MidnightBSD, a FreeBSD-based desktop operating system, has quietly updated its README to reflect a new geographic restriction. The project has added a clause that bars residents of any country, state, or territory with OS-level age verification mandates from using MidnightBSD
I don’t see why a volunteer who lives in, say, Germany has to give a single shit about the law in California or Brazil. It’s up to those regions to block MidnightBSD if they’re that fucking stupid.
ive been waiting to read headlines of this sort. cheers.
exasperated sigh I don’t want to get too deep in it with people again. Here is a link to the California law and some clarifications. (I cannot speak for the Brazilian law as I am not from Brazil)
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
- The law does not require ID verifications it only required that a parent indicate the age of their child when setting up their account.
- The law’s definition for operating system provider includes “general purpose computing device” so no, your toaster, microwave, and fridge are not included. (please remember that legal definitions do not always match how we would use the term in everyday conversation)
- An “accessible interface” is not well defined here. But it could be as simple as a system call rather than a REST API call. Similar to open file or malloc. (this means no centralized government server storing the data)
I have said this in other posts, but the linux community sticking their heads in the sand and pretending these states don’t exist just leave MS, Google, and Apple to decide how this is implemented. I am glad some distro maintainers are taking this seriously and looking at what is the minimum they would need to implement to comply with the law.
To be clear I do not support this law. The definitions are written so loosely that it leaves much of it up to interpretation. It is clear that they did not meet with anyone in the industry before voting.
The law’s definition for operating system provider includes “general purpose computing device” so no, your toaster, microwave, and fridge are not included. (please remember that legal definitions do not always match how we would use the term in everyday conversation)
That does mean (by legal definitions in California) your toaster, microwave and fridge.
And really the choice of “pulling” support from areas with issue laws is the way, this law is not enforceable as written and is likely the easiest way for any OS to avoid legal issues. Just putting in a line that the OS is not supported in the state will not stop the OS being used but will stop legal issues from said state.
People put doom on microwaves, I’d call that general purpose computing.
After reading that… it only pertains to commercially licensed?
Well its stupid broad, but I don’t think they can even pretend to do things to non commercial products (as in not a product). I think this will just end up like the cancer warnings, companies will just put the label on everything.
I’m sorry I am really not seeing what you are referencing from your link. This appears to be a link to the state administration manual which deals with how departments in the state of California operate.
This does not appear to be a law especially when you look at the procedure for revising the SAM.
Responsibility for updating SAM content is assigned to authoring state departments
Ie. Not assembly members.
Edit: sorry I didn’t respond to your second point. From the Cali law:
1798.503(b) An operating system provider or a covered application store that makes a good faith effort to comply with this title, taking into consideration available technology and any reasonable technical limitations or outages, shall not be liable for an erroneous signal indicating a user’s age range or any conduct by a developer that receives a signal indicating a user’s age range.
1798.503(b) An operating system provider or a covered application store that makes a good faith effort to comply with this title, taking into consideration available technology and any reasonable technical limitations or outages, shall not be liable for an erroneous signal indicating a user’s age range or any conduct by a developer that receives a signal indicating a user’s age range.
OR instead of having to collect that info at all you just put “OS not for cali” on the user agreement and just not deal with the risk.
You are right. I have no additional response to this that would not make me sound like an asshole.
What an odd thing to say. I do think that california based projects/products will try to follow (at least show an attempt) as you say but as big a market cali is there just is no reason for a OS (more so a donation funded linux one) to pander to one state.
Didn’t hear anything about it in Brazil. It’s being done under the radar. Can’t even find articles about it.
how this would actually be enforced; maybe the official website and download mirrors for MidnightBSD will be out of reach for people in those regions. Of course, a tech-savvy crowd who uses MidnightBSD will know how to bypass such an embargo. It makes you wonder how effective such age verification laws are. Oh wait, some of these so-called public servants are also pushing for VPNs to be banned.
