You've seen the news about various US states (and even a US-wide bill!) for operating systems to implement age checking - but exemptions could cause headaches.
GamingOnLinux covered the exemptions that have made it in for the bills in Colorado and California, and now the dust is settling I've had a bit of time to look at the details more closely and think on it a bit more. And so, I'm left with even more concerns than before.
This isn't just a case of Linux and open source being special or somehow better, and not even getting into the debate of the "privacy for thee but not for me" angle due to more data collection - but a major concern on the actual implementation of all of it.
On Linux machines we already have DRM (Digital rights management) headaches from streaming platforms that limit things like resolution (or some just don't work at all), due to a lower level of Widevine support. And then there's also all the anti-cheat issues with games completely blocking Linux too. Now, we're moving into the land of age-checking on devices and operating systems which could potentially bring its own set of hurdles to overcome.
When all these laws get stamped and approved, what happens when you run an operating system (let's say Fedora or Ubuntu) and some web service or application is forced to do age checking and verification (or they face massive fines). Unless Linux distributions / desktop environments do end up implementing something that correctly adheres to these laws, what do you think will happen? Those services / apps could very likely just entirely block Linux in certain regions - or even all regions if it's Linux to prevent any issues for them.
That only adds to the list of issues that Desktop Linux faces when it comes to user adoption. And given how overall fragmented the Linux desktop is, we're in for quite a messy time. One distribution might work, another might not - that's just even more confusing for people picking between Linux distributions and desktop environments.
Being exempt from building or using the system doesn't save Linux and open source from being locked out of the room by companies who then require it by law. This also isn't US specific, other countries are working on these types of laws too.
What are your thoughts? Leave a comment and let me know.
Article taken from GamingOnLinux.com.
About the author - Liam Squires-Hand
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can follow me personally on Mastodon [External Link].
See more from me
See more from me
Some you may have missed, popular articles from the last month:
You can also find comments for this article on social media: All posts need to follow our rules. Please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Readers can also email us for any issues or concerns.
You're right: if some business/services makes a strong requirement for age enforcement on user's device, we're screwed.
Wait, no. We just can't use the service.
Sure, it sounds easy, and I'm sure there'll be a *lot* of nuance on that topic in the near future, but it can be a chance to reassess what is essential. Is giving everything up for the privilege of enjoying a twitter thread full of hate and bots worth it? Who knows.
The main issue would be when official/actually mandatory digital services starts to do that. But is it really that different from the current issue with "excluded" builds of Android (or services that flat-out kicks Linux out based on UA)? If our various administrations decides that we need a device *they* control, I'll fight to the end for *them* to provide me such device; at their expense. It would definitely be an uphill battle, but my devices my software.
If I have to give up "sovereign digital identity" and go back to paper, then so be it. If the paper option isn't available anymore, then I guess I'll start planting turnips.
But that's over dramatization. There's a real way forward where all this nonsense blow over and only a handful of stupid services cares about it.
Wait, no. We just can't use the service.
Sure, it sounds easy, and I'm sure there'll be a *lot* of nuance on that topic in the near future, but it can be a chance to reassess what is essential. Is giving everything up for the privilege of enjoying a twitter thread full of hate and bots worth it? Who knows.
The main issue would be when official/actually mandatory digital services starts to do that. But is it really that different from the current issue with "excluded" builds of Android (or services that flat-out kicks Linux out based on UA)? If our various administrations decides that we need a device *they* control, I'll fight to the end for *them* to provide me such device; at their expense. It would definitely be an uphill battle, but my devices my software.
If I have to give up "sovereign digital identity" and go back to paper, then so be it. If the paper option isn't available anymore, then I guess I'll start planting turnips.
But that's over dramatization. There's a real way forward where all this nonsense blow over and only a handful of stupid services cares about it.
5 Likes
Is this how the fed distros are going to justify still carrying on with "age verification" measurements even if the exemptions get more widespread ?
0 Likes
PlayingOnLinuxphone 6 hours ago
Europe is going towards Linux, people around the world are going towards Linux. What should we scare about? We people just have to be a bit more serious about what we want and at some point the money loss will change things automatically to our advantage.
