Rendered at 13:23:04 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
ameixaseca 9 hours ago [-]
From the pull request:
> Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc.
The Brazilian law does NOT require this. This is a misconception, and likely based on an understanding of California's law being extrapolated to the Brazilian law.
They are almost complete opposites.
The Brazilian law (Lei 15.211/2025) puts the burden of age verification on *providers* of web platforms, app stores, or dumb terminals. Not on operational systems.
It also mentions "reasonable measurements" - which vary according to the type of content, platform, etc - and which are much less strict that anything written in California's or UK's laws regarding the same subject. It is far more based on individual risk assessment and purpose of the platforms themselves.
In all fairness, the Brazilian law is the most friendly to open source and the status quo. Even though I'm also worried about the long term results of this legislation, I'm somewhat relieved by the way it turned out.
bitwize 9 hours ago [-]
I'm not sure how you would translate sistemas operacionais de terminais which is covered by the law, but to me it reads "terminal operating systems". If a terminal has its own OS, it is probably not "dumb" in any meaningful sense, and no one really uses terminals anyway except for retro enthusiasts. Even people still using, like, VM/MVS on a mainframe are connecting via a PC running a 3270 emulator.
Lei № 12.965 (2014) defines a terminal (which applies in Lei 15.211) as any internet-connected computer or device.
egorfine 3 hours ago [-]
Given that:
* LP had zero objections to merging this commit into systemd [1];
* Amutable CEO is confident they have a very robust path to revenue [2];
* It is Facebook that pushes age verification laws all around the world;
I sense that his new startup is exactly what we are afraid of: a way to prevent reverting of these patch and then actually enforce the upcoming mandatory KYC to use the computer.
It's incredibly useful for adtech if all apps on Linux can access the user birthdate.
Surely this is a total coincidence.
miohtama 1 days ago [-]
This should be the time for open-source developers to use their common sense to decide whether we should push back.
If California wants to create its own Protect the children operating system, it should bear the cost and responsibility for this alone, and not export any of the sketchy political agenda to the wider open source community.
bitwize 22 hours ago [-]
It's the law. If you live in the United States, and a minor in California uses your OS that didn't check age, you could be liable for up to $2500 per occurrence. That can add up quickly if California schoolkids discover your OS does an end run around the law. When ruin is the alternative, compliance becomes non-negotiable.
iamnothere 22 hours ago [-]
Many distros disagree and are not complying. It’s very likely that this (and all similar bills) will be overturned after legal challenges. Noncommercial projects especially have a strong 1A case and we have already beaten one of these bills. Keep fighting.
aleph_minus_one 22 hours ago [-]
> It's the law
"There is no justice in following unjust laws." - Aaron Swartz (Guerilla Open Access Manifesto)
miohtama 21 hours ago [-]
Nobody in their right mind can explain how locking down operating systems will protect children. It does not make sense. This is just another way to sneak in more mass surveillance and kill anonymous online presence, with most ridiculous excuses.
nvme0n1p1 22 hours ago [-]
California laws apply to people living in California. Not the whole country.
gasull 13 hours ago [-]
Let alone the world.
egorfine 4 hours ago [-]
Gasing the Jews was the law as well.
calvinmorrison 21 hours ago [-]
At some point you have to pick a jurisdiction. It's impossible to support all jurisdictions laws as a company, much less as a FOSS project.
josefritzishere 22 hours ago [-]
California can't govern outside California. Other states have discovered the legal limits of their soverignty quite recently. But it certainly argues against hosting in CA and furthermore, consulting an attorney.
bitwize 20 hours ago [-]
If you have a connection to California, you can be sued in their courts. I don't know whether providing (not selling, that certainly counts) an OS to California residents from outside California counts as a connection, that's something you need to review with your legal team. One thing is certain though: you need legal counsel to do OS dev; the Terry Davis era has come to a close.
miohtama 18 hours ago [-]
Then let Californians do their dirty work. They have no place in the broader open-source community or in the rest of the world. Nobody should care about them, except now about caring about blocking them.
The owner of the computer should decide what the computer does.
California is a soon failed bankrupted US state, and no one outside its borders cares what's going on there. Companies are leaving, people are leaving. Let them sink to the ocean with their idiotic laws.
wpm 13 hours ago [-]
Except systemd isn't an OS. xdg-desktop-portal is not an OS. None of these projects need to flop over and acquiesce to this overreach.