As it stands these laws are unenforcable, and plenty of businesses would be impacted. First, think of the meaning of ’ internet connected device, with an operating system '; such vague definition. Is a modern fridge, sensor or monitoring system supposed to verify the age of any user that comes in touch with these? Impractical. Second, any commercial activity has computers running everything. These computers are not registered for any single user, but for the activity as a whole. The emplyees may insert a code when they operate the computer (emplyee - Id within the business) but that’s it. Office complexes would be decimated by this stupid setup. And there comes the VPN ban. Again, plenty of businesses rely on vpn and private networks. Once again, this is quite possibly unenforceable without ruining the backbone of the infrastructure we collectively use. People writing laws like thes are quite possibly unable to understand how it runs. The lack of technical knowledge is staggering.
Also what about SERVERS ? What are we supposed to do?
They will either give special permissions to relevant businesses (maybe an expensive Super Premium Golden Access), or use selective enforcement to only go after people/businesses that don’t comply to their overall authoritarianism and pose too much of a risk to the status quo.
They don’t care about the details they just want control.
That’s absolutely brilliant. Don’t let the rest of the world suffer for some people’s government’s stupidity. If the users in those regions disagree with their government, they can figure out other ways to get it and use it.
You can’t spell “based” without BSD.
Also, that’s pretty much the main reason why FOSS OS are better than proprietary ones. They’ll just say “okay, I guess we’ll just stick to free countries” (while subtly gesturing at the nearest VPN).
Meanwhile, Windows and MacOS are going to fold like origami.
OpenBSD did this because of cryptography laws and surprise surprise software written for it is now one of the vertebrae of our modern network stack
Good. I’m glad they’re standing up to this insanity.
It’s ironic though because it’s a California based OS.
By the way, anyone tried gaming on BSD?
Gaming on BSD isn’t as bad as you’d expect. There are Linux compatibility tools that let you run proton/wine on FreeBSD
Random shit breaks sometimes but once you get past the steep learning curve you can play a lot of titles
Genuinely asking, why would you use FreeBSD when there already is Linux?
“Linux” is like 12 different software projects in a trench coat. Like people in a trenchcoat, the whole thing falls apart if one of them goes missing. The BSDs (and most other sane operating systems, for that matter) are a monolith developed together for each other
FreeBSD has a fantastic handbook for starters. The whole system from the kernel to the userland is developed concurrently and fit together really well. Linux distros are all a hodgepodge of different parts with often only arbitrary or esoteric differences.
The filesystem layout is cleaner and makes more sense than what Linux distros typically do.
The network stack is super performant, so it’s great for servers. Security tools are also top notch.
Jails have done containers and virtualization extremely well for decades.
Native ZFS alone is a reason to use it. It’s the best filesystem. BTRFS has barely caught up with it.
DTrace for profiling performance and finding bottlenecks is fantastic and super powerful.
Less free software zealotry and crusaders leads to a friendlier community.
FreeBSD has proper UNIX pedigree.
More freedom, because you can for example distribute your own appliance that‘s based on FreeBSD without being restricted by the legal complications of the GPL.
Every FreeBSD release has 4 years of support.
Especially for servers, it’s great.
TrueNAS is based on FreeBSD and the best OS for a NAS, I have found so far.
Unfortunately TrueNAS dropped FreeBSD. I’m still on the FreeBSD version, but need to leave TrueNAS or switch to the Linux based version. I’ve not decided what to do yet.
See the headline we are all commenting on
Speaking as a brazilian resident, the law will not be enforced. No such laws are ever enforced here. Everybody openly pirates everything, people sell retro gaming systems preloaded with thousands of ROMs openly online and in physical shops, and the government doesn’t even have 1% of the surveillance infrastructure needed to make enforcement attractive. The law is just electoral posturing and lip service to please evangelical idiots… but I repeat myself.
MidnightBSD chose to be out of Brazil, like it happened with Rumble. This law will be enforced.
If you live in Brazil and probably South America for some time, you’ll know that it is hard to get hardware from Europe even from Ebay. It simply “does not ship to your destination”. Now with the Mercosur + EU agreement that may be easier, but if software keeps leaving, the hardware and hardware culture won’t be able to make up for it.
