That’s definitely false. Even in the most complex case, there’s always nixpkgs-unfree.
We can argue about how easy anything nix related is to use, but the implementation would be fairly trivial.
1 Like
TL;DR even if NixOS doesn’t enforce age verification (which I hope it doesn’t) I think this will definitely impact NixOS/applications in nixpkgs.
Been thinking about the potential impact for application packaging in nixpkgs with the below comment from 7c6f434c
My bet is that we will package whatever
libagebracketbecomes required dependency of Chromium for that purpose.
I definitely agree that browsers seem to me like an obvious future enforcement point for this. I imagine that popular libraries will emerge in various languages to solve this problem and that packages in nixpkgs will have to be updated for those applications/libraries to build successfully.
Additionally, I have found the Ubuntu Mailing list entry on this interesting for understanding what a potential implementation might look like: On the unfortunate need for an “age verification” API for legal compliance reasons in some U.S. states
The proposed solution:
I’d like to propose a “hybrid” approach; introduce a new standard D-Bus interface, `org.freedesktop.AgeVerification1`, that can be implemented by arbitrary applications as a distro sees fit. AccountsService could implement this API so that newer versions of distros will get the relevant features for free, while distros with an AccountsService too old to contain the feature can implement it themselves as a stop-gap solution.
Since Ubuntu/Canonical and Red Hat maintain much of the modern Linux desktop stack – even if NixOS doesn’t enforce age reporting (which I hope it never does/has to) – I imagine that if these things become standardized there is no way that these things won’t impact any modern Linux distribution.
2 Likes
I mean, yeah, but the extent of that impact will be a new ageVerificationEnabled option to services.accounts-daemon that does next to nothing. I don’t see this becoming a problem NixOS really has to care about.
In theory nixpkgs would need to grow some metadata and make nsfw stuff not evaluate by default, but frankly it’s probably cheaper for any US-based laptop vendors to pay the 10K fine if someone notices the one Californian kid running a laptop that came pre-loaded with NixOS. If they include a “not suitable for children in California” sticker, maybe it’s just 2.5K.
Even if someone goes out of their way to actually try to implement this, the impact would just be a new meta attribute that is mildly useful if you want nix to warn you when someone marks their package as NSFW.
From a technical perspective, the impact on NixOS is practically nil. From a user perspective, the impact is also nil; even in the US the dbus API will most likely return 18+ for every NixOS user.
The wider societal impact is a different story, but that has very little to do directly with Linux distros.
1 Like
I’ve only recently started using desktops at all until very recently and, finding them generally disagreeable, I’m very likely going to forego them again. Do we see the surface tooling being confined to the desktop layers?
Self-reported age declaration, per se, is arguably defensible (though I don’t make that case). My concern is the precedent this sets. It feels like the beginnings of a general auto-doxing mechanism. At the very least, I’d hope there are ways of explicitly monitoring what is about to be shared, with whom, and by what.
1 Like
The proposal adds it to the AccountsService DBus service, which is only enabled if you use a DE (or a glossy login manager like lightdm). I can see a world in which applications will start treating your user as being 12 by default if that service isn’t running, though.
1 Like
I don’t see this becoming a problem NixOS really has to care about.
Completely agreed.
That being said, I’m of the disposition where if it’s possible/not difficult to strip out age verification from things pulled in like dbus, I’d prefer that being the default on my systems. But, if it’s sitting there unused, then oh well. 
4 Likes
Tech journalist Bryan Lunduke reports that OS level age verification is required by law in Brazil from 17th of March 2026. So i guess, in roughly 2 weeks we’ll see whether there are any consequences for open source projects not complying with such laws. Apparently this goes beyond self reporting…
5 Likes
Maybe a silly question, but since enforcement and ID of OS would be dependent upon User-Agent, or Client Hints, or similar, wouldn’t it be trivial to obscure or spoof this anyway?
1 Like
I guess the normal, massively abused fingerprinting techniques would be at their disposal.
2 Likes
In addition to selling hardware with Linux installed, they are based in Colorado, which definitly makes things more complicated for them.
1 Like
I wanted to start this and say we are not lawyers at the end of the day, so please one stop giving advice like a laywer, because we don’t know. But with that out of the way, so I think it would be best to get legal advice from a professional opensource lawyer first for the foundation before making any calls, that way we are not making the wrong mistake and could get us into big legal trouble even if the org is based in netherlands.
so please one stop giving advice like a laywer
I’m not sure who this was directed to, but I don’t think anyone was under the impression that this thread is intended to replace legal advice.
That being said, I don’t think it’s an issue for non-lawyers like myself to try to understand the details of the legislation. i.e. If dbus gets updated with org.freedesktop.AgeVerification1 or a package like libagebracket does come out, it will be us non-lawyers who package it in nixpkgs.
I think it would be best to get legal advice from a professional opensource lawyer
Sounds like good feedback for the NixOS foundation 
– maybe contact them?
4 Likes
Not sure if this was directed at me, but I don’t think I was?
2 Likes
Large part of what worries me about this law is possible future provisions to make it temper-proof.
Letting users set an age and then filter the packages based on that age doesn’t seem terrible in itself.
I don’t think this law really suggests that their will a proactive system for enforcing the age verification. Enforcement might be limited to “groups of concerned parents” reporting non-compliant OSes.
3 Likes
I don’t think NSFW is the right label. The law requires multiple specific age ranges. And NSFW isn’t necessarily the same as 18+ either. I’d say zed-editor is SFW but they’ve recently announced to limit their services to 18+, sure they have later clarified that they are only talking about their AI features and not the actual application but I think you get the idea.
4 Likes
This will become the new “I accept cookies”… “User, please state your age”: “18.”
8 Likes
Letting users set an age and then filter the packages based on that age doesn’t seem terrible in itself.
Yes it does, who dictates what bucket something goes into, do we really want Jenifer the 42 year old Christian women dictating to the rest of the world that bluetooth is an adult thing because you can listen to devil music?
I want free software, not as paying for it, as in free from governments and powerful institutions.
6 Likes
Unfortunately, this is not possible. For one thing, the GPL is unenforceable without said institutions.
3 Likes
My guy I couldn’t care less about the enforceability of a license that everyone conveniently forgets when it matches their priors. I’m talking about actually following up on all of the philosophical grounds that this all stands on top of. Ethics != legality, and also legality subjective and influenced by a number of factors. What I’m proposing is block all downloads from all mirrors from any IP that may even be related to the state of California, not 1 inch not 1 mile, concede no ground.
Gov. Gav of California said the bill doesn’t go far enough, and that it needs to go farther. I think that is your answer, they are coming for your privacy and it isn’t a matter of if, it is when.
What I’m proposing is block all downloads from all mirrors from any IP that may even be related to the state of California, not 1 inch not 1 mile, concede no ground
I hope this isn’t the route things go. If my home state in the US ever decides to implement these overreaching policies (and it likely will) I would hate to be on the receiving end of this.
Edit: to be clear, I don’t think NixOS should change anything for these overreaching policies – but I don’t think punishing users for their legislators is ideal either.
1 Like