As I told, as more European countries rely on Linux as more important it will be to them to support competition which includes Linux itself or European companies start to do their own businesses to fit into the new service holes. If current companies want to dig their own graves, let them do so. No need for any fear. We are strong together - stronger than them. Look how Microsoft starts to advertise how they become better, just after a few percentages of people moved to Linux. We just need to follow our principles.
As I told, as more European countries rely on Linux as more important it will be to them to support competition which includes Linux itself or European companies start to do their own businesses to fit into the new service holes. If current companies want to dig their own graves, let them do so. No need for any fear. We are strong together - stronger than them. Look how Microsoft starts to advertise how they become better, just after a few percentages of people moved to Linux. We just need to follow our principles.
5 Likes
I understand the concern.
BUT.
Just as much as I actually love to not have rootkit-like anti cheat "solutions" available for my gaming machine (I consider them an RCE-in-the-making), I will be extremely happy to be excluded from those services that will need to ask my (admittedly ancient) age without a reasonable motive.
You're a bank? A credit card circuit? A governative agency issuing driving licenses? A municipality celebrating marriages? A weapons or liquor store? Other goods/services provider which must be reasonably sure I'm an adult? No? Then I don't need to do age-verified business with you, thank you. You can keep your pictures of kittens for yourself, I'll live happily without them.
BUT.
Just as much as I actually love to not have rootkit-like anti cheat "solutions" available for my gaming machine (I consider them an RCE-in-the-making), I will be extremely happy to be excluded from those services that will need to ask my (admittedly ancient) age without a reasonable motive.
You're a bank? A credit card circuit? A governative agency issuing driving licenses? A municipality celebrating marriages? A weapons or liquor store? Other goods/services provider which must be reasonably sure I'm an adult? No? Then I don't need to do age-verified business with you, thank you. You can keep your pictures of kittens for yourself, I'll live happily without them.
12 Likes
spacemonkey 5 hours ago
I hope governments will apply the same logic here as using seatbelts:
When your are driving a car you have to wear a seatbelt, but when you're on a motorcycle nobody cares about your safety.
(In this metaphore an OS like Windows is a car. Linux, of course, is like driving a motorcycle)
When your are driving a car you have to wear a seatbelt, but when you're on a motorcycle nobody cares about your safety.
(In this metaphore an OS like Windows is a car. Linux, of course, is like driving a motorcycle)
1 Likes
mr-victory 5 hours ago
that correctly adheres to these lawsAfaiu, since we are exempted, we don't have to correctly adhere ie. we can just yes-man the checks. This doesn't even have to be done by the distribution maintainer, a 3rd party software can do it. Which makes the checks moot. Which hardens the checks so linux / foss can't implement them even if required. Oh shit this is like Play Integrity bypass in a new coat of sugar.
2 Likes
Liam Squires-Hand 5 hours ago
Quoting: mr-victoryBut the end service / app / whatever still needs to show they are properly doing these checks. If lawmakers see a simple bypass on Linux, and the service allows it to happen - fines? It’s never as simple as you think.that correctly adheres to these lawsAfaiu, since we are exempted, we don't have to correctly adhere ie. we can just yes-man the checks.
1 Likes
I think I can install Firefox for Windows using WINE, set age in registry and viola. I think there must be a field/value telling no information about age. In this case, each validator should recognize you as allowed to view content. In case, if my distribution does not comply with new laws, Firefox (for Linux) would send no information, because my OS does not deliver specific API. Of course, only root should be able to set this value or age for some user. If system lacks API to obtain age, software should return no information.
I think, this should not be obligatory. Law vendors should only force to create standards to check age and force content delivers to use this API.
I think, this should not be obligatory. Law vendors should only force to create standards to check age and force content delivers to use this API.
0 Likes
Also, these regulations are piece of shit, because not only Linux users could avoid it. Linux users are just in better place, because they can download source code, revert sh*t changes and compile.
But...
There are debuggers. I can type:
gdb firefox
break read_age_of_user
run
...
set ?? user_age 888
I think this is enough.
But...
There are debuggers. I can type:
gdb firefox
break read_age_of_user
run
...
set ?? user_age 888
I think this is enough.