JellyYelly 1 days ago [-]
I don't mean to come across as a snob, or anything like that, but I find this PR really odd.
It's the authors first time contributing to this repo and it the feedback on the PR that was addressed is really odd, like some of it is super basic stuff, even if you're not familiar with the code base or the language.
Just an all round weird vibe.
mock-possum 22 hours ago [-]
> “The clang-tidy test failures appear to be pre-existing and don't seem to be related to my code”
I’ve seen Claude reproduce nearly identical comments, wonder if that’s a couidence
rleigh 16 hours ago [-]
Likely. Whenever I see that it usually means it itself created the test failures but won't admit to it!
egorfine 3 hours ago [-]
I wonder who this https://github.com/dylanmtaylor guy is. Comes out of the blue and posts PRs into lots of open source repositories for this feature that should repulse every self-respecting human being.
And not only that, but he engages in communication with people in tickets and ignores all constructive criticism.
sazz 5 hours ago [-]
The hope that humanity has learned something from wasting its time clicking away completely useless cookie pop-ups on websites has probably died once and for all.
dirtikiti 22 hours ago [-]
"protecting" children by providing specific ages to data harvesters.
as per usual, liberal policy doing the exact opposite thing they claim it does.
tylerritchie 21 hours ago [-]
for the california legislation there were no "nay" votes. it's disapointing this performatively protective stance permeates both dominant right-of-global-center parties in America, but it is "all of them"
wpm 13 hours ago [-]
Well yeah: Meta wrote the bill, Meta greases palms in their home state, Meta gets their bill unanimously passed.
lyu07282 18 hours ago [-]
Pretty much the same laws in red and blue states yeah. It always gets confusing when Americans use the word liberal, everyone is a liberal, it never meant *your* liberty.
4 hours ago [-]
enoint 18 hours ago [-]
It's quite conservative. Liberalism means I can use my device with no laws in between.
kmijyiyxfbklao 18 hours ago [-]
Not conservative (there's nothing traditional about this) or liberal, just surveillance authoritarianism.
enoint 17 hours ago [-]
In the past, children were not allowed their own phone. To be particularly cautious, smartphones have not proven a net good; and we're 20 years in.
burnt-resistor 21 hours ago [-]
It's not a liberal policy, it's an illiberal one bending the knee to feudal techbros.
jprjr_ 23 hours ago [-]
I cannot express how disappointed I am to see open source projects giving in to complying with age attestation laws.
I feel like complying really undermines any first amendment arguments. Software is a first amendment protected form of expression, giving in before getting any actual threats from the state makes your participation seem voluntary.
Systemd's participation puts the entire world into compliance with a California law
egorfine 3 hours ago [-]
Given the LP history I am not surprised.
zeratax 22 hours ago [-]
this is not attestation though? it's just parental controls, no?
burnt-resistor 21 hours ago [-]
Techbros gonna techbro... bending the knee to fascists and privacy traitors. The next law will groom something else and eventually it will be tech requiring digital identification and approval to use the internet.
iamnothere 22 hours ago [-]
BSDs don’t use SystemD, neither do some distros. After they have been exposed here as collaborators I suspect we will see freedom-respecting distros move away from them. I myself have been neutral to weakly positive on SystemD until now, as they put forward some decent solutions to longstanding problems, but from now on I intend to stop using their software entirely.
As it turns out, the people who warned against “professionalizing” and corporatizing Linux were correct.
burnt-resistor 21 hours ago [-]
Just to be clear and specific, formal engineering processes and corporate selling out are two orthogonal properties that should never be conflated. Stuff millions of people use shouldn't be slapped together as a "hobby" without careful testing and change control processes. It also should get sufficient (crowd)funding so it can get the attention it deserves.
wolvoleo 1 hours ago [-]
I disagree, I would much rather see my OS made by hobbyists like myself with the same goals as myself rather than big tech who definitely don't have the same goals and values.
It's one of the reasons I use BSD on my main machine. I think Linux has been infiltrated by big tech way too much.
bitwize 16 hours ago [-]
No one actually complained about Linux becoming more "professional" in terms of meeting high engineering standards. Just about corporate control over the process. There was a study that found code with more F-bombs in the comments were actually more professional according to the engineering standard, in response to complaints from suits that swearwords in the code meant that Linux couldn't be taken seriously as professional software.
mzajc 23 hours ago [-]
Tangentially related, but does anyone know what Poettering's "cryptographically verifiable integrity" endeavor[0] is about yet?
