this post was submitted on 10 Mar 2026
220 points (99.5% liked)

Technology

82488 readers
3787 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
220
MidnightBSD Bans Users in Brazil and California, Warns More Regions Could Follow (itsfoss.com)
submitted 19 hours ago by throws_lemy@lemmy.nz to c/technology@lemmy.world
43 comments fedilink hide all child comments
 

MidnightBSD, a FreeBSD-based desktop operating system, has quietly updated its README to reflect a new geographic restriction. The project has added a clause that bars residents of any country, state, or territory with OS-level age verification mandates from using MidnightBSD

top 43 comments
sorted by: hot top controversial new old
[–] Archr@lemmy.world 1 points 28 minutes ago (1 children)

exasperated sigh I don't want to get too deep in it with people again. Here is a link to the California law and some clarifications. (I cannot speak for the Brazilian law as I am not from Brazil)

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043

  • The law does not require ID verifications it only required that a parent indicate the age of their child when setting up their account.
  • The law's definition for operating system provider includes "general purpose computing device" so no, your toaster, microwave, and fridge are not included. (please remember that legal definitions do not always match how we would use the term in everyday conversation)
  • An "accessible interface" is not well defined here. But it could be as simple as a system call rather than a REST API call. Similar to open file or malloc. (this means no centralized government server storing the data)

I have said this in other posts, but the linux community sticking their heads in the sand and pretending these states don't exist just leave MS, Google, and Apple to decide how this is implemented. I am glad some distro maintainers are taking this seriously and looking at what is the minimum they would need to implement to comply with the law.

To be clear I do not support this law. The definitions are written so loosely that it leaves much of it up to interpretation. It is clear that they did not meet with anyone in the industry before voting.

[–] M0oP0o@mander.xyz 1 points 12 minutes ago

The law’s definition for operating system provider includes “general purpose computing device” so no, your toaster, microwave, and fridge are not included. (please remember that legal definitions do not always match how we would use the term in everyday conversation)

That does mean (by legal definitions in California) your toaster, microwave and fridge.

And really the choice of "pulling" support from areas with issue laws is the way, this law is not enforceable as written and is likely the easiest way for any OS to avoid legal issues. Just putting in a line that the OS is not supported in the state will not stop the OS being used but will stop legal issues from said state.

[–] TheSeveralJourneysOfReemus@lemmy.world 3 points 4 hours ago* (last edited 4 hours ago) (1 children)

how this would actually be enforced; maybe the official website and download mirrors for MidnightBSD will be out of reach for people in those regions. Of course, a tech-savvy crowd who uses MidnightBSD will know how to bypass such an embargo. It makes you wonder how effective such age verification laws are. Oh wait, some of these so-called public servants are also pushing for VPNs to be banned.

As it stands these laws are unenforcable, and plenty of businesses would be impacted. First, think of the meaning of ' internet connected device, with an operating system '; such vague definition. Is a modern fridge, sensor or monitoring system supposed to verify the age of any user that comes in touch with these? Impractical. Second, any commercial activity has computers running everything. These computers are not registered for any single user, but for the activity as a whole. The emplyees may insert a code when they operate the computer (emplyee - Id within the business) but that's it. Office complexes would be decimated by this stupid setup. And there comes the VPN ban. Again, plenty of businesses rely on vpn and private networks. Once again, this is quite possibly unenforceable without ruining the backbone of the infrastructure we collectively use. People writing laws like thes are quite possibly unable to understand how it runs. The lack of technical knowledge is staggering.

Also what about SERVERS ? What are we supposed to do?

[–] TrollTrollrolllol@lemmy.world 1 points 1 hour ago

They don't care about the details they just want control.

[–] shortwavesurfer@lemmy.zip 12 points 8 hours ago

That's absolutely brilliant. Don't let the rest of the world suffer for some people's government's stupidity. If the users in those regions disagree with their government, they can figure out other ways to get it and use it.

[–] MousePotatoDoesStuff@lemmy.world 17 points 10 hours ago

You can't spell "based" without BSD.

Also, that's pretty much the main reason why FOSS OS are better than proprietary ones. They'll just say "okay, I guess we'll just stick to free countries" (while subtly gesturing at the nearest VPN).

