This is a most excellent place for technology news and articles.
That may be the best way to deal with the potential legal liabilities introduced by this unmitigated abject idiocy.
Good thing everybody can still torrent whatever they want from where ever they want. Or use IPFS. Or IRC DCC. Or Usenet. Or just a VPN.
Australian legislation specifically notes that all sites must age challenge users connecting via a VPN
Well, good for them. I'm not Australian, get to vote for Australian lawmakers or host websites in Australia.
Is Australia going to pay every single website admin for the burden of implementing this wonderful magical logic to detect a given source IP(v4) belongs to a VPN provider? What about IPv6?
If I host a simple static website on a static webhost in Denmark say, and provide some otherwise perfectly legal OS ISO's for download, how would I implement any logic at all? Why the fuck should I be subject to Australian laws?
The cookie acceptance of the GPDR was already bad enough and ruined so much of the Internet with no appreciative improvement of the privacy of visitors. If every Tom, Dick and Harry are going to place spurious demands on every website, it'll do nothing except raise enormous barriers to entry and ensure that only huge players with the capacity to comply with demands from legislators all over the world will even be able to "legally" run websites at all. And then we can't have an Internet or FOSS for that matter.
Maybe legislators should stop writing half-baked laws the consequences of which they apparently cannot comprehend.
It applies to websites not hosted in Australia, that may have Australians visiting the site via VPN
Enforcement is going to be interesting to watch
There are already services that catalogue VPN sources for webmasters to implement block lists
That's why a said static webhost, i.e. paying for the ability to serve files, not run scripts or manage the webserver configuration. Sure, the hosting provider could be made responsible for the implementation, but now they have been encumbered with the burden and liability of policing which hosted sites needs this bullshit enabled and which are just a blog about making strawberry preserves or something.
Point is, it's complete and utter twattery of the highest order. Never mind enforcement, I don't even see how it would be reliably or consistently implemented.
And all that is in any case absolutely futile, because there's still the matter of people being perfectly able of obtaining those self-same ISO's from any number of other sources that are even more difficult to police, like the ones I originally mentioned, and about a thousand more where they came from.
Speaking as a brazilian resident, the law will not be enforced. No such laws are ever enforced here. Everybody openly pirates everything, people sell retro gaming systems preloaded with thousands of ROMs openly online and in physical shops, and the government doesn't even have 1% of the surveillance infrastructure needed to make enforcement attractive. The law is just electoral posturing and lip service to please evangelical idiots... but I repeat myself.
Remember what the maintainer of The Pirate Bay once said?
Never be too certain something won't be enforced, as the power of capitalists are far worse than the public can imagine.
Maybe I'm too pessimistic, but this may just be the start. Big corps may find their way to control every aspect, step by step.
You're right to give that warning, but Brazil isn't a surveillance state like China or the USA. Our demons are different.
Of course, that could change in the future so a law like this shouldn't stand regardless.
This is different from pirating. The government will be going after the developers like they did Kim Dotcom.
Not the Brazilian government, is what I'm saying. At most they'll tell ISPs to block a few websites, and they won't comply without a judicial order. Our Supreme Court, STF, is actually sane unlike our legislators, so no such order will be given.
The amount of bootleg dvd shops I saw in Paraíba and the amount of friends that have uTorrent installed on their phones is more proof of that. I'm all for it, I wish bandwidth was better all around Brazil to make it easier for everyone to just download whatever you guys want, especially if it's from an American company
Dedo no cú e gritaria
Is it strange that i understood this even though i'm Italian?
Well, Portuguese is a Latin language, so there's a common root.
The problem is, of course, if those evangelical idiots end up in power again they now have the power to wield it. (or to at least try)
Speaking as a brazilian resident, the law will not be enforced. No such laws are ever enforced here. Everybody openly pirates everything, people sell retro gaming systems preloaded with thousands of ROMs openly online and in physical shops, and the government doesn’t even have 1% of the surveillance infrastructure needed to make enforcement attractive. The law is just electoral posturing and lip service to please evangelical idiots… but I repeat myself.
The law will most likely be enforced where it matters: smartphones from companies that "manufacture" them in Brazil (which is like 90% of market share of smartphones in Brazil).
So both Android and iOS will most likely start requiring some official ID to be provided or facial recognition to setup the device and/or to access both Play Store or App Store, which yeah, seems a bit concerning.
Also, if you read the law: https://www.planalto.gov.br/ccivil_03/_ato2023-2026/2025/lei/L15211.htm, or in this PDF in English: https://www.gov.br/mdh/pt-br/assuntos/noticias/2025/novembro/brasil-apresenta-avancos-em-seguranca-digital-da-infancia-e-lanca-eca-digital-em-ingles-durante-cupula-social-do-g20-na-africa-do-sul/eca-digital-ing-v2.pdf?ref=itsfoss.com, you can see the only thing an operating system (that does not come with under 18 age improper content, like pornographic content, in it's installation media) really needs to implement is a self-declaration of being "age appropriate" to use the system, otherwise deny the installation of the OS.
