I’ve spent years championing Linux as the only escape from Big Tech, but I’m starting to get twitchy.
While we’re distracted by the Steam Deck making Linux “mainstream,” the corporate players and politicians are busy building a digital cage. Between California’s AB-1043 mandates and Microsoft’s “Face Check” infrastructure, I’m worried we’re heading for a hard schism: “Sanitised Linux” vs the “Free Rebel” distros.
If the compliant, age-gated version becomes the industry standard, where does that leave the rest of us? Digital exile?
I’ve put some thoughts together on why the “Golden Cage” is closing in and why education, not mandates, is the only real fix.
You must log in or register to comment.
This is why shaming the idiots who say things like “what’s the big deal, it’s just a field in a text file” is so important. They need to be made to understand that solidarity is required to resist the tyrants.
Ive been running Linux for close to a decade now and one thing that I’ve noticed is rarely brought up in Linux circles is that Linux Kernel Development is heavily funded by major big tech corpos. Examples include Microsoft, Google, Oracle, and IBM.
There is a vested corporate interest in keeping Linux well maintained as it is the OS that underpins the vast majority of corporate server architecture and infrastructure.
I’m not saying Linux development wouldn’t exist without them, but imho, Linux certainly wouldn’t be as ubiquitous as it is today without this corporate backing. Thusly, it is worth noting that in many ways, we Linux users have not escaped corporate influence simply from switching from Windows or MacOS to Linux.
We’ve maybe lessened it to some degree, but to think we are somehow immune to the misguided mandates from state governments, like the latest recent age verification laws, is misguided.
How the fuck is Linux a trap compared to the shenanigans of Microsoft?
Microsoft and other proprietary vendors are the trap, and Linux is the way to avoid it.I agree with you. The only thing I could see “Linux being a trap” would be, for people who expect Windows replacement without the Microsoft bullshit. So in one way this “could” be interpreted as a trap for those. But that is if I try to stretch it to justify calling it a trap.
I agree with you, that’s exactly what my post says.
Microsoft is the trap. My point is that “Sanitised Linux” is just Microsoft-style shenanigans being forced onto our ecosystem via regulation. I literally started the post by saying Linux is the only sanctuary left.
Linux is the only sanctuary left
Acktually there is still some Free and Open Source BSD variants. And for the lols we also have GNU Hurd. So even a world without Linux, does not mean we have to use Windows. (I don’t even count MacOS.)
OK I read it as Linux won’t cut it if we are forced to use Microsoft.
Microsoft will of course do everything possible to create that situation, as they’ve been doing very successfully since the 80’s.But here’s the thing, nobody knows what operating system you choose to install. This regulation will be equally as effective as anti-pirating legislation has been, which is to say, essentially nil.
Actually, even without “tracking” individuals, the metadata is still there. I can see from my own anonymous, privacy-respecting server stats exactly how many hits are coming from Android versus GNU/Linux. There is no personal data involved, but the OS “fingerprint” is clear.
If a small, self-hosted blog can see that high-level data, then a bank or a government gateway definitely can. The comparison to anti-piracy doesn’t quite work because you don’t have to “log in” to a pirated movie, but you do have to authenticate for the services that actually matter. That’s where the compliance gate gets locked.
An operating system can lie about that though. The only reason it doesn’t is because of convention.
There is no technical reason it couldn’t look like a different OS. Try changing your user agent, it’s that simple in most cases.
And services can choose to only allow operating systems which don’t lie, have anti-tamper mechanisms, and authenticate themselves cryptographically. It has definitely been easy to spoof your identity in the past, but OP is talking about where we might be heading in the future. Since the laws about OS:es having to partially identify the user is so obviously useless in its current form, don’t you think the corporations and politicians who are pushing for it are going to keep expanding it when they get the opportunity?
User agents are just the tip of the iceberg. Between TCP/IP stack fingerprinting and modern hardware attestation (TPM/Secure Boot), pretending to be a different OS is becoming a lot harder than just changing a string in your browser settings. The ‘handshake’ I mentioned before is at a much deeper level than that.
What people don’t realize is, that every year is the Year of Linux Desktop. We just beat the previous year. It’s like having a new world record every year.
The year of text based only Unix?
