Who Spoke Out (Or Who Can’t?)

The first thing I want to touch on is the actual official statements from official open source operating systems. Or rather lack of responses. If you asked the average Linux Redditor, they would tell you many distributions have already responded. Of course, since new distributions are added every single day, we’re going to ignore the “mom and pop” distros and focus on the ones that have some degree of real influence.

As of time of writing, there’s only 2 major Linux distributions that have actually said something concrete about age verification: System76’s Pop!_OS and the server distribution Alma Linux. Some people may have extrapolated information from some others like Ubuntu and Fedora, but these are not concrete plans nor are they announcements about policies going forward.

This leads to the popular criticism about many open source projects that asks why they aren’t saying anything about age verification. You might hear someone criticize the Linux Foundation for not doing anything about age verification for example. Now, I’m not a lawyer, but I do know a thing or two about non-profit governance in the United States.

A while ago, I did some reading about why the Linux Foundation is not allowed to directly donate money to other open source projects like Mozilla, the GNOME Foundation, or the KDE e.V.. Here’s another question: why has the Linux Foundation remained silent about something like age verification? A vigilant viewer might notice that the Linux Foundation is filed under a 501(c)(6) and surely know that 501(c)(6) foundations are allowed to represent private interest or politics! However, a line many miss when reading financial statements like these is their Form 990’s Part 1 Summary and consider that the Linux Foundation is a business interest group.

EMPOWERING GENERATIONS OF OPEN SOURCE INNOVATORS.

The Linux Foundation Form 990 (2024)

Now people don’t want to hear this, but I don’t see how protesting age verification fits the goals of the Linux Foundation legally. People who run companies like Mozilla and the Linux Foundation need to carefully consider these things because while their public image and whether their activities fit their mission. Commenting about specific legislation could cause the Linux Foundation to lose their non-profit status and put their business in financial jeopardy.

This is why non-profits like the Electronic Frontier Foundation and Mozilla Foundation are able to take a stand against age verification. They are uniquely equipped to legally challenge the regulation and it fits their mission statement in preserving digital rights unlike the Linux Foundation. The legal angle probably isn’t interesting to many people, but I want to challenge anyone to learn about how mired these legal processes are and why non-profit companies are held to a different standard compared a private entity like System76.

It May Not Even Matter

The other thing to keep in mind is many of these laws haven’t been passed yet, but they have only been introduced. That’s still not great, but that’s far from a helpless situation, because that means there’s work to be done. One of the reasons I personally have resisted mentioning anything about age verification at all is because of this. Laws may be introduced, but they may not mean anything all. Now this might seem very dismissive of the concerns of others, but I want to analyze what has happened in history before.

Not too long ago in 2020, we experienced a global pandemic that changed the way we work, our economies, and lives. One of the biggest concerns that emerged the following years was digitally tracking others with contact tracing as a countermeasure to stop the spread of COVID-19. At the same time, Apple and Google offered a system to detect whether someone came in close proximity to someone with the virus. Despite the white papers and measures these apps took, people raised very similar if not the exact same concerns about age verification.

Even during the initial rollout of these systems, I never have seen anything about digital contact tracing in every day life. Only two entities asked to see my vaccine card didn’t even scan it, it was just given a quick glance over and that was my doctor’s office and my job, both of whom already have substantial information about my real life identity anyway. Years after the pandemic, these systems still exist in our phones today, but they have remained dormant. They were dead on arrival because the systems were explicitly opt-in and required mass adoption to maintain being privacy friendly.

It’s possible that age verification will have no weight, just like contact tracing. It might just be a popup that appears on Steam that asks for your birthday and it’s going to become just as annoying as those cookie banners that appear on virtually every single website. As far as I can tell, the American and European versions of age verification are very broad.

This isn’t even accounting all the regulation that gets bundled in or the words that get changed. That makes figuring out how to respond effectively and corporately to these laws a nightmare when they haven’t even been finished yet. A joint Harvard/Yale study by Stephen Ansolabehere and Shiro Kuriwaki suggest that US Congressional decisions typically only vote in tune with the average American 45% of the time. So with this logic and assuming age verification is universally hated, the House of Representatives, the Senate, and the President, all of whom have to agree. So since all of these bodies are politicians, that’s 30.25% with Congress, reduced to 16.3% with the House, and another 9.15% after the Senate.

