Okay, I archived the PDF using
gunzipand attached it to this reply:
You can see from my comment that I have actually read it but thanks anyway. Others may benefit 
1 Like
You can use AI to change your stylometry. For example if you are American you can tell it to re-write your text in British mannerisms, or vice-versa.
Like I said, look up llama.cpp. I don’t know about OSD but it’s open source enough. For extra peace of mind you can keep it in an airgapped system or network-isolated VM. Please do research it, it’ll be worth your while.
Well, if I were a guessing boy I’d guess this already happens more than we’d like. What’s a maintainer supposed to do if the feds come down with the choice of adding a backdoor and keep quiet about it or go to jail? Or worse, hurt your family? Yes governments really can be that petty when they really want something. You can’t trust anybody in FOSS, this isn’t new.
Which is why the point of replacing all these doxxed devs with anonymous ones should probably be our collective top priority. Specially the devs of privacy tools like Whonix and Qubes should have seen this coming and prepared for it from the start, but I guess up until a few months ago such ideas were considered radical and worthy only of conspiracy theorists. 
If these laws don’t back off then it will be a major nexus in the history of open source. It will separate the wheat from the chaff. Those of us who care about freedom will go in one direction, the 
will go in another, and open source will never forget the lessons learned: that there is no freedom without privacy, that there is no privacy without anonymity, and that every 1990s parent was right when they said don’t give out your name, age, or address to strangers on the computer.
But hey brother let’s not panic too much. Let’s not forget what what separates Linux from Windows is the fact that it’s open source. Worst case scenario we have to start building our own distros from sources, removing the cancer manually every time.
Better yet, the dark web. 
They like being vague for a reason 
fxcking politicians, man… How are people this fxcking evil?
2 Likes
A warrant canary:
2 Likes
Bro they know about your canary 
do you really think they’d just watch you violate a gag order via omission and throw their hands up in the air? That may have worked back when the adults were still in charge but I assure you it won’t fly if you try it nowadays. There is no democratic law and order anymore. We’re in the Epstein timeline.
1 Like
You can’t trust anybody in FOSS, this isn’t new.
Why are you here then?
They like being vague for a reason
Stimulus → reaction → result.
1 Like
This depends on a detail in most laws (especially in the USA): You can force someone to conceal a data disclosure order (gag order), but you cannot force anyone to make a statement (canary statement), whether it is true or false.
1 Like
Why, for the margaritas 
and the good company, of course! 
Or did you mean why do I use Qubes if I don’t trust the devs? Not to open the whole IME/PSP can of worms again but a backdoored OS has been the least of my problems for a minute. I treat everything like it’s either backdoored or otherwise vulnerable to attack. But, a sturdy cabin can be built out of flimsy wood, and a mighty army out of feeble men. Even the most backdoored system can play a role of strength in an environment where its weaknesses are actively mitigated. 
Yeah that sounds about right. Unfortunately for all mankind.
You say ‘can’ and ‘cannot’ in reference to the state like the state plays by its own rules. They don’t even pretend to anymore. We live in a world where the most powerful country is actively building concentration camps on its own soil for its own citizens and you think they can’t “force” some guy to make a statement or not? Rest assured that if they want Qubes to have a backdoor then Qubes will have a backdoor and none of us will know peep about it.
1 Like
There is no evidence that Qubes, Whonix, Tor, Fedora, Debian, Tor or
ANY other OS including Apple or Microsoft, are considering to obey this
law This is spreading FUD.
Apple have expressed support for age verification to protect children
but believe that it should be for content providers to put such measures
in place. No one else has publicly stated their position.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
3 Likes
Completely agree. Thank you for this.
I believe that neither “operating system provider” nor “operating
system” are defined in the laws of California or the USA. For the rest,
your criticisms are equally imo correct.
But I cannot imagine that any Bill is brought forward, or enacted
in to law, without it having been considered by state legal counsel. So
whatever our opinions, it needs consideration and argument by qualified
advisors. Perhaps there will be court action in the US.
Whatever the outcome I repeat that I see little (no?) threat to privacy
even if every OS grovels and institutes a form as mandated. (And I can
imagine that “children” as defined will find amenable “account holders”
prepared to enter whatever age they want, just as they can find amenable
adults to buy alcohol for them. Or indeed, they will themselves enter
whatever age they want to be.)