How would anyone place a 100% community driven distribution like Debian in such a cage? There’s no monetary leverage, the community is truly international, so local laws don’t apply …
Please note that it’s also one of the most prolific distributions, and the foundation p.e. for *buntu.If you’re living in an oppressive jurisdiction, your employer might obviously not allow you to use a truly free operating system, but that’s hardly Linux’s fault.
So if your favorite distribution is starting bullshit, just switch to the next one, there are literally thousands of them. That’s why “Year of the Linux desktop” is confusing: it’s “year of steamOs” or “year of *buntu”, probably even “year of Debian”, but most certainly never “year of the nixos desktop”.
You have choice. Use it.
How would anyone place a 100% community driven distribution like Debian in such a cage?
By getting the Debian deciding body to approve systemd a while back, for starters.
It’s apparently very easy.I swear people have rose tinted glasses as to the state of the init system before the current generation of system management daemons.
If you really want to have Debian without systemd there is always Duvean but the Debian architects are free to choose the technologies that solve the very real system orchestration problems that exist.
My real worry isn’t that Debian will cave, but that the services we use every day—banks, government sites, DRM-heavy media—will start checking for a “compliant” kernel. If those “invisible borders” get built, you might have a truly free OS that’s effectively useless for 90% of the modern web.
It’s not about the distro failing; it’s about the “compliant” versions becoming the only key to the door. We have the choice now, but the gap between “free” and “functional” is definitely getting wider.
How will they check for a compliant kernel, at a technical level? I haven’t seen any proposed way to do that that can’t be easily circumvented.
It’s less about a “scan” and more about the “handshake.” Look at things like Windows 11 requiring a TPM and Secure Boot, or the Microsoft Pluton chip being baked into newer CPUs.
They don’t need to inspect your code. They just need a cryptographic “attestation” that says your hardware and kernel are in a “known good” state. If your DIY kernel doesn’t have the right digital signature from the manufacturer, the service whether it’s a bank or a Netflix stream, simply says “computer says no” and denies the connection.
Sure, we’ll find workarounds, but for 99% of people, that “invisible border” is a brick wall.
Sure, we’ll find workarounds
I’d phrase it as “we might occasionally find workarounds that kinda work sometimes”. I tried running de-Googled Android on my phone for a while, and the only reason I could use it for online banking, pay for public transport, contact health services, etc. was because some people had reverse-engineered Google’s services (i.e. microG). It also stopped working every now and then when something changed, and to my knowledge Google could also shut it down instantly if they started encrypting their APIs. I wouldn’t bet on there always being workarounds if this push to lock down operating systems and online services continues.
Someone else posted something interesting/alarming the other day… With AI becoming more advanced and also more accessible, it’s going to be increasingly difficult to keep spam, scams, etc. at bay. If the mainstream computing world ends up in this gilded cage trap, even if a minority choose to maintain and use forks that stay outside the system, it might be quite difficult to keep for example a forum functional.
will start checking for a “compliant” kernel.
Reminds me of all the banking apps that rely on Google’s “secure” crap to run.
@halfdane This seems to be about more control, profits and data harvesting. Long live MX Linux.
If the compliant, age-gated version becomes the industry standard, where does that leave the rest of us?
With the distros that don’t comply, as always.
Well, if your banking and government services, game platforms like Steam, streaming platforms like Spotify and Netflix all start requiring “age DRM” on the system level, what choice do we have?
Use another system.
Change banks. File complaints with them.
Entertainment isn’t relevant to me.
I think if Linux becomes something for the masses it will no longer be for me. So I’m hoping that won’t happen.
End users just want their hand to be held by some kind of corporation. Happy to give up their information and privacy. To have no choices in interface etc.
Basically, Linux for the masses will look exactly like ChromeOS. Completely unusable for a power user with a need for privacy and control.
Meh it’s not like Linux is one static block of immutable code.
It’s modular.
So it’s not like all linux distros will evolve the same way. And OP points it out that some distros are affected by age verification laws while others are not at all.
So I think it makes no sense to panic and thinking all linux will converge to some Windows ersatz…
I think the fact there is so many distros out there is our strength but also what prevents people from discovering the right linux for them.
So this will be the year of linux discovery imo and all linux user should help out new users finding their way to a linux that fit them for their journey to freedom.
