GrapheneOS refuses to comply with new age verification laws for operating systems — group says it will never require personal information

MrGuvernment · Mar 23, 2026

Sure we will see many of these coming as this all starts getting pushed in more and more states and countries..

GrapheneOS refuses to comply with new age verification laws for operating systems — group says it will never require personal information

GrapheneOS, the privacy-focused Android fork, said in a post on X on Friday that it will not comply with emerging laws requiring operating systems to collect user age data at setup. "GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account," the project stated. "If GrapheneOS devices can't be sold in a region due to their regulations, so be it."

The statement came after Brazil's Digital ECA (Law 15.211) took effect on March 17, imposing fines of up to R$50 million (roughly $9.5 million) per violation on operating system providers that fail to implement age verification. California's Digital Age Assurance Act (AB-1043), signed by Governor Newsom in October 2025, takes effect on January 1, 2027, and requires every OS provider to collect a user's age or date of birth during account setup and pipe that data to app stores and developers through a real-time API. Colorado's SB26-051 passed the state senate on March 3 with similar requirements.

GrapheneOS is developed by the GrapheneOS Foundation, a registered Canadian nonprofit. None of these laws originate in Canada, but questions around jurisdiction remain open. U.S. federal prosecutors successfully extradited and convicted the developers of Samourai Wallet, a privacy-focused Bitcoin mixer, in a case where one defendant lived in Portugal. California's AB-1043 carries civil penalties of up to $2,500 per affected child for negligent violations and $7,500 for intentional ones, enforced by the state attorney general.

Motorola and GrapheneOS announced a long-term partnership at MWC on March 2, to bring to bring the hardened OS to future Motorola hardware, ending GrapheneOS's long-standing exclusivity to Google Pixel devices. A GrapheneOS-powered Motorola phone is expected in 2027. If Motorola sells devices with GrapheneOS pre-installed, those devices would need to comply with local regulations in every market where they ship, or Motorola may need to restrict sales geographically.

GrapheneOS isn’t the first and won’t be the last company to outright refuse compliance with incoming age verification laws. The developers of open-source calculator firmware DB48X issued a legal notice recently, stating that their software "does not, cannot and will not implement age verification,” while MidnightBSD updated its license to ban users in Brazil.

California's law doesn’t require photo ID or biometric verification; users simply self-report their age during setup. Critics, including over 400 computer scientists who signed an open letter, have argued that the laws create surveillance infrastructure without meaningfully protecting children, since self-declaration is trivially bypassed.

DukenukemX · Mar 23, 2026

Finally, someone with balls.

sfsuphysics · Mar 23, 2026

DukenukemX said:
Finally, someone with balls.

That's because they're not already getting as much info as they can on you like M$

kac77 · Mar 23, 2026

I need to install this. I'm sick of the drama.

mullet · Mar 23, 2026

Motorola is supposedly coming out with a phone with GrapheneOS in 2027.

1_rick · Mar 23, 2026

mullet said:
Motorola is supposedly coming out with a phone with GrapheneOS in 2027.

I like the idea but it'll be a hard pass for me unless they extend their support period (and also start making somewhat higher-end phones, too.)

PeaKr · Mar 23, 2026

Been a Graphene user for 6 years now, no complaints. Strange how all these restrictions suddenly popped up over the last year or so. Narrative Lost?

MaZa · Mar 24, 2026

1_rick said:
I like the idea but it'll be a hard pass for me unless they extend their support period (and also start making somewhat higher-end phones, too.)

Correct me if I am wrong but isn't that up to GrapheneOS? GrapheneOS is very device dependant, previously worked only on Google Pixel phones, so if they make an update then it should automatically apply to the phone with GrapheneOS installed.

Motorolas support length has been quite pitiful indeed but GrapheneOS just may fix it. But even if it doesn't, it doesn't matter. Now that Google is locking Android down, destroying the one and only reason to own Android phone in the first place, my next phone will be a Graphene Motorola. My Nordea banking apps SHOULD work on Graphene.

philb2 · Mar 24, 2026

MaZa said:
Now that Google is locking Android down, destroying the one and only reason to own Android phone in the first place,

Competitive response to Samsung?

Okatis · Mar 24, 2026

GrapheneOS' official Mastodon account didn't clarify how this will affect their partnership with Motorola. There are some users who think that Motorola will customize GrapheneOS to implement age verification while a stock GrapheneOS will be possible to flash but that's conjecture.