Meanwhile, Windows and MacOS are going to fold like origami.

[–] ZombieCyborgFromOuterSpace@piefed.ca 18 points 13 hours ago* (last edited 13 hours ago) (1 children)

Good. I'm glad they're standing up to this insanity.

It's ironic though because it's a California based OS.

By the way, anyone tried gaming on BSD?

[–] ryannathans@aussie.zone 5 points 13 hours ago (1 children)

Gaming on BSD isn't as bad as you'd expect. There are Linux compatibility tools that let you run proton/wine on FreeBSD

Random shit breaks sometimes but once you get past the steep learning curve you can play a lot of titles

[–] BennyTheExplorer@lemmy.world 1 points 11 hours ago* (last edited 11 hours ago) (2 children)

Genuinely asking, why would you use FreeBSD when there already is Linux?

[–] Samskara@sh.itjust.works 1 points 2 hours ago (1 children)

FreeBSD has a fantastic handbook for starters. The whole system from the kernel to the userland is developed concurrently and fit together really well. Linux distros are all a hodgepodge of different parts with often only arbitrary or esoteric differences.

The filesystem layout is cleaner and makes more sense than what Linux distros typically do.

The network stack is super performant, so it’s great for servers. Security tools are also top notch.

Jails have done containers and virtualization extremely well for decades.

Native ZFS alone is a reason to use it. It’s the best filesystem. BTRFS has barely caught up with it.

DTrace for profiling performance and finding bottlenecks is fantastic and super powerful.

Less free software zealotry and crusaders leads to a friendlier community.

FreeBSD has proper UNIX pedigree.

More freedom, because you can for example distribute your own appliance that‘s based on FreeBSD without being restricted by the legal complications of the GPL.

Every FreeBSD release has 4 years of support.

Especially for servers, it’s great.

TrueNAS is based on FreeBSD and the best OS for a NAS, I have found so far.

[–] Lee@retrolemmy.com 1 points 1 hour ago* (last edited 1 hour ago)

Unfortunately TrueNAS dropped FreeBSD. I'm still on the FreeBSD version, but need to leave TrueNAS or switch to the Linux based version. I've not decided what to do yet.

[–] ryannathans@aussie.zone 6 points 11 hours ago

See the headline we are all commenting on

[–] Peruvian_Skies@sh.itjust.works 55 points 18 hours ago (6 children)

Speaking as a brazilian resident, the law will not be enforced. No such laws are ever enforced here. Everybody openly pirates everything, people sell retro gaming systems preloaded with thousands of ROMs openly online and in physical shops, and the government doesn't even have 1% of the surveillance infrastructure needed to make enforcement attractive. The law is just electoral posturing and lip service to please evangelical idiots... but I repeat myself.

[–] ruan@lemmy.eco.br 1 points 1 hour ago

Speaking as a brazilian resident, the law will not be enforced. No such laws are ever enforced here. Everybody openly pirates everything, people sell retro gaming systems preloaded with thousands of ROMs openly online and in physical shops, and the government doesn’t even have 1% of the surveillance infrastructure needed to make enforcement attractive. The law is just electoral posturing and lip service to please evangelical idiots… but I repeat myself.

The law will most likely be enforced where it matters: smartphones from companies that "manufacture" them in Brazil (which is like 90% of market share of smartphones in Brazil).

So both Android and iOS will most likely start requiring some official ID to be provided or facial recognition to setup the device and/or to access both Play Store or App Store, which yeah, seems a bit concerning.

Also, if you read the law: https://www.planalto.gov.br/ccivil_03/_ato2023-2026/2025/lei/L15211.htm, or in this PDF in English: https://www.gov.br/mdh/pt-br/assuntos/noticias/2025/novembro/brasil-apresenta-avancos-em-seguranca-digital-da-infancia-e-lanca-eca-digital-em-ingles-durante-cupula-social-do-g20-na-africa-do-sul/eca-digital-ing-v2.pdf?ref=itsfoss.com, you can see the only thing an operating system (that does not come with under 18 age improper content, like pornographic content, in it's installation media) really needs to implement is a self-declaration of being "age appropriate" to use the system, otherwise deny the installation of the OS.