It’s just software leaving the margins, and it will get worse if Google keeps pushing Android and Mobile culture further. Brazil may just become as corporate-centric as India.
How do you mean about India? Please pardon my ignorance.
India is heading for IT centric jobs in large corporations, planning to be “the brain of the world”. With many IT consulting systems all over the world going through India. That’s the plan. And that will be done by large Indian corporations, like the Tata consulting mentioned on the article.
https://www.ft.com/content/b3c0b486-07a2-11dc-9541-000b5df10621
Speaking as a brazilian resident, the law will not be enforced. No such laws are ever enforced here. Everybody openly pirates everything, people sell retro gaming systems preloaded with thousands of ROMs openly online and in physical shops, and the government doesn’t even have 1% of the surveillance infrastructure needed to make enforcement attractive. The law is just electoral posturing and lip service to please evangelical idiots… but I repeat myself.
The law will most likely be enforced where it matters: smartphones from companies that “manufacture” them in Brazil (which is like 90% of market share of smartphones in Brazil).
So both Android and iOS will most likely start requiring some official ID to be provided or facial recognition to setup the device and/or to access both Play Store or App Store, which yeah, seems a bit concerning.
Also, if you read the law: https://www.planalto.gov.br/ccivil_03/_ato2023-2026/2025/lei/L15211.htm, or in this PDF in English: https://www.gov.br/mdh/pt-br/assuntos/noticias/2025/novembro/brasil-apresenta-avancos-em-seguranca-digital-da-infancia-e-lanca-eca-digital-em-ingles-durante-cupula-social-do-g20-na-africa-do-sul/eca-digital-ing-v2.pdf?ref=itsfoss.com, you can see the only thing an operating system (that does not come with under 18 age improper content, like pornographic content, in it’s installation media) really needs to implement is a self-declaration of being “age appropriate” to use the system, otherwise deny the installation of the OS.
Art. 12. Os provedores de lojas de aplicações de internet e de sistemas operacionais de terminais deverão:
I – tomar medidas proporcionais, auditáveis e tecnicamente seguras para aferir a idade ou a faixa etária dos usuários, observados os princípios previstos no art. 6º da Lei nº 13.709, de 14 de agosto de 2018 (Lei Geral de Proteção de Dados Pessoais);
II – permitir que os pais ou responsáveis legais configurem mecanismos de supervisão parental voluntários e supervisionem, de forma ativa, o acesso de crianças e de adolescentes a aplicativos e conteúdos; e
III – possibilitar, por meio de Interface de Programação de Aplicações (Application Programming Interface – API) segura e pautada pela proteção da privacidade desde o padrão, o fornecimento de sinal de idade aos provedores de aplicações de internet, exclusivamente para o cumprimento das finalidades desta Lei e com salvaguardas técnicas adequadas.
§ 1º O fornecimento de sinal de idade por meio de APIs deverá observar o princípio da minimização de dados, vedado qualquer compartilhamento contínuo, automatizado e irrestrito de dados pessoais de crianças e de adolescentes.
§ 2º A autorização para download de aplicativos por crianças e adolescentes dependerá de consentimento livre e informado dos pais ou responsáveis legais, prestado nos termos da legislação vigente, respeitada a autonomia progressiva, vedada a presunção de autorização na hipótese de ausência de manifestação dos pais ou responsáveis legais.
§ 3º Ato do Poder Executivo regulamentará os requisitos mínimos de transparência, de segurança e de interoperabilidade para os mecanismos de aferição de idade e de supervisão parental adotados pelos sistemas operacionais e pelas lojas de aplicativos.