Like, I'm very doubtful Motorola would want to exclude the US from sales of such phones unless those phones were never intended for the US market to begin with.

MaZa · Mar 24, 2026

philb2 said:
Competitive response to Samsung?

More like a brain fart of epic proportions, a nuclear response to apps that hamper Googles data collection and ad revenue.

DukenukemX · Mar 24, 2026

MaZa said:
Correct me if I am wrong but isn't that up to GrapheneOS? GrapheneOS is very device dependant, previously worked only on Google Pixel phones, so if they make an update then it should automatically apply to the phone with GrapheneOS installed.

It's open source and there are unofficial ports of GrapheneOS to other phones. This is standard practice with any Android rom like LineageOS. There are official builds and unofficial builds.

PeaKr said:
Been a Graphene user for 6 years now, no complaints. Strange how all these restrictions suddenly popped up over the last year or so. Narrative Lost?

My theory is that this started ever since that "war" in Gaza. The narrative online hasn't swayed in their favor and now they're cracking down in very draconian ways.

1_rick · Mar 24, 2026

MaZa said:
Correct me if I am wrong but isn't that up to GrapheneOS?

Maybe? I'm not really sure.

If they come out with a phone at least as good as my A56, I'd be willing to consider them, if it had better update policy that Moto had been doing the last few years.

El_Capitan · Mar 24, 2026

How dare they not comply! They must require personal information. It's for the kids!

DukenukemX · Mar 24, 2026

El_Capitan said:
How dare they not comply! They must require personal information. It's for the kids!

It's for the kids? I thought this was to help with the single milfs in the area?

sc5mu93 · Mar 24, 2026

So if the OS doesn’t implement the age verification, does that block the user from downloading anything from an official App Store? That will be a deal breaker for most.

Nobu · Mar 24, 2026

sc5mu93 said:
So if the OS doesn’t implement the age verification, does that block the user from downloading anything from an official App Store? That will be a deal breaker for most.

I would say, probably not as the law is written. Some companies may decide to do that anyway, and they may try to codify that at some point.

El_Capitan · Mar 24, 2026

DukenukemX said:
It's for the kids? I thought this was to help with the single milfs in the area?
View attachment 793342

How horrible that you won't protect the kids!

DukenukemX · Mar 25, 2026

sc5mu93 said:
So if the OS doesn’t implement the age verification, does that block the user from downloading anything from an official App Store? That will be a deal breaker for most.

Depends on the OS and the store. Realistically, the only OS that can deny compliance is Linux, and no Linux repository and app store is going to care about your age. The only apps that might care are commercial products and maybe web browsers like Chrome and FireFox. I'm not even sure which commercial program would even implement age verification that hasn't already done so?

Mazzspeed · Mar 25, 2026

It's an arbitrary figure you can literally set to anything, absolutely no different to the adduser command under Linux that asks for your address - you can enter anything you like, or you can choose not enter anything at all. Gawd damn, there's no invasion of privacy here whatsoever.

What there is, is a way for parents to quickly and easily add parental controls to their child's account - hardly the end of the world. And before you blame the parents, remember, not every parent is a tech expert - and you literally need to be a tech expert to apply parental controls effectively under most operating system at this point in time.

SmokeRngs · Mar 25, 2026

Mazzspeed said:
It's an arbitrary figure you can literally set to anything, absolutely no different to the adduser command under Linux that asks for your address - you can enter anything you like, or you can choose not enter anything at all. Gawd damn, there's no invasion of privacy here whatsoever.

What there is, is a way for parents to quickly and easily add parental controls to their child's account - hardly the end of the world. And before you blame the parents, remember, not every parent is a tech expert - and you literally need to be a tech expert to apply parental controls effectively under most operating system at this point in time.

This has nothing to do with parental controls. Not a damn thing. The longer you keep using that line the more support you're giving government and corporations to create even more invasive and privacy destroying tools.

Any time the government creates laws to control the populace, which these laws absolutely are, you must figure out the worst possible results from the laws because that's exactly how the laws will be used and expanded upon. It doesn't matter if the law isn't meant to harm you, it will be used that way anyway.

If this had anything to do with parental controls on systems the makers of the OSes would be petitioned by the parents for a non-invasive and non-identifying means of doing it which would never, ever leave the device. That is definitely not what is being proposed by various states.

The moment these laws are allowed new legislation will be worked up to require not only truthful data but official identification to prove it. That rabbit hole only goes deeper and deeper and governments love to jump down them.