Art. 12. Os provedores de lojas de aplicações de internet e de sistemas operacionais de terminais deverão:
I – tomar medidas proporcionais, auditáveis e tecnicamente seguras para aferir a idade ou a faixa etária dos usuários, observados os princípios previstos no art. 6º da Lei nº 13.709, de 14 de agosto de 2018 (Lei Geral de Proteção de Dados Pessoais);
II – permitir que os pais ou responsáveis legais configurem mecanismos de supervisão parental voluntários e supervisionem, de forma ativa, o acesso de crianças e de adolescentes a aplicativos e conteúdos; e
III – possibilitar, por meio de Interface de Programação de Aplicações (Application Programming Interface – API) segura e pautada pela proteção da privacidade desde o padrão, o fornecimento de sinal de idade aos provedores de aplicações de internet, exclusivamente para o cumprimento das finalidades desta Lei e com salvaguardas técnicas adequadas.
§ 1º O fornecimento de sinal de idade por meio de APIs deverá observar o princípio da minimização de dados, vedado qualquer compartilhamento contínuo, automatizado e irrestrito de dados pessoais de crianças e de adolescentes.
§ 2º A autorização para download de aplicativos por crianças e adolescentes dependerá de consentimento livre e informado dos pais ou responsáveis legais, prestado nos termos da legislação vigente, respeitada a autonomia progressiva, vedada a presunção de autorização na hipótese de ausência de manifestação dos pais ou responsáveis legais.
§ 3º Ato do Poder Executivo regulamentará os requisitos mínimos de transparência, de segurança e de interoperabilidade para os mecanismos de aferição de idade e de supervisão parental adotados pelos sistemas operacionais e pelas lojas de aplicativos.
The part where the operating system must implement age verification is here:
Art. 12. Os provedores de lojas de aplicações de internet e de sistemas operacionais de terminais deverão:
I – tomar medidas proporcionais, auditáveis e tecnicamente seguras para aferir a idade ou a faixa etária dos usuários, observados os princípios previstos no art. 6º da Lei nº 13.709, de 14 de agosto de 2018 (Lei Geral de Proteção de Dados Pessoais);
Which has been officially translated in the PDF to :
Art. 12. Providers of internet application stores and terminal operating systems shall:
I – take proportional, auditable, and technically secure measures to ascertain the age or age range of users, subject to the principles provided for in Art. 6 of Law No. 13,709, of August 14, 2018 (Brazilian Data Protection Law);
The II there, that states:
II – allow parents or legal guardians to configure voluntary parental supervision mechanisms and to actively supervise the access of children and adolescents to applications and content; and
Is totally optional, there's no way any judge in Brazil could enforce that as mandatory to be implemented in all OSes and punish any OS that denies installation for under 18 age citizens of Brazil and does not provide such parental supervision mechanisms.
Now, for any digital media or computer application that either contains or provides direct access to age restricted content from the internet I suppose article 9 applies:
Art. 9º Os fornecedores de produtos ou serviços de tecnologia da informação que disponibilizarem conteúdo, produto ou serviço cuja oferta ou acesso seja impróprio, inadequado ou proibido para menores de 18 (dezoito) anos de idade deverão adotar medidas eficazes para impedir o seu acesso por crianças e adolescentes no âmbito de seus serviços e produtos.
§ 1º Para dar efetividade ao disposto no caput, deverão ser adotados mecanismos confiáveis de verificação de idade a cada acesso do usuário ao conteúdo, produto ou serviço de que trata o caput deste artigo, vedada a autodeclaração.
§ 2º Para os fins desta Lei, consideram-se impróprios ou inadequados para crianças e adolescentes os produtos, serviços ou conteúdos de tecnologia da informação que contenham material pornográfico, ou quaisquer outros vedados pela legislação vigente.
§ 3º Os provedores de aplicações de internet que disponibilizarem conteúdo pornográfico deverão impedir a criação de contas ou de perfis por crianças e adolescentes no âmbito de seus serviços.
So, yeah, if you are providing an operating system that itself comes with any age restricted content as Brazilian law stipulates (such as pornographic content), I think self-reporting of age would be damned insufficient due to § 1º there:
Art. 9. Providers of information technology products or services that make available content, products, or services whose offer or access is improper, inadequate, or prohibited for persons under 18 (eighteen) years of age shall adopt effective measures to prevent their access by children and adolescents within the scope of their services and products.
§ 1. To effectuate the provision of the caput, reliable age verification mechanisms shall be adopted for each user access to the content, product, or service referred to in the caput of this article, with self-declaration being prohibited
If there's anything I'm missing here please point out.
It's government trying to control people all over again.
Bolsonaro (Flávio) will probably make an argument saying that under him people will be free from control or something like that, but it's just bullshit. What we would get under him is brazilian ICE (Internal Customs Enforcement - isn't that funny).
Great analysis. But I've never heard of an OS that comes pre-loaded with porn, or with any media content other than the wallpapers and a few stock samples. Though I suppose there's nothing stopping anyone from creating Bukkake Linux and shipping it.
You can't spell "based" without BSD.
Also, that's pretty much the main reason why FOSS OS are better than proprietary ones. They'll just say "okay, I guess we'll just stick to free countries" (while subtly gesturing at the nearest VPN).