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
3 Likes
I doubt there is even a single QubesOS user who hasn’t used VPN at some point in their life, prior to installing QubesOS. So I don’t think any US users would be affected, if a VPN started being necessary for downloading R4.4.
1 Like
Yes. Thank you for stating this point clearly. This is the only position IMO, and it is the only position I will accept from any project(s) I participate in as a user, including Qubes. I hope enough people make it clear that they will migrate to projects which take this stance.
3 Likes
For the most part, you’re right. But:
It’s not so much about the age verification API; it’s more about the fact that this is the first step towards far more extensive restrictions on computer users’ privacy.
Today it’s an easily circumvented age check, tomorrow it’s a check against an online service, and the day after tomorrow every user’s digital ID will be automatically transmitted to government agencies.
No, there have to be red lines that must not be crossed. This is one of them.
2 Likes
Completely agree. Thank you for this.
I thought I would never ever read that.
But I cannot imagine that any Bill is brought forward, or enacted
in to law, without it having been considered by state legal counsel. So
whatever our opinions, it needs consideration and argument by qualified
advisors. Perhaps there will be court action in the US.
It seems that is yet another legal backdoor for corruption. It will be up to the court theatre to decide on a case by case basis what words mean for the benefit of those behind the scenes.
The law is becoming/has become a convenient word to publicly justify unacceptable actions through the pretense of noble intent and hypocritical defense of “the values of the civilized world”. That propaganda has been going on for years but now it has become more evident because of the acceleration of certain processes.
Whatever the outcome I repeat that I see little (no?) threat to privacy
even if every OS grovels and institutes a form as mandated.
I agree that a small step towards the precipice is not as dangerous as jumping into it. Note, however, that the trend now is tightening the screws of society to and beyond acceptable limits. Being alert and resisting such Overton windows is necessary, IMO, because later it will be more and more difficult (if at all possible).
4 Likes
That would require individuals willing to be fully identified, complete all required paperwork, and assume full personal liability for any project(s) of their choice, such as Qubes.
Under the as-yet unconfirmed assumption that this is even possible.
If such volunteers were available and willing to contest this, more projects might be willing to refuse compliance. It may be unrealistic to expect already heavily busy developers to assume the risk of a legal case.
In roughly comparable cases, such as Samourai Wallet and Tornado Cash, yes. Arrests / arrest warrants have occurred.
(Elaborated, references here: Legal Jurisdiction Comparison Table)
llama.cpp is an interface, a tool that facilitates the use of AI models. I have tested ollama, which is similar.
I have tested local freeware [1] models such as DeepSeek R1, Facebook’s LLaMA, and various distilled models on fast consumer hardware with the latest gaming GPU. In my testing, the quality and performance were not sufficient for practical use. The better models, for which the quality might be usable, were too slow. A reply to “hi” took 30 minutes. Distilled (“simplified, faster”) models did not produce acceptable output quality for my use cases, including typo / grammar review and code review.
It might be feasible with an NVIDIA H100 for an approximately $38K USD purchase, or at $2.40/hr when rented in a data center. Renting in a data center raises privacy and security concerns. The data center could log / tamper with all inputs and outputs. I have not tried that yet.
Related Whonix wiki chapter: AI Based Stylometry Defense
That would be beneficial. Independent builds (anonymous or not) / software forks would always be valuable, regardless of any laws. rebuilders are a great idea.
There is no simple solution to this. Attracting new developers - anonymous or non-anonymous - would always be beneficial, entirely independent of any laws.
The issue is that there is no sustainable business model, let alone for a completely anonymously run project.
Related: Open Source Business Models
If an anonymously run software fork of Qubes were to appear, I would expect that most users would be reluctant to trust it and would therefore ignore it.
That may be easy to say today. However, more than a decade ago, when the projects were founded, the environment was very different.
One would have needed to establish perfect opsec before leaving any traces of the new project on the internet.
[1] These models are sometimes labeled Open Source, but they fail the definition of the OSD, FSF, and Debian DSFG. So these are neither Open Source nor Free Software as typically defined.
3 Likes
Me too. I will not support or use an operating system that cooperates with regimes to censor the internet and to push privacy invading mass surveillance.
3 Likes
Californians really out here thinking they’re the center of the world lol
2 Likes
Precisely. It’s the trajectory they’re wanting to take us in that is the real problem here, not the fact of being forced to enter a (fake) age during OS install. A wretched trajectory to 1984. This red line must be defended at all costs. AT ALL COSTS, COMRADES.