1 Likes
The_Real_Bitterman 4 hours ago
As a fun side note "Deutsche Bahn AG", the major train operator here in Germany, blocked all Linux users to buy tickets or even look at train schedules online if they detected "Linux" in the Browsers user agent... You could even trigger it by setting the user agent on Windows to Linux. Blocked!
Official explanation "Bot protection" yeah ... let me tell you one thing, as someone working in E-Commerce, bots don't run by "Linux X11" user agents. They all mimic Windows 11 or 10. Only half backed bot protection is to check ASN ... but user agents? Ha! Morons...
Anyway. If they even get THIS wrong ... I fear the age of age verification.
Last edited by The_Real_Bitterman on 26 May 2026 at 4:04 pm UTC
Official explanation "Bot protection" yeah ... let me tell you one thing, as someone working in E-Commerce, bots don't run by "Linux X11" user agents. They all mimic Windows 11 or 10. Only half backed bot protection is to check ASN ... but user agents? Ha! Morons...
Anyway. If they even get THIS wrong ... I fear the age of age verification.
Last edited by The_Real_Bitterman on 26 May 2026 at 4:04 pm UTC
6 Likes
mr-victory 4 hours ago
Quoting: The_Real_BittermanAs a fun side note "Deutsche Bahn AG", the major train operator here in Germany, blocked all Linux users to buy tickets or even look at train schedules online if they detected "Linux" in the Browsers user agent... You could even trigger it by setting the user agent on Windows to Linux. Blocked!But android also reports linux, it doesn't make sense. Do they check linux + x86_64?
Quoting: Liam Squires-HandBut the end service / app / whatever still needs to show they are properly doing these checks. If lawmakers see a simple bypass on Linux, and the service allows it to happen - fines? It’s never as simple as you think.From what I understand, the end service only sees an age response and no other recently introduced, extra info so they have no way of distinguishing and no liability. The fault is at the response generation by the OS, not interpretation by the website / service / app etc.
1 Likes
Quoting: The_Real_BittermanAs a fun side note "Deutsche Bahn AG", the major train operator here in Germany, blocked all Linux users to buy tickets or even look at train schedules online if they detected "Linux" in the Browsers user agent... You could even trigger it by setting the user agent on Windows to Linux. Blocked!I can both view the schedules and buy a ticket
Last edited by Cyberworm on 26 May 2026 at 4:22 pm UTC
2 Likes
These laws only require implementation on app stores, not in any web service or application itself. There aren't a lot of app stores on Linux that'd meet the requirement to require age verification outside of game stores, and those will likely start collecting age verification as part of their account sign-up process, as Ubisoft has already started doing. I don't think Linux will be locked out, I think the OS-level age signal will probably just become redundant as the stores will be the ones collecting age verification info. The bills really don't seem to have much thought put into them.
2 Likes
The_Real_Bitterman 4 hours ago
Quoting: mr-victoryQuoting: The_Real_BittermanAs a fun side note "Deutsche Bahn AG", the major train operator here in Germany, blocked all Linux users to buy tickets or even look at train schedules online if they detected "Linux" in the Browsers user agent... You could even trigger it by setting the user agent on Windows to Linux. Blocked!But android also reports linux, it doesn't make sense. Do they check linux + x86_64?
Quoting: Liam Squires-HandBut the end service / app / whatever still needs to show they are properly doing these checks. If lawmakers see a simple bypass on Linux, and the service allows it to happen - fines? It’s never as simple as you think.From what I understand, the end service only sees an age response and no other recently introduced, extra info so they have no way of distinguishing and no liability. The fault is at the response generation by the OS, not interpretation by the website / service / app etc.
Quoting: CyberwormMaybe they fixed that. I usually do not use their services in the first place: https://www.heise.de/news/Deutsche-Bahn-Keine-Auskunft-unter-Linux-11300742.htmlQuoting: The_Real_BittermanAs a fun side note "Deutsche Bahn AG", the major train operator here in Germany, blocked all Linux users to buy tickets or even look at train schedules online if they detected "Linux" in the Browsers user agent... You could even trigger it by setting the user agent on Windows to Linux. Blocked!I can both view the schedules and buy a ticket
1 Likes
I took my pirate hat off a long while ago, in favor of supporting creators of things that I consume, because I like supporting creators of things I consume.