This is grossly oversimplifying things and makes the bad assumption that all legislation has an equal chance of being passed, but in the US, 9/10 odds age verification will fail to pass in my country’s government is very contrary to what media outlets will tell you. As always with regulation, it’s inevitable that governments will hit that 9% and fail. We see this with recent legislation like Utah’s Senate Bill 7.3 banning on VPNs, but if the government can’t live up to enforcing such a law like somehow blocking every VPN and proxy, commercial or not, does the law really exist?

What Can You Actually Do?

This drives at the heart of the issue. The only solution to stop the advancement of age verification is not get on social media and furiously type but out in the real world and make meaningful political engagement. Protest every open source project or operating system you want, but at the end of the day, we all have to follow the law, so why not play a role in shaping it?

That leaves the most tried and true solution—writing a letter to your local politician. Because here’s another twist for most democratic countries: even if something is passed federally, the last line of defense is state laws, often which ignore or change what federal laws mean. Examples of include sanctuary cities, which in the current political climate operate against federal standards. There’s all kinds of ways enforcement can fail and drumming local resistance is part of the battle.

Learn How to Write Letters, Not Code

I’m not going to get into too much detail here, but I will say this much. While younger generations like Gen Z and Gen Alpha spend lots of time on the internet, to every prior generation, the internet is simultaneously a fantasy place where wizards (developers) cast arcane spells (to make apps) and the wild west where criminals roam unhindered. So here’s my starting list to write your letter to your politician:

• You need to make the assumption your correspondence is going to read by an intern, god forbid an AI, before it reaches the intended recipient.
• Keep it short and sweet. Politicians and their aides don’t have a lot of time.
• Make it look good. Learn how to use LibreOffice, ONLYOFFICE, or LaTeX to format a professional letter. Microsoft has a great website for this and if you like LaTeX, there’s Overleaf.
• Say who you are, whether a concern citizen or the pillar of a specific community, and why you are you writing what you are. Like resume writing, somebody might remember your letter if you say you collect bass guitars. How many people do you know do that?

Clearly state that you are against age verification and cite specific reasons why, appealing to the political biases of your representative.

• If they are right leaning, say that a federal age verification bill threatens to increase bureaucratic government spending towards the effort, unnecessary restrictions on small business, and takes away state freedoms.
• If they are left leaning, say federal age verification endangers at risk youth or threatens to take away the spaces where people share news, educational/health resources, or their personal lives.

To both parties, write how age verification strengthens tech companies by allowing them to choose the regulation they want and pass the blame off to the government. The reason many of them have bent over is because the alternative is allowing the government to write regulation for them. Leverage specific actions done by your representative and how they support your cause.

Lastly, you need to offer a concrete alternative. If not age verification, what instead? I would make the argument that the phrase “parents should parent their kids” is not enough and in some ways, downplays the role government can have, and can be off-putting to a reader/listener. The last thing people want to hear is somebody telling them how to do their job and that includes politicians, especially when said politicians might be parents themselves.

• If they are right leaning, say that nothing should be done to preserve the status quo. If it ain’t broke, don’t fix it. It’s to preserve traditional American values and the free market. It’s a way of the same message without outright saying it.
• If they are left leaning, suggest the effort goes towards educational resources to help minors and educators with the benefits and harms of social media and how they can protect themselves and others. The goal is to empower parents, zero to hero.

Owning The Message

Something to keep in mind here is this list is not comprehensive and these are all examples. The reason I didn’t include a letter template is because if the internet is getting overrun with AI slop, you bet some bozo mails AI slop and junk mail to your local politicians too. Make it your own. If you lack confidence in your writing skills, get started using an AI, but don’t expect it to replace your writing. Writing is not supposed to be easy, but AI is derivative of the work of others and a letter is about what you bring to the table.

This is an ongoing process. If you aren’t prepared to take steps beyond a letter, then there was no point in you writing to begin with. We’ve seen from the vitriol sent to developers and immediate violent reactions from online communities that being a keyboard warrior on social media isn’t the answer. It’s about meaningfully engaging with others in real life about the issue, not how much you can “thumbs down” someone on GitHub.

Why I Can’t Speak Out

Last but not least, I’m a sniveling armchair internet critic, but I’m also asking because I can’t. Since I choose explicitly not to use my real life identity, I am in the camp of one of those people who cannot write out to a governmental entity at the risk I’m identified. But I can beg all of you to and do so maturely. Many content creators have chosen this topic purely because it gets clicks and often use fear or anger to drive engagement.

