I really hope there are no plans to comply with any age verification processes. Any news about what Kicksecure will do when the time comes?
1 Like
Much research was done into the topic, the most recent public statement of what we intend to do is “Current assessment: Unlikely: Kicksecure and Whonix are currently unlikely to implement an age API. Possible revised assessment: This may later be updated to “highly unlikely” or “no changes planned”.” See:
Also see the corresponding discussion on the Whonix forum:
3 Likes
Ok thank you very much. I appreciate your response. Personally I’d prefer no age verification prompt, however the option to uninstall the api for people in unaffected regions is a good compromise.
Thanks again, this really helps.
2 Likes
what is the government reasoning behind demanding age verification on other than adult websites, gambling, or similar “adult themes”?
2 Likes
2 Likes
I read throw docs about age and it’s solid portion of a research.
First, I want to thank you for that you changed your point of view from “comply as soon as possible” to ”unlikely to implement”. Not gonna lie, i was shocked and disappointed that you started complying so fast.
Second, i want ask you all, not to give up easily on this and seek help in collaboration with opposition, that tries to oppose these laws.
Third, is there a possibility to start using fork of systemd ? As an act of opposition
1 Like
Kicksecure is based on Debian:
If Debian switches to a fork, we will inherit that. If Debian doesn’t, we will remain using upstream systemd.
Kicksecure is a technical project. The changes to systemd pose no danger to user security or anonymity, therefore this is not something we would likely be interested in doing separately from Debian. If and when threats to security or anonymity do arise, we will deal with them at that time and in a way that is safe for both our users and the existence of Kicksecure and Whonix.
2 Likes
1 Like
yeah, i know, though so that Debian should switch first - just spreading info that such fork of systemd exists. Just in case 
1 Like
Making a quick protest fork and reverting a few systemd commits is simple. Can be done within an hour or two. However, it’s going to be really difficult to keep up with upstream systemd project for both new features and security fixes ongoing development.
This branch is 11 commits ahead of and 320 commits behind systemd/systemd:main.
2 Likes
While I appreciate Kicksecure’s commitment to security, the consideration of age verification mechanisms even framed as age brackets prompted me to reconsider my trust in the project. I do not believe the developers acted with malicious intent, though I remain hopeful this assessment is correct. My understanding is that this was an attempt to align with Debian and systemd standards, upon which Kicksecure’s codebase is built.
I suspect I am not alone in finding this development concerning, particularly as someone who has contributed financially through cryptocurrency BTC/XMR/ETH donations despite economic constraints of work $laving. I haven’t kept up on all this due to feeling burned out from global geopolitical happenings and constant tyranny globally, specifically in anti privacy laws being proposed at the same time that feels like its coordinated.
The recent decision by Kicksecure/Whonix to “Not implement” or de-prioritize such implementations as “unlikely to implement” is encouraging. I wonder whether this whole thing reflects a broader strategy by (lawmakers/Meta/WEF etc.) aimed at fragmenting the Linux community. I really don’t want neither Kicksecure or Whonix to become “Abandonware”.
Moving forward, I believe it may be time for the project to strengthen trust through reproducible builds. This would provide verifiable assurance that the distributed binaries match the published source code so that any doubts can be cleared.
On a positive outlook, this situation echoes the “crypto wars” involving GnuPG and the “torrent wars” surrounding anti-piracy enforcement of torrenting software. In both historical instances, free software achieved significant victories.
I am not endorsing this crypto but they have good article that I have yet seen anyone link, so I’ll post it here:
Quote myself from How much do we gotta worry about this Linux "age verification" BS? - #179 by adrelanos - General Discussion - Qubes OS Forum
My understanding is that FOSS is based on copyright law.
FOSS licenses are subordinate to government law.
The mechanism to enforce FOSS licenses is through copyright law and government courts.
Laws are made by governments.
Developers do not need a license to use their own software.
Licenses are given by authors to consumers. (Licenses are given by developers to users.)
Therefore, I am not convinced that a FOSS license would protect developers (operating system providers) where the law is applicable.