However if I can't access my content anymore from something like steam or crunchyroll without doing an eye scan I will be putting it back on.
However if I can't access my content anymore from something like steam or crunchyroll without doing an eye scan I will be putting it back on.
5 Likes
Quoting: RustyThese laws only require implementation on app stores, not in any web service or application itself.Only a few steps away from things like the Google app being required to access a website.
0 Likes
Caldathras 3 hours ago
Quoting: SlayerTheChikkenAren't we already there with websites that offer the "login with your Google Account" pop-up?Quoting: RustyThese laws only require implementation on app stores, not in any web service or application itself.Only a few steps away from things like the Google app being required to access a website.
0 Likes
Quoting: Liam Squires-HandThink this will be the push for ID/smart cards thing. Like what they use in corporate places like NHS does.Quoting: mr-victoryBut the end service / app / whatever still needs to show they are properly doing these checks. If lawmakers see a simple bypass on Linux, and the service allows it to happen - fines? It’s never as simple as you think.that correctly adheres to these lawsAfaiu, since we are exempted, we don't have to correctly adhere ie. we can just yes-man the checks.
Cant log in to their services without one. Basically smart card reader on the lappy/desktop push card in which does a credential check so you can log in ect .
0 Likes
I'm Canadian, so maybe my level of trust in government is slightly higher than most (or I've resigned myself to the fact that '...as far as I can throw them' means nothing when you're physically disabled~), but I feel like this is the sort of thing I'd want the government to run, hear me out:
We already have digital logins for things like filing our tax returns, and there's ways to do this stuff double-blind - heck, probably even with something relatively basic like digital signatures.
(My likely not-fully-correct implementation spitballing follows)
Do the same thing for your app store or whatever, have some OS path to do it, and as long as it's just 'get this random token signed by your government ID login', no creepy image recognition, no 'AI', etc., then I don't have that big of a problem with it. If all of the government legislative efforts that basically amount to 'we don't care how you do it, this is the private sector's responsibility', read between the lines: it's not worth the effort for them to set this up themselves, because the headache of managing that signing service would still be too onerous for the nearly non-existent 'return'.
But if the private sector's involved, and it means they get to legally ask all those invasive questions, for copies of your photo ID, or whatever, and tie it into their AI spyware crap? There's money there; the age assurance stuff is just a convenient excuse. THAT's the problem I have with it.
We already have digital logins for things like filing our tax returns, and there's ways to do this stuff double-blind - heck, probably even with something relatively basic like digital signatures.
(My likely not-fully-correct implementation spitballing follows)
Spoiler, click me
- Canadian citizen wants to provide 'proof of age' to some online service - said service gives them some randomly generated token, says 'get this signed and bring it back to us'
- Copy/paste the token into gov't website where they've already got a valid login/ID. Gov't site has no idea where the token came from, what it says, what website it's for - nothing. It's just a string. But sure, here's a digital signature for it (-----BEGIN PGP SIGNATURE----- or whatever) to say 'yes, you are An Adult(tm)', with a short expiry time, like 5 mins or something to minimize the potential for reuse.
- User takes that back to the first site - see, I'm echoing back the exact same random token you first gave me, but now it's been Signed by the Government of Canada to say 'yes this person is an adult', please flag my account as such and never ask me again.
Do the same thing for your app store or whatever, have some OS path to do it, and as long as it's just 'get this random token signed by your government ID login', no creepy image recognition, no 'AI', etc., then I don't have that big of a problem with it. If all of the government legislative efforts that basically amount to 'we don't care how you do it, this is the private sector's responsibility', read between the lines: it's not worth the effort for them to set this up themselves, because the headache of managing that signing service would still be too onerous for the nearly non-existent 'return'.
But if the private sector's involved, and it means they get to legally ask all those invasive questions, for copies of your photo ID, or whatever, and tie it into their AI spyware crap? There's money there; the age assurance stuff is just a convenient excuse. THAT's the problem I have with it.
2 Likes
Patreon
PayPal
Anticheat check - which competitive games actually work on Linux?
How to give Valve feedback when Proton games have issues on Linux / SteamOS