Here’s a funny thing you can beg every streamer to do to waste the time of these age verification tasks: ask them to open their mouth and turn their head side to side very close to the camera. If enough streamers or YouTubers who complain with face cams, they can contribute to the fight by weaponizing their likenesses that are already scraped for AI training and public consumption.

On a more serious note, I have intentionally made the decision to separate YouTube from my personal/professional life. After seeing many channels devastated by demonetization, I have made the decision to never pursue YouTube in any professional capacity, not full time nor part time, so I have no financial incentive and all my upfront costs are covered by Patreon and Memberships. It might make me feel better if you give me money, but this measure is to keep me accountable, decline sponsorships to maintain my opinions, and keep making personal, quality content.

I don’t have a weekly news show that urges me to publish quick reactionary videos. I want my message to be thoughtful and as someone with a life, encourage others to do the same. At the end of the day, it’s how technology serves you, empowers you to make a better society, and survive all the nasty stuff big tech companies, their lobbyists, and politicians do to the rest of us.

The pet peeve of every single Windows power user and Linux loser is the sensational coverage of virtually anything related to Windows Recall. Recently, a series of scripts were concocted by Alexander Hagenah on GitHub to extract information and bypass the VBS protection of any data related to Windows Recall text, snapshots, and information.

While all of this was done without any elevated privileges or use of an administrative user, the issue is not something unique to Recall. Of course, this overlooking the fact that Recall is only present on Copilot+ PCs, which given the fact they were already a minority of PC marketshare and the fact nobody can afford computers right now makes me skeptical how widespread of a problem this could actually end up being.

That being said, I wouldn’t use Recall because I don’t want my CPU cycles being hogged just so Windows can attempt to make finding things I previously did easier. There has to be a better solution than calling a local AI to it for you.

I like David “DWIZZZLE” Weston’s talks, I just wish Microsoft would give him more screen time. Everything related to the Secured-Core PCs, the security model of the Xbox, and improved memory safety of Windows is all thanks to his team.

As of time of writing, PeerTube has degraded performance. In doing my part, I’m refraining from uploading.

Sources

• Microsoft faces fresh Windows Recall security concerns - Tom Warren, The Verge

Video References

• What’s New in Windows Security, Productivity and Cloud - Microsoft Ignite 2024
• Full Keynote: Introducing Copilot+ PCs
• Microsoft Windows 2030 Vision with David Weston
• The quote from Panos Panay comes from the 2021 Microsoft Windows Event
• The quote from Carmen Zlateff comes from the Microsoft Surface 2022 Event.

Track Listing

• gooset - SOLDIER

First of all, BGP routing problems don’t just affect Tor. They affect all kinds of network architecture like VPNs and certificate authorities. While I don’t have a complete understanding, the attacks presented by Princeton University’s team against Tor are not unique. A similar attack was documented by Certik against the crypto exchange KLAYswap. By that point, this seems out of scope of Tor when all of us could be hit.

Second, I’m not familiar with the specifics of what NoScript is doing, but the team has expressed that they need more data for building more up-to-date NoScript profiles. Seeing as I’m one of the only people on the planet who uses uBlock Origin advanced mode, I don’t know what the expectation is here nor what should be blocked in each mode except Default. The Tor security settings made sense back when NoScript was the only game in town, but there are plans integrating uBlock Origin into Tor and it’s going to take some time.

Third, on the Tor Browser no longer changing the user agent to Windows, user agents have long been broken. I constantly get questions on old videos and I’ll say it here, stop using user agent switchers. As long as you know what user agent you want (e.g. Chrome on Mac), you can use the responsive design mode in Firefox or “Inspect Element” in Chromium to change it. This feature exists for people who are web designers or app makers to test compatibility and responsiveness of their sites or apps.

Changing your user agent can fool certain scripts, but other scripts easily bypass it using fonts/CSS detection and find some way to detect your true operating system. Since Apple created Apple Silicon, the Tor Browser has reported the accurate “Firefox ESR on Mac” user agent because they mostly still are the only ARM users of the Tor Browser. When you think about it this way, it makes changing your user agent detrimental to your privacy because only weirdos and web devs change their user agent.