Mazzspeed · Mar 25, 2026

SmokeRngs said:
This has nothing to do with parental controls. Not a damn thing. The longer you keep using that line the more support you're giving government and corporations to create even more invasive and privacy destroying tools.

It's nothing but a number that you can set to anything you wish. Please, tell me how this is any different to Steam asking for a birthdate to view sensitive content on their platform, besides the fact that this is an arbitrary figure set at OS level that hopefully means you don't need to enter a birthdate everytime you view sensitive content on Steam. There is no online privacy online anymore, you're literally tracked everywhere you go on the web, adding an age to an account barely makes a dent in the amount of online privacy lost in the last ten years alone.

All those jumping up and down over a figure you can literally set to anything you wish are at least 10 years too late to the party. The way Governments run, it's something that'll likely never even be fully implemented once all the hype dies down and neckbeards stop getting in a twist over systemd.

SmokeRngs · Mar 25, 2026

Mazzspeed said:
It's nothing but a number that you can set to anything you wish. Please, tell me how this is any different to Steam asking for a birthdate to view sensitive content on their platform, besides the fact that this is an arbitrary figure set at OS level that hopefully means you don't need to enter a birthdate everytime you view sensitive content on Steam. There is no online privacy online anymore, you're literally tracked everywhere you go on the web, adding an age to an account barely makes a dent in the amount of online privacy lost in the last ten years alone.

All those jumping up and down over a figure you can literally set to anything you wish are at least 10 years too late to the party. The way Governments run, it's something that'll likely never even be fully implemented once all the hype dies down and neckbeards stop getting in a twist over systemd.

You defeat your own argument. If there's no privacy then these laws aren't needed because all the data is out there and doesn't need to be entered into the OS or anywhere else.

You also defeat your argument because you state any date can be put in which defeats the purpose of it in the first place, especially for parental controls.

Mazzspeed · Mar 25, 2026

SmokeRngs said:
You defeat your own argument. If there's no privacy then these laws aren't needed because all the data is out there and doesn't need to be entered into the OS or anywhere else.

You also defeat your argument because you state any date can be put in which defeats the purpose of it in the first place, especially for parental controls.

Except I didn't defeat my own argument in the slightest.

The system gives parents a simple means to control what their children can see online with the most minimal invasion of privacy possible. As a parent that cares about the safety of my child online, I see such measures as a good thing considering that at the moment parental controls under most operating systems are a convoluted mess the average non techie parent simply isn't equipped to navigate.

That's the crux of my argument, and as stated such an implementation barely makes a dent regarding the online privacy debate that was well and truly lost at least a decade ago. Steam asks for your birthdate to view questionable content, this is absolutely no different with the exception of the fact it places entering the birthdate under the control of the parent, as opposed to trusting an underage child that isn't a pet and is far from stupid.

Furthermore, based on what I've been reading, neckbeards sending death threats to systemd devs tasked with the implementation of (not yet ) mandated functionality is something that is definitely not in any way acceptable.

DukenukemX · Mar 25, 2026

Mazzspeed said:
Except I didn't defeat my own argument in the slightest.

You claim it's optional but yet the implementation isn't. That doesn't make sense.

The system gives parents a simple means to control what their children can see online with the most minimal invasion of privacy possible.

Every OS did this before and technically better since it didn't require your age to be broadcast across the internet.

As a parent that cares about the safety of my child online,

Not an argument for age verification and you know it. It's about control so don't kid yourself.
“I want to support the basic part of this,” she said, the shared goal of protecting young people online. Because that is not controversial: everyone wants kids to be safe. But HF1434, Minnesota’s proposed age-verification bill, simply won’t “protect children.”

and as stated such an implementation barely makes a dent regarding the online privacy debate that was well and truly lost at least a decade ago.

It is this mentality that has me scared with age verification. "Bad things are already happening for a decade, so lets keep doing more bad things." As I've stated before many times, why implement age verification when it's already clearly stated in other sources, like credit cards? To put it simply, people have gotten better at online privacy.

Furthermore, based on what I've been reading, neckbeards sending death threats to systemd devs tasked with the implementation of (not yet ) mandated functionality is something that is definitely not in any way acceptable.

What did you expect to happen with this age verification nonsense? People to roll over and accept it? I'm not in favor of death threats, but people are rightfully upset. Linux being open source means we can effectively fight back.

Nobu · Mar 25, 2026

If it's so important, it will get added eventually. There is no need for a law to force it's implementation at gunpoint. If you want it so badly, petition Microsoft and FSF, not the government.