The part where the operating system must implement age verification is here:
Art. 12. Os provedores de lojas de aplicações de internet e de sistemas operacionais de terminais deverão:
I – tomar medidas proporcionais, auditáveis e tecnicamente seguras para aferir a idade ou a faixa etária dos usuários, observados os princípios previstos no art. 6º da Lei nº 13.709, de 14 de agosto de 2018 (Lei Geral de Proteção de Dados Pessoais);
Which has been officially translated in the PDF to :
Art. 12. Providers of internet application stores and terminal operating systems shall:
I – take proportional, auditable, and technically secure measures to ascertain the age or age range of users, subject to the principles provided for in Art. 6 of Law No. 13,709, of August 14, 2018 (Brazilian Data Protection Law);
The II there, that states:
II – allow parents or legal guardians to configure voluntary parental supervision mechanisms and to actively supervise the access of children and adolescents to applications and content; and
Is totally optional, there’s no way any judge in Brazil could enforce that as mandatory to be implemented in all OSes and punish any OS that denies installation for under 18 age citizens of Brazil and does not provide such parental supervision mechanisms.
Now, for any digital media or computer application that either contains or provides direct access to age restricted content from the internet I suppose article 9 applies:
Art. 9º Os fornecedores de produtos ou serviços de tecnologia da informação que disponibilizarem conteúdo, produto ou serviço cuja oferta ou acesso seja impróprio, inadequado ou proibido para menores de 18 (dezoito) anos de idade deverão adotar medidas eficazes para impedir o seu acesso por crianças e adolescentes no âmbito de seus serviços e produtos.
§ 1º Para dar efetividade ao disposto no caput, deverão ser adotados mecanismos confiáveis de verificação de idade a cada acesso do usuário ao conteúdo, produto ou serviço de que trata o caput deste artigo, vedada a autodeclaração.
§ 2º Para os fins desta Lei, consideram-se impróprios ou inadequados para crianças e adolescentes os produtos, serviços ou conteúdos de tecnologia da informação que contenham material pornográfico, ou quaisquer outros vedados pela legislação vigente.
§ 3º Os provedores de aplicações de internet que disponibilizarem conteúdo pornográfico deverão impedir a criação de contas ou de perfis por crianças e adolescentes no âmbito de seus serviços.
So, yeah, if you are providing an operating system that itself comes with any age restricted content as Brazilian law stipulates (such as pornographic content), I think self-reporting of age would be damned insufficient due to § 1º there:
Art. 9. Providers of information technology products or services that make available content, products, or services whose offer or access is improper, inadequate, or prohibited for persons under 18 (eighteen) years of age shall adopt effective measures to prevent their access by children and adolescents within the scope of their services and products.
§ 1. To effectuate the provision of the caput, reliable age verification mechanisms shall be adopted for each user access to the content, product, or service referred to in the caput of this article, with self-declaration being prohibited
If there’s anything I’m missing here please point out.
Great analysis. But I’ve never heard of an OS that comes pre-loaded with porn, or with any media content other than the wallpapers and a few stock samples. Though I suppose there’s nothing stopping anyone from creating Bukkake Linux and shipping it.
It’s government trying to control people all over again.
Bolsonaro (Flávio) will probably make an argument saying that under him people will be free from control or something like that, but it’s just bullshit. What we would get under him is brazilian ICE (Internal Customs Enforcement - isn’t that funny).
The problem is, of course, if those evangelical idiots end up in power again they now have the power to wield it. (or to at least try)
This is different from pirating. The government will be going after the developers like they did Kim Dotcom.
Not the Brazilian government, is what I’m saying. At most they’ll tell ISPs to block a few websites, and they won’t comply without a judicial order. Our Supreme Court, STF, is actually sane unlike our legislators, so no such order will be given.
Remember what the maintainer of The Pirate Bay once said?
Never be too certain something won’t be enforced, as the power of capitalists are far worse than the public can imagine.
Maybe I’m too pessimistic, but this may just be the start. Big corps may find their way to control every aspect, step by step.
You’re right to give that warning, but Brazil isn’t a surveillance state like China or the USA. Our demons are different.
Of course, that could change in the future so a law like this shouldn’t stand regardless.
The amount of bootleg dvd shops I saw in Paraíba and the amount of friends that have uTorrent installed on their phones is more proof of that. I’m all for it, I wish bandwidth was better all around Brazil to make it easier for everyone to just download whatever you guys want, especially if it’s from an American company
Dedo no cú e gritaria
Is it strange that i understood this even though i’m Italian?