Art. 12. Os provedores de lojas de aplicações de internet e de sistemas operacionais de terminais deverão:

I – tomar medidas proporcionais, auditáveis e tecnicamente seguras para aferir a idade ou a faixa etária dos usuários, observados os princípios previstos no art. 6º da Lei nº 13.709, de 14 de agosto de 2018 (Lei Geral de Proteção de Dados Pessoais);

II – permitir que os pais ou responsáveis legais configurem mecanismos de supervisão parental voluntários e supervisionem, de forma ativa, o acesso de crianças e de adolescentes a aplicativos e conteúdos; e

III – possibilitar, por meio de Interface de Programação de Aplicações (Application Programming Interface – API) segura e pautada pela proteção da privacidade desde o padrão, o fornecimento de sinal de idade aos provedores de aplicações de internet, exclusivamente para o cumprimento das finalidades desta Lei e com salvaguardas técnicas adequadas.

§ 1º O fornecimento de sinal de idade por meio de APIs deverá observar o princípio da minimização de dados, vedado qualquer compartilhamento contínuo, automatizado e irrestrito de dados pessoais de crianças e de adolescentes.

§ 2º A autorização para download de aplicativos por crianças e adolescentes dependerá de consentimento livre e informado dos pais ou responsáveis legais, prestado nos termos da legislação vigente, respeitada a autonomia progressiva, vedada a presunção de autorização na hipótese de ausência de manifestação dos pais ou responsáveis legais.

§ 3º Ato do Poder Executivo regulamentará os requisitos mínimos de transparência, de segurança e de interoperabilidade para os mecanismos de aferição de idade e de supervisão parental adotados pelos sistemas operacionais e pelas lojas de aplicativos.

The part where the operating system must implement age verification is here:

Art. 12. Os provedores de lojas de aplicações de internet e de sistemas operacionais de terminais deverão:

I – tomar medidas proporcionais, auditáveis e tecnicamente seguras para aferir a idade ou a faixa etária dos usuários, observados os princípios previstos no art. 6º da Lei nº 13.709, de 14 de agosto de 2018 (Lei Geral de Proteção de Dados Pessoais);

Which has been officially translated in the PDF to :

Art. 12. Providers of internet application stores and terminal operating systems shall:

I – take proportional, auditable, and technically secure measures to ascertain the age or age range of users, subject to the principles provided for in Art. 6 of Law No. 13,709, of August 14, 2018 (Brazilian Data Protection Law);

The II there, that states:

II – allow parents or legal guardians to configure voluntary parental supervision mechanisms and to actively supervise the access of children and adolescents to applications and content; and

Is totally optional, there's no way any judge in Brazil could enforce that as mandatory to be implemented in all OSes and punish any OS that denies installation for under 18 age citizens of Brazil and does not provide such parental supervision mechanisms.

Now, for any digital media or computer application that either contains or provides direct access to age restricted content from the internet I suppose article 9 applies:

Art. 9º Os fornecedores de produtos ou serviços de tecnologia da informação que disponibilizarem conteúdo, produto ou serviço cuja oferta ou acesso seja impróprio, inadequado ou proibido para menores de 18 (dezoito) anos de idade deverão adotar medidas eficazes para impedir o seu acesso por crianças e adolescentes no âmbito de seus serviços e produtos.

§ 1º Para dar efetividade ao disposto no caput, deverão ser adotados mecanismos confiáveis de verificação de idade a cada acesso do usuário ao conteúdo, produto ou serviço de que trata o caput deste artigo, vedada a autodeclaração.

§ 2º Para os fins desta Lei, consideram-se impróprios ou inadequados para crianças e adolescentes os produtos, serviços ou conteúdos de tecnologia da informação que contenham material pornográfico, ou quaisquer outros vedados pela legislação vigente.

§ 3º Os provedores de aplicações de internet que disponibilizarem conteúdo pornográfico deverão impedir a criação de contas ou de perfis por crianças e adolescentes no âmbito de seus serviços.