THRESHIN · Mar 25, 2026

i feel a bit offended by all the OS level data collection. If they wanted to know where I get my midget porn from all they had to do was ask. where's the trust?

DukenukemX · Mar 25, 2026

Nobu said:
If it's so important, it will get added eventually. There is no need for a law to force it's implementation at gunpoint. If you want it so badly, petition Microsoft and FSF, not the government.

It was important enough they lobbied for it. They went after the government while we're pretending that less government is better. There's no such thing as less government. Just more government for lobbyists. Get your government to remove these laws.

THRESHIN said:
i feel a bit offended by all the OS level data collection. If they wanted to know where I get my midget porn from all they had to do was ask. where's the trust?

Don't you mean short stacks? Not that I'm into that. Officially.

Nobu · Mar 25, 2026

DukenukemX said:
It was important enough they lobbied for it. They went after the government while we're pretending that less government is better. There's no such thing as less government. Just more government for lobbyists. Get your government to remove these laws.

Don't you mean short stacks? Not that I'm into that. Officially.

If you don't want it, petition govt and fsf/microsoft. It goes both ways.

Vermillion · Mar 25, 2026

Age verification is coming and while I think it's dumb I'm also not in an uproar about it if it's part of the OS.

The system doesn't have to give away your birth date. For example the systemd guys just need to store that date and use an API to simply pass a yes or no to an age question.

Is the user under the age of 13? Yes or No.

Is the user under the age of 18? Yes or No.

Privacy respecting age verification controlled by the OS. I can work with that.

What I don't like is the age verification implemented now in stuff like Roblox where they use facial recognition. That is a huge privacy invasion.

MrGuvernment · Mar 25, 2026

Nobu said:
If you don't want it, petition govt and fsf/microsoft. It goes both ways.

Until the U.S removes lobbying by private entities, the everyday person will seldom make any impact or change things like this. They may tone down the initial implementations, but over time they will add to it more and more. History has already shown this is their way of getting things past the "everyday person".

This is because these big tech companies own the government, literally, and I would say even more so now with Trump trying to give his big tech buddies as much freedom all in the name of "China is going to beat us in the AI race"

Nobu · Mar 25, 2026

That's nice, but save it for soapbox. If you care, petition the people who can facilitate change. Otherwise, you don't care.

Mazzspeed · Mar 25, 2026

DukenukemX said:
You claim it's optional but yet the implementation isn't. That doesn't make sense.

No, I never claimed entering one's age (an arbitrary figure that in no way invades privacy) upon account creation under the OS of one's choosing was in any way optional based on the proposed changes. I stated that the adduser command under Linux asks for your address, which no one ever complained about to the point of threatening Linux devs, and that adding your address in the fields provided is optional.

As for the rest of your comments, as long as you keep posting video's and memes with your replies, I'm not going to take you seriously and therefore don't believe replies are in any way necessary.

Create a MS account = asks for your birthdate as a necessary field. Create a Google account = asks for your birthdate as a necessary field. Look at sensitive content under Steam = asks for your birthdate as a necessary field. We're already at the end of that slippery slope I'm afraid.

DukenukemX · Mar 25, 2026

Mazzspeed said:
No, I never claimed entering one's age (an arbitrary figure that in no way invades privacy) upon account creation under the OS of one's choosing was in any way optional based on the proposed changes. I stated that the adduser command under Linux asks for your address, which no one ever complained about to the point of threatening Linux devs, and that adding your address in the fields provided is optional.

You said and I quote, " - you can enter anything you like, or you can choose not enter anything at all. Gawd damn, there's no invasion of privacy here whatsoever."

As for the rest of your comments, as long as you keep posting video's and memes with your replies, I'm not going to take you seriously and therefore don't believe replies are in any way necessary.

You don't matter. It's your talking points that need to be debunked, because other people may have the same view points. This is all about education.

Create a MS account = asks for your birthdate as a necessary field. Create a Google account = asks for your birthdate as a necessary field. Look at sensitive content under Steam = asks for your birthdate as a necessary field. We're already at the end of that slippery slope I'm afraid.

Yet, people don't want to log into their Microsoft account. To the point where Microsoft is fighting back. You got PewDiePie teaching you how to De-Goolge your life. There is also no online account creation for any Linux distro. People were rightfully already upset with the amount of data we freely give out to corporations, and now they want to make it mandatory. The only slope that's getting slippery is the government getting involved with something like online privacy.