Not really but you do see already that Linux is becoming more opinionated. For example recently kde introduced a new display manager (to replace sddm) that requires systemd.
It’s becoming harder to get off the beaten track.
End users just want their hand to be held by some kind of corporation.
SheepleOS
I had similar thoughts, but at the same time i honestly think that wouldn’t be an issue because of the nature of linux and it being free and open source. There’s bound to be distros out there that won’t conform to whatever bs the corpos come up with.
ChromeOS is basically the blueprint for the “Gold Cage”. My real worry is that “security” is just becoming a convenient excuse to swap user ownership for corporate control. Once that “masses” version becomes the legal standard for compliance, the rest of us are basically looking at digital exile.
It’s just the buzz-word of FOSS enthusiasts.
It is a myth, always has been. But the worry isn’t the “Year of Linux” happening, it’s the corporate version of it being forced on us via regulation.
I can confirm it is. I entered Linux, it’s been a decade and I’m comfortable. I can’t leave, not that I’ve been given a reason.
I don’t think we’ll see a “year of Linux” per say, I think we’re not likely to see either a decade or generational shift to Linux.
I’ve been using Windows and Android all my life, so it’s what I got used to. I’m in my 30’s now and over the last year or so I’ve slowly been introducing myself to Mint Linux on my laptop for basic web browsing and Ubuntu Linux 24.04 on my home server for hosting my own data. In some ways it’s actually a lot easier than I thought it would be, but I’m still learning a new language.
On the one hand I considered myself pretty technically savvy, until I dove head first into Linux and quickly discovered how much I really didn’t know. On the other hand, I am learning as I go given enough repetition.
I have somewhat similar concerns. I’m not as worried about sanitized Linux as I am about new mandates entrenching Microsoft, Apple, and Google as the only valid options. Even it it is an enormous pain in the ass for everyone, including those big three, it would infinitely preferably for them to more widespread adoption of alternatives.
Just propose solutions/mandates that are fundamentally incompatible with GPL and FOSS ideals, or deeply contentious within open source communities and you can do irreparable damage to the growth of Linux and any space that needs to adapt to those new mandates. Linux moving into education? Pretend it is needed to protect the children. Linux moving into government? Pretend it’s needed to protect security or efficiency. Linux moving into the workplace? Pretend it’s needed to protect AI or liability or synergy or whatever the fuck gets CEO dicks hard these days. BAM - Linux gets hit with massive internal strife and splitting of vital communities and resources. I know it was already absurdly contentious before, but seeing what happened when storing a users age hit systemd really worried me.
I think it’s already been kind of ongoing by co-opting or even creating “open source initiatives” from the business world who ultimately just jump in when things look mature and rapidly implement profit extraction and enshittification.
The systemd age-storage drama was a massive red flag. It showed how easily a “safety” mandate can be used as a wedge into the lower levels of the stack.
My worry is exactly what you said: politicians creating “compliance” requirements that are fundamentally toxic to the GPL or the way community distros operate. It’s not about making Linux better; it’s about making it legally unviable for anyone but a massive corporation to maintain. Digital enshittification via regulation.
Thesystemdage-storage dramawas a massive red flag.There, FTFY.
I know what you mean, at work right now when you run Linux they don’t give you support but they also don’t enforce any of the bullshit but skill give you VPN access to the work resources.
On win and Mac they dust disabled USB storage access and there is a to other bullshit going in TN the name of security while everyone uploads their code to openai or anthropic because they’re pushing for it
So now I am hidden from IT, when those Sanitized Linux ditros start showing up they will build in the same bullshit as they have from win and Mac now and then I’m fucked, because they will force me to use them
I think it’s helpful to put some thought into why you use Linux and what you really need from it. I use it primarily for choice, privacy, and to just not be using anything by Microsoft/Apple/Google. Security is nice to have but it’s not the reason I’m using Linux, so handing over my photo ID to a third party I trust is an acceptable if disappointing risk.
Sure, my OS will be tied to my ID, but as long as my online traffic isn’t that should be fine. If they wanted to monitor my online traffic it would make far more sense to do it at the VPN level instead. Not by having my open source operating system redirect my traffic so that it’s associated with my ID.