* LP had zero objections to merging this commit into systemd [1];
* Amutable CEO is confident they have a very robust path to revenue [2];
* It is Facebook that pushes age verification laws all around the world;
I sense that his new startup is exactly what we are afraid of: a way to prevent reverting of these patch and then actually enforce the upcoming mandatory KYC to use the computer.
What other benefit is there to remote attestation? Because their "verification" stamp is just that. It's certainly not got any benefit for the user.
egorfine 21 minutes ago [-]
> What other benefit is there to remote attestation?
There certainly are benefits and they are huge. Like, I can make sure my servers are untampered, I would love that.
Problem is, that technology, once unveiled, will be inevitably used for surveillance. Like, online KYC required to use a computer and you cannot patch this shit out because your Linux build is attested and no banking or government website will let you log in unless remote attestation passes.
Sort of like what they do on Android devices.
nullc 19 hours ago [-]
It's about making sure you can't bypass systems like this-- or rather, that when you use your rights under the GPL to remove this privacy invading crud or just otherwise modify your software you'll be broadly banned from interacting with third party services.
rcxdude 22 hours ago [-]
Probably what it says on the tin, TBH. If you hold the keys, it can strengthen security a lot.
Trusted is such a misnomer. I would trust my computer a lot less if it would answer to them.
zoobab 23 hours ago [-]
Instead of protesting, large corporations decided to ploy.
They cannot loose markets, like California or Brazil.
bravetraveler 1 days ago [-]
Where can I drop a file to always return 1969
t312227 55 minutes ago [-]
hello,
i'm always a fan of 1-JAN-1970
[eg. the "birth" of UNIX-like OSes unix-timestamp eg. "0" ;]
or
date -d @0
cheers
a..z
chainingsolid 23 hours ago [-]
I was thinking 1984, or if I can return a float, NaN.
bravetraveler 23 hours ago [-]
Sure, not picky. A symlink to /dev/null for "I'm a grown-up/own this device" would be acceptable. Assumed one would put whatever value they wanted in the INI file :)
aleph_minus_one 22 hours ago [-]
> Where can I drop a file to always return 1969
I am out of the loop: what is so special about 1969 concerning age verification?
bravetraveler 22 hours ago [-]
I doubt I can do the observation justice, my mind went there thinking 'a moment before the Unix Epoch' and the more... well-traveled meme: 'haha funny number [dropping the leading 19]'. Any number would've worked just as well, it's not significant. I really just wanted to express my participation in this, if at all, likely won't be in good faith.
That said... an option for 'I could have declared an age/birth date but chose not to' seems preferable. I was talking about poisoning but this could be more productive. Any attestation would reasonably fail, sure, but it sends a potentially-meaningful signal [to someone].
aleph_minus_one 22 hours ago [-]
> 'a moment before the Unix Epoch'
OK, "I am so old that already lived before the UNIX epoch even started" (or a year which breaks systems that cannot handle times before the UNIX epoch) sounds plausible. :-)
bravetraveler 21 hours ago [-]
Fairly context dependent, however :) This attestation/verification topic (and 1969, presumably) keeps appearing in places where I doubt The Epoch is relevant!
renewiltord 22 hours ago [-]
It’s admin settable. So just sudo homectl it. You are presumably admin.
bravetraveler 22 hours ago [-]
That's beside my 'point', but fine. I'm deliberately conflating things for humor, sorry it missed. I'll get serious/stop joking around. I have no interest in administrating this. Especially on a per-user basis (despite that being the only way this 'works', I'm generally opposed). I'd prefer a file to drop in /etc... like one would express preferences over, say, /usr.
It's entirely optional, I get that. I could 'just' not set anything. Spare your fingers. I want to poison it [or loudly opt out] without a lot of effort. This includes running N commands when a file to could effectively disable the signal.
Said differently: I don't want to configure the portal, I want to ~~break~~ mask it.
NekkoDroid 19 hours ago [-]
> Said differently: I don't want to configure the portal, I want to ~~break~~ mask it.
