Other than Ageless Linux, there is another GitHub repository attempting to keep track of all of the Linux distributions’ compliance statuses with/against age verification:
The age verification status of Open Source Operating Systems
Kicksecure and Whonix are mentioned in an issue, which references the pull request from the Ageless Linux GitHub repository earlier in this topic:
opened 10:04AM - 21 Mar 26 UTC
**Current status as of March 21, 2026:** SecureBlue intend to comply with age ve… rification laws, QubesOS will follow Fedora decision, KickSecure and Whonix were intending to comply but are now undecided, Tails is undecided, GrapheneOS will not comply.
## SecureBlue
SecureBlue has officially expressed interest in complying with the new laws, while simultaneously urging users to fight back against the laws. Official statement: https://bsky.app/profile/secureblue.dev/post/3mgddiwxxas2y
> California recently passed, and Colorado and NY recently introduced, age verification legislation targeting OS providers that is so imprecisely written that it's unclear how to comply. If you live in one of those states, contact your state senator and rep asking them to oppose this legislation.
GitHub ticket that clarifies this is the "public position" from the project regarding these age verification laws: https://github.com/secureblue/secureblue/issues/2008#issuecomment-4006617689
Inofficial statement they have no other option than to comply (see also earlier posts where they actively discuss how to implement age verification): https://discussion.fedoraproject.org/t/california-age-verification/181968/167
> Respectfully, repeating your desire for distros to decline to comply with this law isn’t a particularly productive contribution to the conversation. I understand completely the opposition to this legislation, which is frankly sophomoric in its imprecision regardless of how well-intentioned it may be. That said, asking other people and organizations to ignore liability placed on them by legislation is barking up the wrong tree.
## QubesOS
A representative from the QubesOS development team has inofficially said they intend to do whatever Fedora does: https://github.com/QubesOS/qubes-issues/issues/10744#issuecomment-3997244349
> Regardless of the issues surrounding jurisdiction, enforcement, etc it should be obvious that Qubes is a derivative distribution. Whatever solution (if any) is given upstream, we will be following. It seems to me entirely an upstream issue.
## KickSecure and Whonix
KickSecure and Whonix were intending to comply with the law, and said many times they have no choice, and that they value legal security for their developers and users. They were actively developing a "privacy-preserving" implementation for age verification. But after overwhelming opposition by their current user base, they have now changed their stance to that they are "unlikely" to comply with the law (ie, undecided). Official statement: https://www.kicksecure.com/wiki/Age-api#Status_of_Kicksecure_and_Whonix
> At the moment, Kicksecure and Whonix do not expect to add an age API. This assessment may become more definite later. If future releases or upgrades require changes in this area, those changes would be announced in advance.
One of the developers has inofficially clarified the change of stance here: https://github.com/agelesslinux/agelesslinux.org/pull/1
> Since the initial discussion I started on behalf of Kicksecure and Whonix, plans have changed, and we are now "unlikely to implement an age API."
## Tails
A representative from the Tails development team has inofficially said they are discussing the matter internally: https://gitlab.tails.boum.org/tails/tails/-/work_items/21457#note_279297
> Thank you. We're aware and discussing this within Tor Project, so I'd rather not track it here separately.
## GrapheneOS
GrapheneOS will not comply with the laws or take any action at all due to the laws. Official statement: https://grapheneos.social/@GrapheneOS/116261301913660830
> GrapheneOS will remain usable by anyone around the world without requiring personal information, identification or an account. GrapheneOS and our services will remain available internationally. If GrapheneOS devices can't be sold in a region due to their regulations, so be it.
Another earlier inofficial statement: https://discuss.grapheneos.org/d/32410-does-grapheneos-plan-to-comply-with-os-level-age-verification-laws/99
> We're under no more obligation to filter the internet for California than we are to do it for China. Neither blocks access to the GrapheneOS website or services. If California wants to block access to those then they're welcome to pass a law implementing their own Great Firewall. The most action they could get from us is replacing Los Angeles and San Jose servers with Las Vegas or Seattle.
2 Likes