The Engineer Who Tried to Put Age Verification Into Linux
Dylan, useful idiot with commit access, pushed age verification PRs to systemd, Ubuntu & Arch, got 2 Microslop employees to merge it, called it 'hilariously pointless' in the PR itself, then watched Lennart personally block the revert. Unpaid compliance simp.
In his own words, buried in a GitHub comment thread that exploded into nearly a thousand replies before the whole thing got shut down, he admitted the feature he was pushing was: "hilariously pointless and ineffective" at actually verifying anyone's age. Then he argued it should be implemented anyway...
In March of 2026, systemd, the init system that boots most modern Linux distributions, merged a pull request adding a birthDate field to its user database. The stated purpose was compliance with California's AB-1043, Colorado's SB26-051, and Brazil's Lei 15.211/2025, a wave of age verification laws requiring operating systems to collect birth dates from users at account setup, then feed that data to app stores via a real-time API. The PR was submitted by a contributor using the GitHub handle dylanmtaylor. Within days it had 945 comments and was locked by maintainers. Someone opened a revert PR. Lennart Poettering closed it without merging on March 19th, saying the field is optional and systemd "enforces zero policy." The birthDate field is still in systemd. systemd PR #40954 revert PR #41179
The lasting damage was knowing it could happen at all: that a single contributor with no stated organizational backing could submit compliance infrastructure for surveillance law directly into the software that boots your computer, get it merged by two Microsoft employees, and have the creator of systemd personally block the removal.
His name is Dylan M. Taylor, a Senior DevOps Engineer at Credit Genie, a Khosla Ventures-backed fintech startup in Durham, North Carolina. His background is enterprise infrastructure: IBM building cloud microservices out of Penn State Erie, then four years at Curi handling medical malpractice insurance systems. He runs a homelab on Dell servers, packages for NixOS, and writes about Kubernetes on his personal blog. Dylan Taylor's resume
Nobody paid him to do this. He's a cloud engineer who read the law and decided someone needed to implement it.
The same week, he submitted draft pull requests to Canonical's ubuntu-desktop-provision repository, with PR #1338 to add a birthDate field to Ubuntu's user provisioning and PR #1339 to write that birth date into AccountsService on installation. Canonical's VP of Engineering Jon Seager publicly distanced the company, saying there are "no concrete plans" to change Ubuntu in response to AB-1043. A separate Ubuntu developer, Aaron Rainbolt, proposed a different approach on the Ubuntu mailing list: an optional D-Bus interface called `org.freedesktop.AgeVerification1` that distros could implement however they choose, rather than storing a raw birthdate in userdb. The PRs remain as drafts. 9to5Linux coverage
Taylor also opened PR #4290 on the archinstall repository proposing a required birthDate prompt during user creation, stored as a systemd userdb JSON drop-in. Arch Linux maintainer Torxed locked the discussion, said he was waiting for an official organizational stance and legal counsel, and left it open. As of this writing it has not been merged. archinstall PR #4290
He hit three separate projects in one week.
When critics pushed back on the archinstall PR, pointing out that a birth date collected during installation can't actually verify anything because anyone can type any date, Taylor's response was disarming in its honesty. He agreed entirely, writing that the approach would be "completely ineffective at preventing anyone from lying about their age." He called it "hilariously pointless." Then he said Arch Linux should implement it anyway because the law requires it. archinstall PR #4290
The person trying to embed age collection into the Linux installer openly admits it won't work. The only purpose is compliance theater, performing the ritual of age verification without achieving any of its stated goals, so that a company or project can point to the checkbox and avoid the penalty. The feature is mandatory, and mandatory is enough.
The protection runs entirely to whoever owns the product, a shield against regulatory fines, with children no closer to safety.
Taylor believes what he's doing is right, which makes him harder to stop than someone acting for money. The day after the systemd PR was merged, he published a post on his personal blog defending Google's new friction-heavy Android sideloading controls as a "fair trade." His argument: power users absorb a one-time inconvenience while vulnerable people (scam victims, children) get protected. He used the phrase "you shouldn't have to choose between open and secure." Taylor's blog post
He applied the same frame to the systemd PR: OS-level controls as neutral infrastructure protecting vulnerable people while power users barely notice. His framing uses "compliance", not "surveillance", and he means it.
The pattern HN picked up immediately. One commenter asked: "I wonder who this guy is. Comes out of the blue and posts PRs into lots of open source repositories for this feature that should repulse every self-respecting human being." Another noted he "engages in communication with people in tickets and ignores all constructive criticism." Hacker News thread
That's the true believer pattern. The argument is ideological, so persuasion is off the table. He read the laws, decided compliance was the correct response, and went to work. Every objection the community raised went nowhere: that this enables surveillance infrastructure, that lying is trivially easy, that the laws themselves are unconstitutional overreach. He'd already accepted the law as legitimate and moved to implementation.
The systemd PR was merged by Luca Boccassi, a systemd maintainer who works for Microsoft. Lennart Poettering, the creator of systemd who spent years at Red Hat before joining Microsoft in 2022, had just left Microsoft to found a new startup weeks before the merge, but he has remained active in systemd development.
The most powerful gatekeeper for the init system that boots most Linux machines is employed by a company with significant commercial interest in OS-level identity infrastructure becoming normalized. He let the PR through. systemd PR #40954 Boccassi speaker profile The Register
He read the law, took it at face value, and started writing code. The word for what that is sits somewhere past malice, something more insidious: an engineer who treats compliance as engineering, who sees a legal requirement the way he sees a technical specification, and will implement whatever the spec says regardless of who wrote the spec or why.
The open source community has always relied on the assumption that contributors act in good faith toward user freedom. Taylor probably believes he does. The laws say collect birth dates, so he collected birth dates, and in his framing that was being helpful.
The reason to name him is the pattern. The surveillance state runs on volunteers: people who do the implementation work for free, out of genuine conviction, with no paper trail connecting them to the money that wrote the laws.
The community pushed back hard on this one. The Arch maintainers are holding, Canonical backed away, and Artix Linux, the systemd-free Arch derivative, issued the clearest statement: they will never require any verification or ID. It's FOSS When someone opened a revert PR, Lennart closed it himself on March 19th. The birthDate field is in systemd and it's staying.
Taylor already has the resume line and knows the codebase well enough to try again. The deadline pressure only grows, the laws are real, and someone will be next. The community needs to recognize the pattern before the PR opens, not after.
