Linux devs are fighting the new age-gated internet

Linux 开发者正在对抗互联网“年龄门槛”新规

The open-source community is looking for a way out of the wave of new laws requiring operating systems to collect users’ ages. 开源社区正在寻求应对浪潮般的新法律，这些法律要求操作系统必须收集用户的年龄信息。

In January, Colorado lawmakers introduced a proposal to make operating systems collect users’ ages and pass them to app developers. The bill, SB26-051, had clearly been designed for commercial platforms like iOS and Android — one of numerous plans to age-gate the internet through users’ devices. It was intended to provide information that would let developers disable age-inappropriate experiences for kids. But as it made the rounds online, Linux laptop maker Carl Richell read the proposal with dismay. 今年 1 月，科罗拉多州立法者提出了一项提案，要求操作系统收集用户年龄并将其提供给应用开发者。该法案（SB26-051）显然是为 iOS 和 Android 等商业平台设计的——这是通过用户设备对互联网设置“年龄门槛”的众多计划之一。其初衷是提供信息，让开发者能够为儿童禁用不适宜的体验。但当该提案在网上流传时，Linux 笔记本电脑制造商 Carl Richell 在阅读后感到十分不安。

Carl Richell is the founder and CEO of Denver-based System76, which also develops the Pop!_OS Linux distribution. The law, he realized, would likely apply to his own small business. Without the resources of a company like Apple and Google, complying with Colorado’s bill would be a major logistical headache. More broadly, Richell believed it would betray the principles of open source and limit its potential. Open source is “the best way to learn computing,” he told The Verge. “There is nothing like learning from example, and the Linux desktop is a free, open-source example of how to build an entire operating system.” A system that can restrict how children use it — by blocking their ability to interact with certain apps or denying them root access, both possible outcomes of an age-gating system — “breaks that.” Carl Richell 是总部位于丹佛的 System76 的创始人兼首席执行官，该公司还开发了 Pop!_OS Linux 发行版。他意识到，这项法律很可能会波及他自己的小企业。由于缺乏像苹果和谷歌那样的资源，遵守科罗拉多州的法案将是一个巨大的后勤难题。更广泛地说，Richell 认为这背离了开源原则并限制了其潜力。他告诉《The Verge》：“开源是学习计算机技术的最佳途径。没有什么比通过实例学习更好的了，而 Linux 桌面就是一个关于如何构建完整操作系统的免费开源范例。”一个能够限制儿童使用方式的系统——通过阻止他们与某些应用交互或拒绝其 root 权限（这些都是年龄限制系统的潜在后果）——“破坏了这一点。”

Richell began working with state lawmakers. He spent weeks pushing for changes and sharing updates online. On April 23rd, he appeared before a Colorado House of Representatives committee meeting to make his case. “Everyone should have access to the ability to create with a computer,” Richell testified. “Open-source software makes that possible. It ensures that everyone, regardless of age or background, can learn, experiment, and build at the most fundamental level.” In its original form, the bill, he warned, “unintentionally swept that world into its scope.” Richell 开始与州立法者合作。他花了数周时间推动修改并在线分享进展。4 月 23 日，他出席了科罗拉多州众议院委员会会议，陈述了自己的观点。“每个人都应该有能力使用计算机进行创造，”Richell 作证说，“开源软件使之成为可能。它确保了每个人，无论年龄或背景如何，都能在最基础的层面上学习、实验和构建。”他警告称，该法案的原始版本“无意中将这一领域也纳入了管辖范围”。

“We have created a template that I hope other legislatures adopt.” His persistence paid off. On May 1st, SB26-051 passed with an exemption he’d pushed for — excluding open-source operating systems like Linux from its rules. “We have created a template that I hope other legislatures adopt,” Richell told The Verge. “我们创造了一个模板，希望其他立法机构也能采纳。”他的坚持得到了回报。5 月 1 日，SB26-051 法案获得通过，其中包含了他在推动下加入的豁免条款——将 Linux 等开源操作系统排除在规则之外。Richell 告诉《The Verge》：“我们创造了一个模板，希望其他立法机构也能采纳。”

Richell’s brush with age verification laws ended well. In the larger world of open source, though, they remain a hot topic. As several US states are debating and enacting rules similar to Colorado’s, some open-source developers are still trying to figure out how to respond — or whether they need to. Others are openly thumbing their noses at the new rules. And some, like Richell, are trying to help lawmakers understand their plight. Richell 与年龄验证法的这次交锋以圆满告终。然而，在更广阔的开源世界中，这仍然是一个热门话题。随着美国多个州正在辩论并制定类似于科罗拉多州的规则，一些开源开发者仍在试图弄清楚如何应对——或者是否需要应对。另一些人则公开对这些新规表示不屑。还有一些人，像 Richell 一样，正试图帮助立法者理解他们的困境。