Since this is sd-userdbd we are talking about unless the used backend provides the value it is unset by default. And if you manage your home directory using sd-homed unless you explicitly set it it is also unset by default.
bravetraveler 19 hours ago [-]
I am aware, I kind of want a louder signal than doing nothing [which is a great option, I admit]. I quote myself:
> It's entirely optional, I get that. I could 'just' not set anything.
Why? Telemetry, mainly. I'd rather attestation [or whatever intends to use this] fail and make it apparently deliberate.
NekkoDroid 19 hours ago [-]
Well, to get something to fail you need an implementation that can fail. And since nothing is using this so far there is nothing you can get to fail. In the end something that implements the actual communication would end up probably defaulting to "under 13" or whatever if it somehow fails to retrieve any value (or maybe not, who knows), so I wouldn't realistically see even without this, getting the attestation to "break" would end up unlikely.
bravetraveler 19 hours ago [-]
Hypotheticals are truly exhausting! I had a wall of text and chopped most of it off. This started out as a joke and now it's dead, thanks.
The failure/assumption of under-13 or whatever, as a result of manipulation, is fine. I'm not actually trying to solution something though, jeez.
I find it more compelling to say, for instance, "x% of our users have chosen not to share their information"... rather than "y% have not set it". This category would almost surely be about as 'useful' (useless) as the 'do not track' header... and a concern for something other than systemd or even the portal (to a degree).
SAI_Peregrinus 20 hours ago [-]
Stick a service unit in `/etc/systemd/system/` that is a oneshot type with `WantedBy=multi-user.target`, and which runs the appropriate homectl command for each user listed in /etc/passwd (likely just in a shell script).
petee 23 hours ago [-]
I had to check the date; is not April yet
nazgulsenpai 22 hours ago [-]
Will unincorporated distros who don't comply be illegal to use in the areas passing these laws? This isn't "obscenity" -- isn't there a first amendment argument for these projects?
Bernstein v. United States set a precedent that has not yet been overturned.
nazgulsenpai 21 hours ago [-]
Thanks that's encouraging
acuozzo 17 hours ago [-]
How would this work for multiuser accounts? Mu kids all share the same account on the family computer.
noobermin 1 days ago [-]
The context is that this is in response to California in the US potentially passing a law that requires age verification on the operating system level.
Meta gives money to the Heritage Foundation? Wild.
zeratax 22 hours ago [-]
there is no verification happening though
egorfine 3 hours ago [-]
First they have to build infrastructure for the future mandatory KYC. So, age field comes first, then comes new Poettering startup to deny you modifications of your Linux, and finally you are not allowed to use a computer unless you present your ID.
iamnothere 22 hours ago [-]
There is in New York, Brazil, and probably other places too. Attestation is a foot in the door and will become verification when it is shown to be ineffective. And unless the law is defeated, it will provide precedent for further legislative intrusion into personal computing.
treesknees 22 hours ago [-]
Because systemd isn’t an operating system. It’s just providing a mechanism for the OS to store/lookup the user’s birthday. It’s up to individual distros to do the verification (should the law stand and OS vendors choose to comply)
wolvoleo 4 hours ago [-]
True but I'm very much opposed to building the underpinnings for this stuff. If you build it they will use it.
wolvoleo 1 hours ago [-]
Besides, my OS has no business knowing my date of birth whatsoever. All it should know is the account name I gave it which of course doesn't have to match my real name.
calvinmorrison 21 hours ago [-]
This should fit lennarts hubris well.
This developer should be blacklisted from all open source projects, permanently.
flykespice 21 hours ago [-]
It's scary how much global surveillance is closing in to become a reality with states passing these lesgilations, in the name of "protecting children", but it just serves to collect citizent personal data...
And now they are creeping into open source projects too. What once was thought as the bastion of absolute freedom from the state
aleph_minus_one 21 hours ago [-]
> and now it's creeping into open source projects too. What once was thought as the bastion of absolute freedom from the state
It is indeed scary is how compliant the open-source projects have become to the "governmental overlords". Where has the hacker spirit gone?
anotherhadi 1 days ago [-]
Pretty good implementation imo
Spivak 22 hours ago [-]
Yeah, it's the most basic thing you could do that's not intrusive to the rest of the system. userdb is a local directory and most directories, like LDAP, have a DoB field. Even if these laws fizzle out the change would still be potentially useful for other things like parental controls apps.
jmclnx 22 hours ago [-]
Interesting solution and I really expected systemd would be were this age validation would be placed if distros what it.