Meanwhile, Windows and MacOS are going to fold like origami.
OpenBSD did this because of cryptography laws and surprise surprise software written for it is now one of the vertebrae of our modern network stack
This is a feature and not a bug. The biggest distro maintainers will try to comply and the smallest ones will start banning usage or even closing up shop.
Good. I'm glad they're standing up to this insanity.
It's ironic though because it's a California based OS.
By the way, anyone tried gaming on BSD?
Gaming on BSD isn't as bad as you'd expect. There are Linux compatibility tools that let you run proton/wine on FreeBSD
Random shit breaks sometimes but once you get past the steep learning curve you can play a lot of titles
Genuinely asking, why would you use FreeBSD when there already is Linux?
See the headline we are all commenting on
FreeBSD has a fantastic handbook for starters. The whole system from the kernel to the userland is developed concurrently and fit together really well. Linux distros are all a hodgepodge of different parts with often only arbitrary or esoteric differences.
The filesystem layout is cleaner and makes more sense than what Linux distros typically do.
The network stack is super performant, so it’s great for servers. Security tools are also top notch.
Jails have done containers and virtualization extremely well for decades.
Native ZFS alone is a reason to use it. It’s the best filesystem. BTRFS has barely caught up with it.
DTrace for profiling performance and finding bottlenecks is fantastic and super powerful.
Less free software zealotry and crusaders leads to a friendlier community.
FreeBSD has proper UNIX pedigree.
More freedom, because you can for example distribute your own appliance that‘s based on FreeBSD without being restricted by the legal complications of the GPL.
Every FreeBSD release has 4 years of support.
Especially for servers, it’s great.
TrueNAS is based on FreeBSD and the best OS for a NAS, I have found so far.
Unfortunately TrueNAS dropped FreeBSD. I'm still on the FreeBSD version, but need to leave TrueNAS or switch to the Linux based version. I've not decided what to do yet.
"Linux" is like 12 different software projects in a trench coat. Like people in a trenchcoat, the whole thing falls apart if one of them goes missing. The BSDs (and most other sane operating systems, for that matter) are a monolith developed together for each other
I don't see why a volunteer who lives in, say, Germany has to give a single shit about the law in California or Brazil. It's up to those regions to block MidnightBSD if they're that fucking stupid.
With all these internationally spanning laws lately maybe it's time we also had some kind of framework for dispute resolution - mostly something like nations staying behind their citizens in stuff like this, telling the other coubtry tp pound sand / do it themselves.
That's absolutely brilliant. Don't let the rest of the world suffer for some people's government's stupidity. If the users in those regions disagree with their government, they can figure out other ways to get it and use it.
haha I guess that's one way to deal with it and do nothing at all. Doubtful they block the connections from those areas
IDK. It puts them at the forefront of this fight.
If governments successfully prosecute distro maintainers (if they can) for this, then distro maintainers are liable.
And distro maintainers would then have to pursue non-compliant users to cover that liability, or fold.
Which is a huge loss for open source.
Or, there would be a huge legal fight and it turns out that the licence of a distro protects it from its users actions.
Which would be awesome and a massive win. It also makes sense. Nobody is suing an OS maintainer because it was used for a data breach.
And then the governments have to pursue the actual users. Which... is gonna be useless wrt these laws
Im just glad BSD is getting press.
ive been waiting to read headlines of this sort. cheers.
Why do I get the feeling I will be distro hopping in the not-too-distant future?
exasperated sigh I don't want to get too deep in it with people again. Here is a link to the California law and some clarifications. (I cannot speak for the Brazilian law as I am not from Brazil)
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
I have said this in other posts, but the linux community sticking their heads in the sand and pretending these states don't exist just leave MS, Google, and Apple to decide how this is implemented. I am glad some distro maintainers are taking this seriously and looking at what is the minimum they would need to implement to comply with the law.
To be clear I do not support this law. The definitions are written so loosely that it leaves much of it up to interpretation. It is clear that they did not meet with anyone in the industry before voting.
The law’s definition for operating system provider includes “general purpose computing device” so no, your toaster, microwave, and fridge are not included. (please remember that legal definitions do not always match how we would use the term in everyday conversation)
That does mean (by legal definitions in California) your toaster, microwave and fridge.
And really the choice of "pulling" support from areas with issue laws is the way, this law is not enforceable as written and is likely the easiest way for any OS to avoid legal issues. Just putting in a line that the OS is not supported in the state will not stop the OS being used but will stop legal issues from said state.
Didn't hear anything about it in Brazil. It's being done under the radar. Can't even find articles about it.
California L. Outsourcing child care to random people who are not even US citizens. Thats like forcing knife manufacturers to make the knives child-safe.
On a sidenote, while looking up the history of actual legal cases involving children in California, I stumbled upon a story of Joseph Hall, son of abusive, alcoholic, insignia wearing, salute throwing, nazi activist piece of shit Jeffrey Hall, whom, at age 10, he shot in his sleep after being given a gun by him, and for which he was put into juvenile detention centers for 12 years until he turned 23, instead of... idk... being declared a national hero and given a compensation for the society failing upon him.