There is a hierarchy here, and laws rank above software licenses.So, at least from my current non-lawyer understanding, I am not convinced that the license would materially help with this specific concern.
Licenses do help users in important ways, but perhaps not in a major practical way here. Most users are using downloadable binary images and binary updates. They do not build their own images and package updates from source code.[… removed part irrelevant to Kicksecure …]
FOSS licenses are still helping “quite a bit” but perhaps not “materially” yet, because they leave the door open for source-based distributions where users could more easily opt in or opt out of undesirable (but perhaps legally mandated for the operating system provider / developer) features.
RedHat is blocking application and source code downloads behind a paywall. The consensus seems to be, that this doesn’t violate the GPL. Other geoblocking and overzealous blocking (cloudflare…) also isn’t discussed in context of GPL violations.
The simple laymen summary is, if forking a GPL or copyleft program and giving it to a third-party, then on request the source code has to be given to the third-party through the same channel without additional restrictions.
Define commercial.
References:
2 Likes
Quoting myself on the parallel Whonix forum thread:
Nominally, maybe (we will implement an age API). In practice due to a combination of terms-of-service constraints and the implementation mechanism, if this gets implemented at all, all users will almost certainly end up with identical data stored by the “age API”, thus preserving anonymity. See:
Age Signaling Legal and Interface Considerations for Kicksecure and Whonix
Kicksecure and Whonix would end up being the same in this respect if this did end up happening. (But again, we don’t think we’ll have to do even this.)
3 Likes
Yeah I’m aware of the whole customer portal paywall and the CentOS Stream situation. The whole software licensing is confusing you would know way more then me. Honestly Patrick please don’t get anything in the wrong way in what I said.
You’re extremely knowledgeable and both Kicksecure/Whonix are one of few projects that has constantly been at the forefront of good choices and good work. Might come as bias but, its part of the reason I chose this OS for one of my setups and workflow in the first place. It’s not just the features and reasonably good mitigation’s but, the wiki alone is top notch. I would say even better then the arch wiki if I’m being honest here sir.
1 Like
When I said “aimed at fragmenting the Linux community,” I mean they are hoping for this to be one of the outcomes if they are successful with getting the main outcome they want. Not just this but even fragment the users due to paranoia or strong philosophical/political views. Lets be honest this has already sparked intense divisions within the Linux ecosystem, pitting privacy absolutists against those seeking pragmatic compliance to avoid legal penalties or restricted access for users etc.
As one that see both sides of this and also falling into the privacy absolutist camp so to speak. I can say its not the harmless age brackets that worry me its what will come next. Realistically I think that’s what we are most worried about since we see the writing on the wall. The history of these repeated efforts by the people behind it and how far they will go if unchecked.
Its certain things like I previously said that can effect users trust, cause doubt, cognitive dissonance or what have you. So upon that I want to clarify, I do place trust in this distro otherwise I wouldn’t use it.
Understanding the legal pressures, developer burnout, and the uncertainty of how everything will play out I will continue to donate in the background when I can as a thank you to all for providing this nice distro.
If the derivative-maker will help achieve a state of reproducible builds in the future, then you may know what I’m talking about if things get that bad. Once more polishing and fine tunning after more releases, hopefully this will be a reality in the near future (reproducible builds not a dystopian world).
Thank you and please don’t give up hope folks.
Kicksecure and Whonix would end up being the same in this respect if this did end up happening. (But again, we don’t think we’ll have to do even this.)
Yeah everyone would have the same age so everyone would look the same to that so that’s good.
I apologize for focusing on what if’s and I know you are focusing on what we can do. We can talk about how bad things are but if we don’t talk about solutions then whats the point right. I’m just concerned about where it will lead like an API and backend that collects other info like device identifiers for age verification providers or worst case digital ID.
Here an example though it is on a phone it shows different methods that were found in Age verification of certain providers specifically in this case Telesign.
The TBOTE Project has some about trying to find who is behind the whole “Age Verification Lobbying” and documented findings on methods already found.