Well, Portuguese is a Latin language, so there’s a common root.
The law isn’t going to be enforced in CA either
That may be the best way to deal with the potential legal liabilities introduced by this unmitigated abject idiocy.
Good thing everybody can still torrent whatever they want from where ever they want. Or use IPFS. Or IRC DCC. Or Usenet. Or just a VPN.
Australian legislation specifically notes that all sites must age challenge users connecting via a VPN
That should be fun for people self hosting.
Well, good for them. I’m not Australian, get to vote for Australian lawmakers or host websites in Australia.
Is Australia going to pay every single website admin for the burden of implementing this wonderful magical logic to detect a given source IP(v4) belongs to a VPN provider? What about IPv6?
If I host a simple static website on a static webhost in Denmark say, and provide some otherwise perfectly legal OS ISO’s for download, how would I implement any logic at all? Why the fuck should I be subject to Australian laws?
The cookie acceptance of the GPDR was already bad enough and ruined so much of the Internet with no appreciative improvement of the privacy of visitors. If every Tom, Dick and Harry are going to place spurious demands on every website, it’ll do nothing except raise enormous barriers to entry and ensure that only huge players with the capacity to comply with demands from legislators all over the world will even be able to “legally” run websites at all. And then we can’t have an Internet or FOSS for that matter.
Maybe legislators should stop writing half-baked laws the consequences of which they apparently cannot comprehend.
It applies to websites not hosted in Australia, that may have Australians visiting the site via VPN
Enforcement is going to be interesting to watch
There are already services that catalogue VPN sources for webmasters to implement block lists
That’s why a said static webhost, i.e. paying for the ability to serve files, not run scripts or manage the webserver configuration. Sure, the hosting provider could be made responsible for the implementation, but now they have been encumbered with the burden and liability of policing which hosted sites needs this bullshit enabled and which are just a blog about making strawberry preserves or something.
Point is, it’s complete and utter twattery of the highest order. Never mind enforcement, I don’t even see how it would be reliably or consistently implemented.
And all that is in any case absolutely futile, because there’s still the matter of people being perfectly able of obtaining those self-same ISO’s from any number of other sources that are even more difficult to police, like the ones I originally mentioned, and about a thousand more where they came from.
This is a feature and not a bug. The biggest distro maintainers will try to comply and the smallest ones will start banning usage or even closing up shop.
Why do I get the feeling I will be distro hopping in the not-too-distant future?
Im just glad BSD is getting press.
haha I guess that’s one way to deal with it and do nothing at all. Doubtful they block the connections from those areas
IDK. It puts them at the forefront of this fight.
If governments successfully prosecute distro maintainers (if they can) for this, then distro maintainers are liable.
And distro maintainers would then have to pursue non-compliant users to cover that liability, or fold.
Which is a huge loss for open source.Or, there would be a huge legal fight and it turns out that the licence of a distro protects it from its users actions.
Which would be awesome and a massive win. It also makes sense. Nobody is suing an OS maintainer because it was used for a data breach.
And then the governments have to pursue the actual users. Which… is gonna be useless wrt these laws
how its done
Personally, I don’t think this is the answer. Like, I get it, and it’s a sure way to avoid having to deal with all this bs. But at the end of the day, the only people who suffer from this decision are the end users. It’s punishing them for something their government has implemented. Doesn’t seem right to me.
An important thing to understand here is that in America, the people have the power over their government. The people of California are responsible for putting the people who did this in power, and it’s their responsibility for getting them out again.
This is now in many countries, not just the US
It is not up to the developer community to take responsibility for the stupid decisions made by their government.
People get the leaders they deserve.
People get the leaders they deserve.
Sadly, they often do not.
Cutting services as opposed to complying is the better approach, since the other is a endorsement of it without consequences for regions putting it in place.
Things change for the worse overall even for those not subject to living in those regions when there’s no consequence to problematic decisions, and just shows those who enacted those changes can keep getting away with it.
Appeasement doesn’t tend to work out, and instead has a tendency to have the ideology of the troublesome region spread.
There is always the option of non compliance.
