qubist:
If we are talking about some age registration feature like the data field suggested or implemented in systemd, this has no real influence on the security of a system, as you may enter an arbitrary value in this field. You may lie about your age or even put complete nonsense into this field. So it is not possible to extract any information of value from there.
Why do professional programmers who know very well all that do this meaningless thing? It does not provide compliance and has zero legal value. In fact, it may be considered illegal in regards to the GDPR because alongside username (which is an identifier, i.e. ‘personal data’) and requires the ‘controller’ to inform the ‘data subject’ how exactly that data will be processed, ask for explicit consent, provide option for not processing that data, etc.
As userdb: add birthDate field to JSON user records by dylanmtaylor · Pull Request #40954 · systemd/systemd · GitHub is implemented right now, and based on the interpretation in post How much do we gotta worry about this Linux "age verification" BS? - #169 by michael , I do not see how systemd itself would violate GDPR here, because systemd only implemented a way to store the information if someone chose to store such information.
Before this, systemd homectl supported the option --email-address=EMAIL. Now the option --birth-date=[DATE] has been added as well.
This is similar to the decades old gecos field.
The gecos field, or GECOS field, is a component of each user record in the /etc/passwd file on Unix and Unix-like operating systems. It is the fifth of the seven colon-separated fields in each line of the file.
Originally derived from the General Electric Comprehensive Operating System (GECOS), this field is commonly used to store general information about the user, such as their full name, office number, phone number, or other contact details. While traditionally limited in length and format, m...
Impact of that specific systemd pull request:
Concerning precedent: Yes, in my opinion, very much so.
Part of groundwork useful for age prompts using other tools: Yes.
GDPR violation: No, most likely not, as it is only a data field, not a data request.
Sufficient for compliance with age API laws (if applicable): No, most likely not.
Additional system modifications required in other places to actually prompt for the age, let alone verify it, if some distribution wanted to implement this: Yes.
Not legal advice. Primarily source code analysis.
I have not seen any Linux distributions yet implementing the actual mandatory age prompt graphical user interface. Anyone?
1 Like