Fourth and finally, maybe consider not trusting sources that only show their sources in screenshots and make me go down rabbit holes online and yank things out of my brain. He clearly doesn’t know anything about Fair Use when he watched Reddit videos in a livestream with no meaningful commentary, previously claimed Proton is a honeypot without provided substantial proof, stole thumbnails from other YouTubers to use in videos, or complained about politics/open source rather than helping people or fixing problems. I hope one day the feds would pay me the money some people will likely accuse me of making. Maybe consider not getting your news from YouTubers, including me, especially when they use awful sources like Linuxiac, the Register, Tech Radar, Reddit, and X (formerly Twitter). This kind of critical thinking is taught in school to fifth graders or students in primary school.

Oh and happy Saturday to you all. I realized Meta Connect is this Wednesday, so I’ve had to slow down video production until it’s over. Shorts will be out for the last 4 tech events I’ve watched over the last 2 months, commentaries are out for Patrons/YouTube members, and the groundwork for 2 videos have been laid out, including one about the mythical Windows 12.

References

• Allen Day’s announcement of Steven’s departure
• Steven’s farewell post
• Coldplay concert exposes Astronomer CEO cheating on his spouse (@instaagraace on TikTok)

Track Listing

• Calum Bowen - The Artist’s House (from Pikuniku)

A lot of people feel like many open source developers are seemingly “spiteful” of “Linux users” or “Linux losers” as I’ve taken to calling them. The reason why is because the sign of a Linux loser is the tendency to immediately assume suspicion when there’s no reason to be distrustful. Look at how Linux losers respond to things like anything the Linux Foundation partnering with Chromium makers, GNOME and Wayland discussion, or when Canonical replaces the coreutils with Rust versions for example. I, and I presume many other open source projects, refuse to involve people in my community who are spreading uncertainty and suspicion.

As much as people bash corporate America, I think trust over suspicion is an important lesson that all of us can learn, because it makes us all better people. Of course, it’s important to remember what happens when trust is violated (look at what’s happening to Deepin/openSUSE as an example). Always give someone the benefit of the doubt, but verify and hold them to account.

It’s sad to hear that Charles Gagnon (charlesg99) isn’t going to be working on it anymore after people whined and complained about a donation button. I have never once experienced a bug in Dash to Panel and it’s a testament that Charles and the other contributors have kept up this quality for years.

The only way open source projects will get better is if they beg for money and make the effort worth the contributors’ time. So put that donation button back in. This isn’t a charity.

YouTube appears to be making it more difficult to sync things across the board. Though it’s on Peertube and Odysee, but even though I don’t use it, Rumble too.

The problem is my upload sucks and I can only dedicate so many nights to uploading a video, going to bed, and come morning to find it’s still not done. This last week with a 2.5 hour video was a nightmare.

Out of spite, I will still upload to Peertube, but now might be the time I drop Odysee for good. I’m nearing my breaking point dealing with the political garbage, bragging they removed Google Ads yet still tracking you, and the unprofessional nature of contacting support through Discord/email.

For those you protesting Odysee and Rumble in particular because they’re Trumpist platforms, this has impact on any platform that uses the auto-sync to compete with YouTube. The enshittification of YouTube sure isn’t getting any better and there’s only so much I can do.

References

• Peertube YouTube sync relies on youtube-dl (yt-dlp?) and YouTube frequently blocks server addresses.
• Odysee’s post about disabling YouTube syncing
• Rumble’s post about the difficulties of YouTube syncing

I’m tired of seeing comments complaining about GNOME being Apple (think “the devil”) or KDE breaking everyone’s fun by adding/changing 10 billion features.

Stop treating GNOME and KDE like they are consumer companies. They need time and talent and do everything for very little (monetary) gain. One of the reasons desktop Linux will never succeed with “normal” people is because there’s not enough hands to keep the duct-taped ship afloat. If people don’t step up, it will become a sinking ship very fast. Not to mention the people who think they can do better and jump ship only to rebuild the same exact ship some place else.

Some developers are very opinionated and bad at communicating because most developers don’t know how to communicate with people. They’re used to developing for themselves, but not with others. Don’t get me started on the marketing, branding, and UX design angle!

At the end of the day, there’s a person behind the screen and on those git servers, and making comments like this only dehumanizes them more. It’s easy for people to make blanket comments like this because they view these people as just as nebulous of the worst executives in Big Tech.

Show your developers some love more often or help out your favorite projects or software you use. If you don’t know how to program, use them, report problems, or do testing. It’d be nice for a change than complaining online.