View: https://youtu.be/u_Lxkt50xOg?si=_QOr2yNcWDoM59Ro

Nobu said:
That's nice, but save it for soapbox. If you care, petition the people who can facilitate change. Otherwise, you don't care.

No amount of angry letters to Microsoft/Google/Apple and politicians are going to change anything. Sorry but nobody cares about your angry letters. The best course of action is to not comply with these laws. Microsoft/Google/Apple will obviously comply with these laws because it's in their best interests. Open source projects have nothing to gain from this. Have you seen Apple fight back in your favor? Because Apple wants this too.

Make sure systemd and other such parts of Linux have no support for age verification and lets see how well these governments will enforce it. Take it to court and open a GoFundMe to pay for lawyers. Maybe get Legal Eagle in on the action? If ever taken to court, then these laws will get removed because they do indeed break the constitution.

Ur_Mom · Mar 25, 2026

Age verification.

Are you 18+? Yes/No. Ok, enter. Easily bypassed, quick and easy "verification".

Are you 18+? Please upload government identification and facial image to verify.

I'm fine with one of those. Not really enthused about it or think it's necessary, but I'll deal with it. The other, absolutely not. Damn near every entity that has had that age verification or stored personal identifiable information has had a breach and leak. Including government agencies. Yes, it's already out there, but I'm not willing to continue to give out that information. If they are tying in my PII to my OS install, if I look up some weird shit, who's to say that telemetry isn't now tied to that (which MS claims is washed of all PII and anonymized currently)?

Verify my age with a quick question, nothing more. Anything more is not acceptable at my OS level. Accessing store/apps/services? Sure, that's your private service. OS level? Nah.

Axman · Mar 25, 2026

https://github.com/BryanLunduke/DoesItAgeVerify

Now that Arch and systemd have indicated that they will add age verification, I'm hoping Artix makes a statement soon. Although I could see forks for the other distros.

Mazzspeed · Mar 25, 2026

DukenukemX said:
You said and I quote, " - you can enter anything you like, or you can choose not enter anything at all. Gawd damn, there's no invasion of privacy here whatsoever."

...

Mazzspeed said:
It's an arbitrary figure you can literally set to anything, absolutely no different to the adduser command under Linux that asks for your address - you can enter anything you like, or you can choose not enter anything at all.

Context is important, lets not quote out of context because you read some form of context that was never implied. The mention of adduser under Linux was simply an example of an OS asking for personal information.

As for the rest of your responses, once again, stop with the memes and video's or I simply won't take you seriously and therefore have no need to reply.

MrGuvernment · Mar 25, 2026

Axman said:
https://github.com/BryanLunduke/DoesItAgeVerify

Now that Arch and systemd have indicated that they will add age verification, I'm hoping Artix makes a statement soon. Although I could see forks for the other distros.

https://cybernews.com/privacy/systemd-forked-over-age-verification-quarrel/

Axman · Mar 25, 2026

Well that was fast...

Mazzspeed · Mar 25, 2026

Article titled: The reports of age verification in Linux are greatly exaggerated, for now:

https://www.osnews.com/story/144653...ion-in-linux-are-greatly-exaggerated-for-now/

Several US states, the country of Brazil, and I’m sure other places in the world have enacted or are planning to enact laws that would place the burden of age verification of users on the shoulders of operating system makers. The legal landscape is quite fragmented at this point, and there’s no way to tell which way these laws will go, with tons of uncertainties around to whom these laws would apply, if it targets accounts for application store access or the operating system as a whole, what constitutes an operating system in the first place, and many more. Still, these laws are already forcing major players like Apple to implement sharing self-reported age brackets with application developers (at least in iOS), so there’s definitely something happening here.

...

Furthermore, while the xdg-desktop-portal’s proposals are still fluid and subject to change, consensus seems to be to only share age brackets with applications, instead of full birth dates or specific ages – assuming anything has even been entered in the birthDate field in the first place. Even if your Linux distribution and/or desktop environment implements everything needed to support these changes and expose them to you in a nice user interface, everything about it is optional and under your full control. The field is of the same type as the existing fields emailAddress, realName, and location, which are similarly entirely optional and can be left empty if desired.

Some here seriously need to crack a beer and chill. Sharing an age bracket isn't the end of online privacy when many have already provided Google and Microsoft with not only their date of birth, but their biometrics including their face for facial recognition software and even their fingerprint - If this is a slippery slope, most rocketed off the end of it a decade or more ago.

GrapheneOS refuses to comply with new age verification laws for operating systems — group says it will never require personal information

Fully [H]