But if this becomes a thing in Linux for the distro I use (doubtful), I will abandon Linux after 30+ years.
I am rather confident OpenBSD will ignore this law and I expect other BSDs will to. If not, back to DOS :)
Note, I have a BSD on a coupld of old laptops for testing reasons. I test what I write in the BSDs to help find issues, that works well.
coldacid 14 hours ago [-]
You can always use a distro that doesn't use systemd or roll your own. Sure you lose the GNOME desktop environment, but if you ask me that's a net positive.
jmclnx 12 hours ago [-]
I agree, but this could be an issue with all distros based in the US. From my reading of these laws, I think the CA or NY or IL law could easily morph into a US National Law. So all US based distros may need to do something.
I saw an article that supporting these laws could cost a distro maintainer up to 10000 USD per year. Sadly I lost the link, but the article made a lot of sense to me. So, many small distos cannot afford even 1000/year, I think this law could kill almost all small Linux distros. That will probably leave only RHEL, SUSE and Ubuntu, maybe Debian, but they would need funds donated to them from Ubuntu.
If the distro is in another country like OpenBSD, they could just ignore the law(s). That of course assumes the "other" country does not replicate what is happening in the US.
Right now I am hoping these laws are declared unconstitutional, but to be honest, with support by companies like meta and twitter, I expect we will see a national law sometime in 2027.
So in the US, we could be looking at locked down OS, unless you want to break "the law".
iamnothere 11 hours ago [-]
I also recommend looking into Radicle, which can be used to develop git-based projects (including issues etc) in a distributed manner. It even works over Tor. In the future development of truly free software may become more risky.
icar 1 days ago [-]
Having this in userdb is not bad per se. We already have a bunch of PII in there.
stuaxo 24 hours ago [-]
I like the analogy of data as oil: polluting when it gets out.
I'd like to severely limit the amount of PII on the system.
> Stores the user's birth date for age verification, as required by recent laws in California (AB-1043), Colorado (SB26-051), Brazil (Lei 15.211/2025), etc.
The Brazilian law does NOT require this. This is a misconception, and likely based on an understanding of California's law being extrapolated to the Brazilian law.
They are almost complete opposites.
The Brazilian law (Lei 15.211/2025) puts the burden of age verification on *providers* of web platforms, app stores, or dumb terminals. Not on operational systems.
It also mentions "reasonable measurements" - which vary according to the type of content, platform, etc - and which are much less strict that anything written in California's or UK's laws regarding the same subject. It is far more based on individual risk assessment and purpose of the platforms themselves.
In all fairness, the Brazilian law is the most friendly to open source and the status quo. Even though I'm also worried about the long term results of this legislation, I'm somewhat relieved by the way it turned out.
Lei № 12.965 (2014) defines a terminal (which applies in Lei 15.211) as any internet-connected computer or device.
* LP had zero objections to merging this commit into systemd [1];
* Amutable CEO is confident they have a very robust path to revenue [2];
* It is Facebook that pushes age verification laws all around the world;
I sense that his new startup is exactly what we are afraid of: a way to prevent reverting of these patch and then actually enforce the upcoming mandatory KYC to use the computer.
[1] https://github.com/systemd/systemd/pull/40954#issuecomment-4...
[2] https://news.ycombinator.com/item?id=46785048
Surely this is a total coincidence.
If California wants to create its own Protect the children operating system, it should bear the cost and responsibility for this alone, and not export any of the sketchy political agenda to the wider open source community.
"There is no justice in following unjust laws." - Aaron Swartz (Guerilla Open Access Manifesto)
The owner of the computer should decide what the computer does.
California is a soon failed bankrupted US state, and no one outside its borders cares what's going on there. Companies are leaving, people are leaving. Let them sink to the ocean with their idiotic laws.
It's the authors first time contributing to this repo and it the feedback on the PR that was addressed is really odd, like some of it is super basic stuff, even if you're not familiar with the code base or the language.
Just an all round weird vibe.
I’ve seen Claude reproduce nearly identical comments, wonder if that’s a couidence
And not only that, but he engages in communication with people in tickets and ignores all constructive criticism.
as per usual, liberal policy doing the exact opposite thing they claim it does.
