still having your data controlled by you. This is the bonus FOSS part where we get a say on how we want our data to be exposed on our libre systems. Other users aren't so lucky and don't get to have any voice on how this implementation happens, so we should probably participate in the discourse for those PRs rather than condemn them point blank.

[–] endlesseden@pyfedi.deep-rose.org 1 points 1 day ago

However this is not entirely true either, for two reasons.

  1. Philosophical: FOSS relies on the "many eyes" approach to security. Adding any API, even internal adds another layer of risk. This is exactly why some projects refuse to have API access to application data, even if it runs from a privileged forked service. (Using locked sockets or other methods instead).

Any open port is a attack vector and no matter how secure it is today, tomorrow is not a promise. More so with how this overlaps with laws like Australia's, which requires all encryption to provide a backdoor for government access. (This means the 5 eyes nations get access by definition to this API while it's in transit, as soon as it leaves the host system...)

But that's not just the only issue. The whole issue with libxz being targeted by nation state sabotage proved that, it's possible to put backdoors into applications despite "many eyes" on the code. (That case was only caught because one obsessive person over the /testing/ speed... 90% of such attempts in most projects would go unnoticed simply as there is not enough maintainers)

  1. Licensed software: not all applications are completely open, even if the underlying OS is. This is a API thats exposed to all userland applications. Nothing stops Firefox for example from using binary blobs in Thier source to "sign" this data for supporting websites, then send this data to places you don't consent.

Firefox is just a example, so many applications use permissable licenses that don't require all of the sourcecode to be human readable or even accessible.

Big thing is nothing stops driver vendors from stealing this data too, no different than Microsoft does, whether or not you are signed Into a Microsoft account on windows. Telemetry is already a growing issue and the scope of telemetry data in closed source blobs doesn't have to be defined...

So by definition it's not any more secure...

Even if it was, the bigger question is why. Why does the application or web service need to know.

If a child walks into a liquor store and steals alcohol, they get arrested. The burden of proof was never on the liquor store. Why is the burden of proof on the OS and not the parent or child.

We don't need nanny software, that teaches kids to be better liars. We need stronger punishments for criminal actions, regardless of age and more importantly punishments for the parents for allowing it to occur. Babygating the entire OS for some one elses children that would never touch it, legally. Is a example of creating solutions for a problem YOU(parents/government) created.

All of these age laws came from the social media bans. These of which only came into existence as a means of datacollection... Non-compliance, is actually compliance with how they are written, as they all place the burden of proof on you. No evidence == no crime. It's still a crime to lie about your age to age restricted content.