If you’re used to centralized AI, yeah lol it’s gonna feel like turtles. Ollama is definitely faster than 30 minutes though, and that’s running on RAM with a 26GB model. Two minutes tops for a single “hi”. If all you need it for is re-write messages, it’s totally viable. I can’t speak for other use cases.
Could you expand on this? What exactly about being anonymous conflicts with having a business model? Cryptocurrency exists, y’know, as do DAOs. Name one relevant thing you can do with fiat that you can’t do with untraceable crypto and I’ll tell you why that’s wrong. 
Other than taking money from big corporations, but hey that would be a good riddance in my book.
Think again if the alternative is giving up privacy by order of the fxcking gxvernment. I and others in this thread (literally @Dominik just did as I was typing this message) have already stated that we refuse to use software that complies with this. If the alternative to that is 
then we’ll all be eating and learning to enjoy it one bite at a time.
Plus, what makes you for example so different from an anon in the eyes of the average paranoid user? You think seeing your real name gives me any extra peace of mind? Because it doesn’t - in fact I was under the impression you guys were full anon up until recently. If anything I have less peace of mind now because you could be compromised by feds at any time. 
Okay yeah, I’ll concede that point. Sometimes I forget there was a time before Tor and crypto… and before that, a time before such things were even necessary. 
3 Likes
And there was a time before the current set of (brain-dead) politicians. Has anyone recently tried to hear how fast A. Lincoln is rotating in his grave?
1 Like
It helps users if operating systems still exist that don’t enforce this law, which could one day lead to mass surveillance.
3 Likes
Quote @GWeck in legally mandatory age verification API compliance may be required · Issue #10744 · QubesOS/qubes-issues · GitHub
Qubes is no product created in or distributed from California. So California law does not, in my (non-lawyer opinion), apply to its distribution - not more than any law in, let’s say, Russia. Usage, however, may be restricted by laws in some countries. So, it should suffice to warn potential users to look at the legislation in their respective countries. If someone uses a product that is not compliant with local laws, that is their problem, but not that of the manufacturer. For instance, in Germany, cars are, as far as I know, required to have seat belts. If I use a car without such belts, I may be doing something illegal, but the manufacturer of this car could not be held responsible for what I am doing.
Replying here to avoid spamming the Qubes issue tracker.
As a non-lawyer, I believe this may be wrong, or at least too broad. This is not legal advice. I have written extensively about this topic.
- Jurisdiction / enforceability
- Jurisdiction Applicability and Enforcement Comparison Table
- Legal Jurisdiction
But my best attempt to get this point across might be Legal Jurisdiction Comparison Table. It contains practical, real-world examples of U.S. law enforcement action against foreign people and companies.
In those selected example cases, the accused were often far removed from obvious connections to the U.S. In several cases, they were not U.S. citizens or residents and did not have a U.S.-incorporated company. It is a common misconception that this automatically shields someone from U.S. law enforcement.
The accused were subject to one or more of the following: charged; sued; extradition sought; assets seized; domains seized; arrest warrant issued; arrested; punished.
In some cases, an alleged U.S. connection was that users or customers were located in the U.S.
I am not saying those cases are identical to Qubes, and I am not giving legal advice. My narrower point is simply that “outside California” or “outside the U.S.” does not, by itself, answer the legal question.
*California lawmakers.
Wherever I see this topic discussed on the internet, I see an overwhelming number of users opposing this.
I don’t know what you mean by “centralized AI”. My first thought is: the commercial providers such as ChatGPT are centralized. If you meant local AI running on my own hardware, then yes, that felt like turtles.
It’s a good question, but I think this will go very off-topic. Feel free to ask that in a separate forum thread, if allowed here - @moderators please advise. Otherwise, feel free to ask in the Kicksecure or Whonix forums, and I’ll answer there.
Different people have different viewpoints on how anonymous vs non-anonymous developers impact their trust decisions.
See Team | Qubes OS. The Qubes core team is mostly non-anonymous. These aren’t artificially made-up real names and selfie photos either. People have met many Qubes team members in person at conferences, and Qubes team members have given speeches at conferences.
Team members known only by their pseudonym may not be fully anonymous either. Their real names might not be on the public record, but they may be known by people they know, so it may not be very difficult to find out for governments.
Based on the Qubes core team, it seems that the overwhelming majority of team members are non-anonymous.
It might be challenging to find many projects that are run completely anonymously with perfect opsec.
2 Likes