just like the GECOS field in /etc/passwd isn't surveillance
Geofencing isn't surveillance either, but at least that one actually creates problems and you'd want it removed. If you don't want your account age signal to bother you, just set it to over-18?
Laying the infrastructure for surveillance qualifies.
Reporting age brackets to applications or websites via API definitely qualifies. (It reveals private information about the user.)
I will proactively remove any such fields or signals from my installs, thank you very much. Although fortunately all of the OSes I use have signaled noncompliance.
How is it different from anything else that gets reported to applications, like the username? Knowing my name is "George" is actually much worse than knowing I'm over 18.
The law doesn’t mandate that I have a username or that my username gets reported to those requesting it.
This law can be expanded to require other things, like verification, or collection of legal names. What’s to say that reporting a false age to a service isn’t some kind of criminal fraud? There’s a thousand things wrong with it.
Did you know that giving false information to a service in order to bypass security measures (such as age gating) can be considered a violation of the CFAA?
> age signaling and age-bracket APIs
are not surveillance?
just like the GECOS field in /etc/passwd isn't surveillance
Geofencing isn't surveillance either, but at least that one actually creates problems and you'd want it removed. If you don't want your account age signal to bother you, just set it to over-18?
Laying the infrastructure for surveillance qualifies.
Reporting age brackets to applications or websites via API definitely qualifies. (It reveals private information about the user.)
I will proactively remove any such fields or signals from my installs, thank you very much. Although fortunately all of the OSes I use have signaled noncompliance.
How is it different from anything else that gets reported to applications, like the username? Knowing my name is "George" is actually much worse than knowing I'm over 18.
My username is “anon”.
And your age is 25, no matter what it actually is.
The law doesn’t mandate that I have a username or that my username gets reported to those requesting it.
This law can be expanded to require other things, like verification, or collection of legal names. What’s to say that reporting a false age to a service isn’t some kind of criminal fraud? There’s a thousand things wrong with it.
But you do have a username and it is reported to apps.
> What’s to say that reporting a false age to a service isn’t some kind of criminal fraud?
Uh, the law?
Did you know that giving false information to a service in order to bypass security measures (such as age gating) can be considered a violation of the CFAA?
That’s a felony by the way.
Age gating isn't a security measure.
Found via: https://lists.debian.org/debian-devel/2026/03/msg00199.html
Looks like a well-structured approach.