Concern over how Linux would deal with age-gating kicked into high gear late last year when California passed AB 1043. Under state law, operating systems and app stores must collect users’ ages during device setup starting January 1st, 2027. Open-source developers and users were left wondering how the law would be applied to them, or if it even could be. 去年年底，当加利福尼亚州通过 AB 1043 法案时，关于 Linux 将如何应对“年龄门槛”的担忧达到了顶峰。根据该州法律，从 2027 年 1 月 1 日起，操作系统和应用商店必须在设备设置过程中收集用户的年龄。开源开发者和用户不禁怀疑，这项法律将如何适用于他们，甚至是否真的可行。

The law posed practical challenges. Many open-source projects are volunteer-run and lack the funding and resources that big tech companies have to roll out age verification (also referred to as “age assurance” or “age attestation”). And the nature of open-source software makes the process even trickier. If an open-source developer does add the necessary age-gating tech, someone else can just create a fork of the software that strips out those measures, and if there’s a legal crackdown, it’s not necessarily clear who’s liable. 该法律带来了实际挑战。许多开源项目由志愿者运营，缺乏大型科技公司所拥有的资金和资源来推出年龄验证（也称为“年龄保证”或“年龄证明”）。而且，开源软件的特性使这一过程更加棘手。如果一名开源开发者确实添加了必要的年龄限制技术，其他人只需创建一个剥离了这些措施的软件分支（fork）即可；如果发生法律制裁，谁该承担责任并不明确。

On top of these difficulties, age verification is at odds with the ethos of many open-source projects, which are often designed to be maximally customizable, minimally invasive, and to avoid collecting user data. Developers may now find themselves forced to choose between respecting users’ privacy preferences and complying with the law. 除了这些困难之外，年龄验证还与许多开源项目的理念相冲突，这些项目通常旨在实现最大程度的可定制性、最小程度的侵入性，并避免收集用户数据。开发者现在可能被迫在尊重用户隐私偏好和遵守法律之间做出选择。

“This is security theater, not improved child safety.” “Protecting children online is absolutely important,” Michael Dolan, SVP of strategic programs at the Linux Foundation, told The Verge. “However, age verification mandates imposed on open source systems create new privacy risks while remaining easily circumvented. This is security theater, not improved child safety.” “这只是安全表演，而非改善儿童安全。”Linux 基金会战略项目高级副总裁 Michael Dolan 告诉《The Verge》：“保护在线儿童绝对重要。然而，强加于开源系统的年龄验证要求在制造新的隐私风险的同时，依然很容易被规避。这只是安全表演，而非改善儿童安全。”

California is far from the only place where this issue comes up. Colorado’s bill, which now sits on the governor’s desk, was modeled on California’s. So is HB4140, currently under consideration in Illinois. New York’s S8102A, currently in committee, would require age assurance measures on “any desktop, laptop, smartphone, tablet, or other device” that can access content on the internet. 加利福尼亚州远非唯一出现此问题的地区。科罗拉多州的法案（目前正等待州长签署）就是以加州的法案为蓝本的。伊利诺伊州目前正在审议的 HB4140 法案也是如此。纽约州的 S8102A 法案目前处于委员会审议阶段，该法案要求对“任何能够访问互联网内容的台式机、笔记本电脑、智能手机、平板电脑或其他设备”采取年龄保证措施。

Some developers haven’t yet announced what, if anything, they’re going to do. Jon Seager, VP of engineering at Ubuntu developer Canonical, responded to AB 1043 in a blog post on March 4th, stating, “Canonical is aware of the legislation and is reviewing it internally with legal counsel, but there are currently no concrete plans on how, or even whether, Ubuntu will change in response.” 一些开发者尚未宣布他们将采取什么行动（如果有的话）。Ubuntu 开发商 Canonical 的工程副总裁 Jon Seager 在 3 月 4 日的一篇博客文章中回应了 AB 1043，称：“Canonical 已经知晓该立法，并正在与法律顾问进行内部审查，但目前对于 Ubuntu 将如何应对，甚至是否会做出改变，还没有具体的计划。”

Developers at other distros are discussing ways to comply while compromising privacy as little as possible. For instance, Fedora Project leader Jef Spaleta shared a comment on the… 其他发行版的开发者正在讨论如何在尽可能少地损害隐私的前提下合规。例如，Fedora 项目负责人 Jef Spaleta 在……上分享了评论。