OSS Anti Surveillance: a public tracker for OS-level age verification and related surveillance mechanisms

Hello!

I want to share a public project I created in response to the ongoing discussions around OS-level age verification, age signaling, and related surveillance mechanisms in free software systems:

https://github.com/AntiSurv/oss-anti-surveillance

The project exists to document, track, oppose, and prepare the removal of OS-level surveillance, classification, and policy-enforcement mechanisms in free software distributions and related free Unix-like systems.

Its purpose is simple: keep the implementation path visible.

This is not only about one patch or one proposal. The architecture now being discussed or prototyped spans multiple layers, including installers, account metadata, user records, portals, package managers, helper daemons, and application-facing interfaces. The repository tracks public evidence across those layers and maps the legal and technical pressure behind them.

The project’s position is explicit:

• no OS-level age verification
• no age signaling or age-bracket APIs
• no client-side scanning or device-side inspection primitives
• no passive downstream inheritance of such mechanisms
• no geo-fencing users out of free software as a substitute for refusal

The repository currently includes:

• a front page and project statement
• a manifesto
• a tracker of issues, PRs, and MRs
• legal and policy background
• a technical architecture map
• a component-by-component target list
• downstream stripping and reversal notes

Given the recent discussions around Ubuntu and the wider stack, I thought it would be useful to share this here as a public reference point.

If anyone knows of additional upstream or downstream work that should be tracked, feel free to point it out.

Free software was written for users, not for surveillance.

A friendly note from the Moderators:

This is a legal issue…and perhaps a political issue… in addition to a technical issue.

• Legal issues belong to lawyers, and we discourage legal speculation by non-lawyers.
• Political discussion is universally off-topic in Ubuntu Discourse. Long history why that is.

…but…

This is a technical approach by the community, and those are on-topic.

So please limit discussion to technical collaboration. No legal speculation. No political opinions.

(Two posts discussing whether or not the topic should remain open have been removed to keep the topic clean and clear for everyone)

Thank you. Understood.

I will keep my participation here focused on the technical side: public implementation paths, affected components, architectural implications, and coordination around what is being proposed across the stack.

That is also the purpose of the repository I shared: to keep public technical references, issues, PRs, MRs, and related implementation work visible in one place.

If anyone knows of additional Ubuntu-related or upstream technical work that should be tracked, please point it out.

Here is some technical information that Google AI revealed to me.

There is no exact, publicly available number for the number of Ubuntu users specifically located in California, as Ubuntu is a free, open-source operating system that does not require user registration.

As of early 2025, California remains the most populous U.S. state, with an estimated population of approximately 39.35 million to 39.66 million people. It accounts for roughly 11.8% of the total U.S. population. While experiencing recent fluctuations in growth, it maintains the highest population density among top-ranked states, with about 252.5 people per sq. mi

Should we exclude under-aged children from the total? Why? The legislation is described as Aged-Related verification. It is to protect under-aged children that the legislation is being enacted.

Question: What is the ratio of Ubuntu user to population of California. Should we not know that figure if we are discussing the technical effects on Ubuntu?

How many smartphone users are there in California?

As of mid-2024, there were approximately 32.5 million smartphone users in California

That means there are 7.16 million people in California who do not have a smartphone. They are probably all babies under the age of one year old.

How many of those 32.5 million users are using a smartphone with Ubuntu on it? Does anyone know the answer? Guess.

What big tech companies sell all of the smartphones? Which big tech companies will be affected the most by this type of legislation? In comparison, how much will this legislation affect Canonical?

I am confident that Canonical, the sponsor of Ubuntu will comply with legislation. I am confident that Canonical engineers will work out the technicalities of making Ubuntu compliant.

The population of California, smartphone market share, and speculation about Canonical’s future decisions are not technical evidence about Ubuntu, and they do not help answer the technical question in this thread.

The technical question is whether Ubuntu and related upstream components should grow OS-level age-verification, age-signaling, or other user-classification mechanisms. That is the scope I am tracking. Public issues, pull requests, merge requests, mailing-list discussions, and implementation drafts already show that this is being explored across multiple layers of the stack. That is the relevant technical subject here.

My position is straightforward: if Ubuntu or Debian adopt or inherit these mechanisms, I will document them, track them, and work to revert or strip them. That is the purpose of OSS Anti Surveillance: expose the implementation path, document the red lines clearly, and help rebuild clean packages if those lines are crossed.

So I would prefer to keep this thread where moderators asked it to stay: specific components, specific proposals, specific code paths, and related changes. If anyone wants to help document, track, review, or prepare reversions for relevant changes, that is exactly the kind of collaboration I am looking for.

Moderator note:

Any further speculative or off-topic posts will be automatically deleted from now on.

For reference, see post #2 by @ian-weisser

The technical aspect proposed by @eCoder is both fascinating and potentially useful not only for this subject.

Let’s stay focused on that please.