So, yeah, if you are providing an operating system that itself comes with any age restricted content as Brazilian law stipulates (such as pornographic content), I think self-reporting of age would be damned insufficient due to § 1º there:

Art. 9. Providers of information technology products or services that make available content, products, or services whose offer or access is improper, inadequate, or prohibited for persons under 18 (eighteen) years of age shall adopt effective measures to prevent their access by children and adolescents within the scope of their services and products.

§ 1. To effectuate the provision of the caput, reliable age verification mechanisms shall be adopted for each user access to the content, product, or service referred to in the caput of this article, with self-declaration being prohibited

If there's anything I'm missing here please point out.

[–] caschb@lemmy.world 1 points 5 hours ago

The problem is, of course, if those evangelical idiots end up in power again they now have the power to wield it. (or to at least try)

[–] atkdef@lemmy.dbzer0.com 26 points 14 hours ago (1 children)

Remember what the maintainer of The Pirate Bay once said?

Never be too certain something won't be enforced, as the power of capitalists are far worse than the public can imagine.

Maybe I'm too pessimistic, but this may just be the start. Big corps may find their way to control every aspect, step by step.

[–] Peruvian_Skies@sh.itjust.works 2 points 5 hours ago

You're right to give that warning, but Brazil isn't a surveillance state like China or the USA. Our demons are different.

Of course, that could change in the future so a law like this shouldn't stand regardless.

[–] lastlybutfirstly@lemmy.world 10 points 12 hours ago (1 children)

This is different from pirating. The government will be going after the developers like they did Kim Dotcom.

[–] Peruvian_Skies@sh.itjust.works 1 points 5 hours ago

Not the Brazilian government, is what I'm saying. At most they'll tell ISPs to block a few websites, and they won't comply without a judicial order. Our Supreme Court, STF, is actually sane unlike our legislators, so no such order will be given.

[–] BigDaddySlim@lemmy.world 7 points 16 hours ago

The amount of bootleg dvd shops I saw in Paraíba and the amount of friends that have uTorrent installed on their phones is more proof of that. I'm all for it, I wish bandwidth was better all around Brazil to make it easier for everyone to just download whatever you guys want, especially if it's from an American company

[–] wrinkle2409@lemmy.cafe 6 points 17 hours ago (1 children)

Dedo no cú e gritaria

[–] RVGamer06@sh.itjust.works 3 points 10 hours ago (1 children)

Is it strange that i understood this even though i'm Italian?

[–] Quazatron@lemmy.world 2 points 9 hours ago

Well, Portuguese is a Latin language, so there's a common root.

[–] xxce2AAb@feddit.dk 71 points 19 hours ago (1 children)

That may be the best thing to deal with the potential legal liabilities introduced by this unmitigated abject idiocy.

Good thing everybody can still torrent whatever they want from where ever they want. Or use IPFS. Or IRC DCC. Or Usenet. Or just a VPN.

[–] ryannathans@aussie.zone 6 points 12 hours ago (2 children)

Australian legislation specifically notes that all sites must age challenge users connecting via a VPN

[–] Dultas@lemmy.world 1 points 4 hours ago

That should be fun for people self hosting.

[–] xxce2AAb@feddit.dk 12 points 12 hours ago* (last edited 12 hours ago) (1 children)

Well, good for them. I'm not Australian, get to vote for Australian lawmakers or host websites in Australia.

Is Australia going to pay every single website admin for the burden of implementing this wonderful magical logic to detect a given source IP(v4) belongs to a VPN provider? What about IPv6?

If I host a simple static website on a static webhost in Denmark say, and provide some otherwise perfectly legal OS ISO's for download, how would I implement any logic at all? Why the fuck should I be subject to Australian laws?

The cookie acceptance of the GPDR was already bad enough and ruined so much of the Internet with no appreciative improvement of the privacy of visitors. If every Tom, Dick and Harry are going to place spurious demands on every website, it'll do nothing except raise enormous barriers to entry and ensure that only huge players with the capacity to comply with demands from legislators all over the world will even be able to "legally" run websites at all. And then we can't have an Internet or FOSS for that matter.

Maybe legislators should stop writing half-baked laws the consequences of which they apparently cannot comprehend.

