Hello, I want to share a public project I created in response to the ongoing discussions around OS-level age verification, age signaling, and related mechanisms in free software distributions:
https://github.com/AntiSurv/oss-anti-surveillance The project exists to document, track, oppose, and prepare the removal of OS-level surveillance, classification, and policy-enforcement mechanisms in free software distributions. This is not limited to one patch or one component. A visible implementation path is now emerging across multiple layers of the Linux stack, including provisioning flows, account metadata services, user records, and application-facing interfaces. The repository currently tracks public work around: * systemd userdb * xdg-desktop-portal * AccountsService * Ubuntu desktop provisioning * Archinstall It also records the relevant policy drivers and the technical propagation path, because the real issue is not just one field or one API. The issue is the normalization of a mechanism that does not belong in a general-purpose free operating system at all. The project’s position is explicit: * no OS-level age verification * no age signaling or age-bracket APIs * no client-side scanning or device-side inspection primitives * no passive downstream inheritance of such mechanisms * no geo-fencing users out of free software as a substitute for refusal I think that last point matters as much as the others. The false choice between “implement it” and “exclude users by jurisdiction” should be rejected. Debian should not build these mechanisms, and it should not abandon users because of where they live. Free software must remain accessible to all human beings. This also is not only a privacy issue in the abstract. Debian is valuable precisely because it does not classify, identify, or gate users as a condition of use. Many people depend on that in very practical ways: activists, journalists, whistleblowers, dissidents, vulnerable minorities, and users in authoritarian environments. Mechanisms that normalize classification or disclosure at the operating-system level are not a minor policy adjustment. They cut directly against the safety, universality, and trust that make Debian important. The repository is intended as a public dossier and working reference point. It includes: * a front page and project statement * a manifesto * a tracker of issues, PRs, and MRs * a policy and law background file * a technical architecture map * a component-by-component target list * a downstream stripping and reversal strategy The immediate goal is to keep the implementation path visible, linkable, and auditable so that these changes can be challenged upstream and, if they are merged anyway, stripped downstream rather than quietly inherited. If useful, I would welcome corrections, additional evidence, and links to relevant upstream or downstream work that should be tracked. Free software was written for users, not for surveillance.
