Nanny state discovers Linux, demands it check kids' IDs before booting

Opinion A new wave of age verification laws requires kids and teenagers to register before they can use a computer.

When I was a teenager, I was forbidden to look at Playboy Magazine. I just wanted to read the articles and interviews (Cough, Cough). No, seriously, I did, but I also wanted to look at the photos. Guess what? Although I was told not to, I read Playboy anyway. Here we are, decades later, and people are still trying, and failing, to prevent young people from seeing and reading forbidden fruit. I never thought, though, that 21st-century prudes would block young people from using operating systems! But here we are. Lucky us.

As my colleague Liam Proven reports, several states in the US are now demanding that operating system vendors collect and store the age or date of birth for each user account. Now, for Apple and Microsoft, it's no big deal. Microsoft, for instance, requires Windows 11 users to have a Microsoft account, and Apple, while claiming it's a privacy-first platform, still examines every photo you take with Apple's Enhanced Visual Search.

It's a different story with Linux and the other open source operating systems, like the BSDs. They have always been about empowering their users to do anything they want, within the confines of their licenses, anyway, anytime they want, no matter whether they're five or ninety-five.

Big Brother is only going to get worse. With the US Congress advancing its own App Store Accountability Act, and more state lawmakers floating copycat bills, OS‑level age verification is poised to become a standard part of how Americans set up phones, tablets and PCs within the next few years. Happy, happy, joy, joy.

This is not just another example of stupid American tricks. The European Union (EU) has guidelines for protecting minors that could cause trouble, too. In addition, Brazil already has an age-verification law for operating systems.

As for the UK, operating systems aren't targeted yet, but the powers that be are pushing for stricter social networking rules for the under-16 set. At least, so far, only Australia among Western nations has a complete ban on social networks for young people. Since the Aussies are wondering if teenagers should be banned from GitHub, I have to wonder if operating systems will be next.

So it is that the FreeBSD distribution MidnightBSD has already added a clause to its license, "California residents are not authorized to use MidnightBSD for desktop use in the state of California effective January 1, 2027." They're not alone. Adenix GNU/Linux, a Debian-based distro, isn't going along either. Its founder, J. Mazzullo, has declared that his distro "will NOT have any age checks and that they are not for use in regions with OS age verification laws." Meanwhile, David Heinemeier Hansson (DHH), creator of the new Omarchy Linux distro, simply calls the new California law, "Unenforceable."

At Canonical, Ubuntu Linux's parent company, developers are talking about local age‑bracket flags set at account creation and exposed via a simple application programming interface (API) or config file, with no online ID checks or central user registry. Specifically, programmers have floated a D‑Bus interface so desktops and app centers like GNOME Software/Snap Store can read a coarse age band without storing full birth dates. However, Jon Seager, Canonical's VP of Engineering, pointed out: "Canonical is aware of the legislation and is reviewing it internally with legal counsel, but there are currently no concrete plans on how, or even whether, Ubuntu will change in response."

Jef Spaleta, the Fedora Project leader, isn't sure of the legalities, but he thinks it might be as simple as mapping "uid to usernames and group membership and having a new file in /etc/ that keeps up with age." In this approach, age information might never need to leave the PC. The government would just be told that the user "YoungDude13" is under 16, with no other information shared.

Carl Richell, founder and CEO of System76, the Linux PC vendor and maker of the Pop!_OS distro, puts his finger on the reason why this issue matters to Linux users. "Most System76 employees installed operating systems and created accounts on their computer when they were under 18. They did this out of curiosity. Many started writing software. Some were already writing operating systems." Linux is for the young, intellectually gifted, and curious. These are the very people who these restrictions will keep away from Linux.

• Open source devs consider making hogs pay for every download
• Workaholic open source developers need to take breaks
• Linus Torvalds and friends tell The Reg how Linux solo act became a global jam session
• OK, so Anthropic's AI built a C compiler. That don't impress me much
• What the Linux desktop really needs to challenge Windows

That said, Richell added that System76 will follow the laws, but he hopes, "these laws will be recognized for the folly they are and removed from the books or found unconstitutional."

In the meantime, though, there's another issue. These kinds of laws don't work. They've never worked. Prohibition failed in the United States. I kept reading Playboy, and these days, people use virtual private networks (VPN)s to get around the restrictions of the UK’s Online Safety Act. However, as the Electronic Frontier Foundation (EFF) notes, VPNs are far from a perfect solution.

The real problem is this hodgepodge of laws; it's the growth of the surveillance state. From voting rights in the United States, facing Trump's Orwellian-named SAVE America Act, to Ring's doggie tracking system that can also be used to follow people, to Trump booting Anthropic to the side for refusing to allow its AI tools to be used for mass surveillance, privacy is on the decline.

The one good thing about the operating system laws is that, as Richell pointed out, "There is no actual age verification. Whoever installed the operating system or created the account simply says what age they are. They can lie. They will lie." Indeed, they will.

These laws can, and almost certainly will, get worse. New York's proposed Senate Bill S8102A explicitly forbids self-reporting. The state Attorney General will decide how to enforce it. For example, to use Linux, you might need to submit a driver's license.

This is nuts. I can understand why people don't want their kids accessing PornHub, DraftKings Sportsbook & Casino, or Twitter. I don't think laws blocking them from viewing them is the answer, but that's just me. Operating systems, though? Really? This makes no sense. To paraphrase an old American right-wing political slogan, "I'll give you my Linux when you pry it from my cold, dead hands." ®