[–] ryannathans@aussie.zone 7 points 12 hours ago* (last edited 12 hours ago) (1 children)

It applies to websites not hosted in Australia, that may have Australians visiting the site via VPN

Enforcement is going to be interesting to watch

There are already services that catalogue VPN sources for webmasters to implement block lists

[–] xxce2AAb@feddit.dk 7 points 12 hours ago* (last edited 12 hours ago)

That's why a said static webhost, i.e. paying for the ability to serve files, not run scripts or manage the webserver configuration. Sure, the hosting provider could be made responsible for the implementation, but now they have been encumbered with the burden and liability of policing which hosted sites needs this bullshit enabled and which are just a blog about making strawberry preserves or something.

Point is, it's complete and utter twattery of the highest order. Never mind enforcement, I don't even see how it would be reliably or consistently implemented.

And all that is in any case absolutely futile, because there's still the matter of people being perfectly able of obtaining those self-same ISO's from any number of other sources that are even more difficult to police, like the ones I originally mentioned, and about a thousand more where they came from.

[–] TheLastOfHisName@piefed.social 7 points 15 hours ago

Why do I get the feeling I will be distro hopping in the not-too-distant future?

[–] BrianTheeBiscuiteer@lemmy.world 21 points 19 hours ago

This is a feature and not a bug. The biggest distro maintainers will try to comply and the smallest ones will start banning usage or even closing up shop.

[–] kepix@lemmy.world 1 points 10 hours ago

how its done

[–] KiwiTB@lemmy.world 12 points 18 hours ago

Im just glad BSD is getting press.

[–] thisbenzingring@lemmy.today 15 points 19 hours ago (1 children)

haha I guess that's one way to deal with it and do nothing at all. Doubtful they block the connections from those areas

[–] towerful@programming.dev 13 points 19 hours ago

IDK. It puts them at the forefront of this fight.

If governments successfully prosecute distro maintainers (if they can) for this, then distro maintainers are liable.
And distro maintainers would then have to pursue non-compliant users to cover that liability, or fold.
Which is a huge loss for open source.

Or, there would be a huge legal fight and it turns out that the licence of a distro protects it from its users actions.
Which would be awesome and a massive win. It also makes sense. Nobody is suing an OS maintainer because it was used for a data breach.
And then the governments have to pursue the actual users. Which... is gonna be useless wrt these laws

[–] pfr@piefed.social -4 points 10 hours ago (3 children)

Personally, I don't think this is the answer. Like, I get it, and it's a sure way to avoid having to deal with all this bs. But at the end of the day, the only people who suffer from this decision are the end users. It's punishing them for something their government has implemented. Doesn't seem right to me.

[–] EncryptKeeper@lemmy.world 2 points 4 hours ago

An important thing to understand here is that in America, the people have the power over their government. The people of California are responsible for putting the people who did this in power, and it’s their responsibility for getting them out again.

[–] tty84@lemmy.dbzer0.com 10 points 9 hours ago

It is not up to the developer community to take responsibility for the stupid decisions made by their government.

People get the leaders they deserve.

[–] Lfrith@lemmy.ca 4 points 9 hours ago* (last edited 8 hours ago)

Cutting services as opposed to complying is the better approach, since the other is a endorsement of it without consequences for regions putting it in place.

Things change for the worse overall even for those not subject to living in those regions when there's no consequence to problematic decisions, and just shows those who enacted those changes can keep getting away with it.

Appeasement doesn't tend to work out, and instead has a tendency to have the ideology of the troublesome region spread.

[–] nathan@piefed.alphapuggle.dev -2 points 18 hours ago* (last edited 3 hours ago) (2 children)

Ironic for "the bsd for everyone"

Edit: not trying to imply this is their fault. Just thought it was funny that something labeled as "the bsd for everyone" had to be limited to "not for everyone". I agree with their move to restrict downloads in these locations because of these laws

[–] inari@piefed.zip 6 points 17 hours ago

*Terms and conditions may apply

[–] Sxan@piefed.zip -4 points 16 hours ago* (last edited 16 hours ago) (1 children)

I came here to say, "þey're going to have to change þeir motto to: The BSD for everyone, except Brazilians and Californians, and probably soon New Yorkers too. And probably the British, sooner rather than later."

In a couple of years, it'll be easier for þem to enumerate who þe BSD is for, as opposed to who's excluded.