The big risk is social media requiring proof of ID. Bots are becoming more and more common and proof of ID available at the OS level on Windows, Mac, and Android would be very tempting for social media. That’s a different concern though.
Security is nice to have but it’s not the reason I’m using Linux, so handing over my photo ID to a third party I trust is an acceptable if disappointing risk.
And for us who don’t find it an acceptable risk? Will I need an ID to read a book next?
You need ID to drive a car, which is essential in modern America. Worse still you need ID to rent a house and that’s normally getting fed straight into a massive insecure database. The advantage of Linux is that we could theoretically choose who we give our ID to (whether that’s Red Hat, Ubuntu, OpenSUSE, Debian, Arch, etc). Handing over your ID is necessary for some essential parts of modern life, and while I wouldn’t want to hand it over to access my operating system, I would be able to accept it.
Thinking critically, let’s imagine that only government approved companies could verify your ID and those companies are Google, Apple, Microsoft, and Persona. At that point I’d … really hate it but I’d hand over my ID. Then I’d double check my operating system isn’t logging and sharing my internet traffic.
There’s no indication that our online traffic will be required by law to be linked with our proven ID. If such a thing does happen, then firstly we are totally screwed, and secondly it would likely involve all major websites participating. We fundamentally won’t be able to get around it in that case.
I think that’s a dangerous assumption to make. If the OS is tied to your physical identity, the ‘VPN’ layer becomes much less of a shield. Once the kernel level is ‘compliant’ with an ID check, the metadata being leaked or even the hardware ID itself makes anonymity a lot harder to maintain.
You’re right about the social media risk, but the OS is the foundation. If you give up the keys to the house, it doesn’t matter how many extra locks you put on the individual room doors. That ‘disappointing risk’ is exactly how the ‘invisible borders’ start getting built.
Parts of what you just said are not really a proper response to what I said, either because of accuracy or relevance. So I’m just going to address the one important part of what you said, metadata.
I didn’t consider metadata because I treat proof of age as what it is, proof of age with proof of identity being incidental. If visiting a website requires handing over my full birthday, “hardware ID”, or real identity then I would be concerned, but we’re not there yet.
It’s a widely held view in the general public that you should be able to browse the internet privately just like you should be able to browse a library without the government seeing a log of every book you read, and I hope that would be enough to resolve this. The general public is not very concerned about browser fingerprinting, which effectively erases user privacy, but government mandated sharing of your identity online would be a red line that would get the normies involved.
You’re right that the average person doesn’t care about fingerprinting, but that’s exactly the problem. To me, browser fingerprinting isn’t just a technical quirk, it’s a violation of privacy that effectively erases your ability to be anonymous, regardless of whether you have a VPN or not.
If we let OS-level ID checks become the standard because people don’t care, we’re essentially legitimising that tracking. My red line isn’t just a government log of my identity, it’s the fact that the tech is being built to make that log possible in the first place. Once the infrastructure is there, the incidental proof of identity quickly becomes the primary feature.
Your response again doesn’t really follow from what I wrote. It retains some key words but not the ideas.
Browser fingerprinting which exists because the average person can’t be bothered concealing it and the theoretical sharing of your ID with the sites you visit due to a government mandate are two entirely different things. The relevant difference is that the government doesn’t mandate browser fingerprinting, it exists because it is technologically possible and the mitigation measures are more inconvenient than the average user is willing to deal with.
As for normalizing OS-level ID checks as a slippery slope towards sharing your full ID as part of a HTTP request … firstly that is not something you can get around with an alternative distro anyway, because it would involve all major websites. Secondly, that is a hypothetical within a hypothetical. Thirdly, if that really is the path that we’re on, now is not is not the most effective time to oppose it, because the slippery slope argument is far more persuasive from the bottom of the slope.
EDIT: I think I just did the same thing I accused you of, talking past you. My response basically just rejects your core conceit, that being a distinction between the private power-user experience and the non-private normie experience, and nothing else. I’ll need to edit this.
EDIT 2: Okay, fixed.
It needs to be controlled to make a profit. Once something you love becomes popular the bulldozers will move in.
t’s the “corporate enshittification” cycle. Once Linux becomes a viable market for the mass-market predators, they won’t just move in, they’ll try to legally mandate the bulldozing.