I feel like complying really undermines any first amendment arguments. Software is a first amendment protected form of expression, giving in before getting any actual threats from the state makes your participation seem voluntary.
Systemd's participation puts the entire world into compliance with a California law
As it turns out, the people who warned against “professionalizing” and corporatizing Linux were correct.
It's one of the reasons I use BSD on my main machine. I think Linux has been infiltrated by big tech way too much.
[0]: https://news.ycombinator.com/item?id=46784572
* LP had zero objections to merging this commit into systemd [1];
* Amutable CEO is confident they have a very robust path to revenue [2];
* It is Facebook that pushes age verification laws all around the world;
I sense that his new startup is exactly what we are afraid of: a way to prevent reverting of these patch and then actually enforce the upcoming mandatory KYC to use the computer.
[1] https://github.com/systemd/systemd/pull/40954#issuecomment-4...
[2] https://news.ycombinator.com/item?id=46785048
There certainly are benefits and they are huge. Like, I can make sure my servers are untampered, I would love that.
Problem is, that technology, once unveiled, will be inevitably used for surveillance. Like, online KYC required to use a computer and you cannot patch this shit out because your Linux build is attested and no banking or government website will let you log in unless remote attestation passes.
Sort of like what they do on Android devices.
They cannot loose markets, like California or Brazil.
i'm always a fan of 1-JAN-1970
[eg. the "birth" of UNIX-like OSes unix-timestamp eg. "0" ;]
or
date -d @0
cheers a..z
I am out of the loop: what is so special about 1969 concerning age verification?
That said... an option for 'I could have declared an age/birth date but chose not to' seems preferable. I was talking about poisoning but this could be more productive. Any attestation would reasonably fail, sure, but it sends a potentially-meaningful signal [to someone].
OK, "I am so old that already lived before the UNIX epoch even started" (or a year which breaks systems that cannot handle times before the UNIX epoch) sounds plausible. :-)
It's entirely optional, I get that. I could 'just' not set anything. Spare your fingers. I want to poison it [or loudly opt out] without a lot of effort. This includes running N commands when a file to could effectively disable the signal.
Said differently: I don't want to configure the portal, I want to ~~break~~ mask it.
Since this is sd-userdbd we are talking about unless the used backend provides the value it is unset by default. And if you manage your home directory using sd-homed unless you explicitly set it it is also unset by default.
> It's entirely optional, I get that. I could 'just' not set anything.
Why? Telemetry, mainly. I'd rather attestation [or whatever intends to use this] fail and make it apparently deliberate.
The failure/assumption of under-13 or whatever, as a result of manipulation, is fine. I'm not actually trying to solution something though, jeez.
I find it more compelling to say, for instance, "x% of our users have chosen not to share their information"... rather than "y% have not set it". This category would almost surely be about as 'useful' (useless) as the 'do not track' header... and a concern for something other than systemd or even the portal (to a degree).
Bernstein v. United States set a precedent that has not yet been overturned.
This developer should be blacklisted from all open source projects, permanently.
And now they are creeping into open source projects too. What once was thought as the bastion of absolute freedom from the state
It is indeed scary is how compliant the open-source projects have become to the "governmental overlords". Where has the hacker spirit gone?
But if this becomes a thing in Linux for the distro I use (doubtful), I will abandon Linux after 30+ years.
I am rather confident OpenBSD will ignore this law and I expect other BSDs will to. If not, back to DOS :)
Note, I have a BSD on a coupld of old laptops for testing reasons. I test what I write in the BSDs to help find issues, that works well.
I saw an article that supporting these laws could cost a distro maintainer up to 10000 USD per year. Sadly I lost the link, but the article made a lot of sense to me. So, many small distos cannot afford even 1000/year, I think this law could kill almost all small Linux distros. That will probably leave only RHEL, SUSE and Ubuntu, maybe Debian, but they would need funds donated to them from Ubuntu.
If the distro is in another country like OpenBSD, they could just ignore the law(s). That of course assumes the "other" country does not replicate what is happening in the US.
Right now I am hoping these laws are declared unconstitutional, but to be honest, with support by companies like meta and twitter, I expect we will see a national law sometime in 2027.
So in the US, we could be looking at locked down OS, unless you want to break "the law".
I'd like to severely limit the amount of PII on the system.