hekate/microsoft-systemd-findings-public
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
microsoft-systemd-findings-.../00-INDEX.md
hekate 5850d38f9a Public release, findings
2026-03-23 06:01:08 +00:00

8.5 KiB
Raw Permalink Blame History

systemd Age Verification OSINT Research

Date: March 23, 2026 Subject: Dylan M. Taylor's push for age verification in systemd, Ubuntu, and Arch Linux Scope: Actors, affiliations, funding flows, governance failures, and lobbying context

Files

# File Description
01 01-dylan-m-taylor-profile.md Subject profile: employment, affiliations, motivations, stated positions
02 02-luca-boccassi-profile.md Microsoft employee who merged the birthDate PR against 37:1 community opposition
03 03-lennart-poettering-profile.md systemd creator, Amutable founder who blocked the revert and locked discussion
04 04-network-map.md Relationship diagram: Microsoft, Amutable, Meta, lobbying groups, dark money flows
05 05-lobbying-landscape.md Meta's $26.3M lobbying operation, ICMEC, Heritage Foundation, DCA, Arabella network
06 06-distro-responses.md How Linux distributions are responding: complying, resisting, excluding, or silent
07 07-timeline.md Complete chronological timeline from legislation to merge to community response
08 08-conflict-of-interest-analysis.md Undisclosed commercial interests of every actor involved in the merge decision
09 09-microsoft-deep-dive.md Microsoft's $10.35M lobbying, Entra Verified ID age infrastructure, Xbox $20M FTC fine, Gates Foundation pipeline
10 10-uapi-group.md UAPI Group founded by Poettering/Boccassi/Brauner - same actors who controlled the merge
11 11-kinvolk-amutable-pipeline.md Kinvolk acquisition to Microsoft to Amutable corporate exodus, HRB 278404 B, trademark filed Oct 2025
12 12-legislative-update.md COPPA 2.0 passed Senate, Colorado advancing, New York S8102A, distro/community responses
13 13-amutable-corporate-deep-dive.md Incorporated Aug 21, 2025 (founders at Microsoft), no disclosed funding, 11 engineers, same address as Assembled Parts
14 14-goodwin-law-and-taylor-profile.md Meta is confirmed Goodwin client; Taylor profile expanded; First Round Capital shared investor overlap
15 15-all-systems-go-conference.md ASG = systemd.conf successor, organized from same address as Amutable, 2019 sponsors map to Amutable team
16 16-political-connections.md FEC search (no contributions found), Microsoft/Meta PACs, Wicks-Common Sense Media employment link
17 17-uapi-particleos-audit.md UAPI Group never discussed age/identity; ParticleOS has no age code but inherits birthDate via systemd-homed
18 18-corporate-structure-and-funding.md Founder holding UGs (LPLLC, CBLLC) created Jul 2025 at Microsoft; Gesellschafterliste shows no external VCs; infrastructure OSINT; JBB law firm; STF grants
19 19-founding-deed-analysis.md Handelsregister primary source: founding deed + Articles of Association. Equal 33.33% split confirmed. Kühl holds directly (not via UG). §181 self-dealing exemption. Hidden SHA referenced. 75% unanimity requirement.

Key Findings Summary

NEW: 10. Founding deed confirms zero external investors and reveals hidden SHA

Primary source analysis of the Amutable GmbH Gründungsurkunde and Gesellschaftsvertrag from the Handelsregister. Equal 33.33% split among three founders - no VCs, no corporate investors. Kühl holds shares directly as a natural person (not through Assembled Parts UG), creating a structural asymmetry. All three directors have §181 BGB self-dealing exemptions. The Articles repeatedly reference a private Shareholders' Agreement (SHA) that is not filed publicly - this SHA likely governs vesting, IP assignment, and economic rights beyond the visible equal split. The 75% supermajority threshold with three equal shareholders creates an effective unanimity requirement for all major decisions.

NEW: 6. UAPI Group governance capture

The UAPI Group - which sets Linux userspace API standards - was founded by exactly three people: Poettering, Boccassi, and Brauner. The same individuals who controlled the birthDate merge also control the standards body. Two of three founders now run Amutable. The same small group sets standards, implements them in systemd, and profits from them commercially.

NEW: 7. Microsoft is the silent beneficiary

Microsoft spent $10.35M on federal lobbying (KOSA, COPPA 2.0) but did not publicly support AB-1043. Windows already collects birth dates; Entra Verified ID already supports ageOver claims. Microsoft faces near-zero compliance cost while open-source competitors face existential burden. Boccassi (still at Microsoft) merged the systemd field. The Gates Foundation funds Common Sense Media, whose political arm employed the AB-1043 author.

NEW: 8. Amutable was incorporated months before announced

US trademark filed October 7, 2025. GmbH registered in 2025 (HRB 278404 B, 25,200 EUR minimum capital). Public announcement was January 29, 2026. The company existed for 3+ months in stealth before announcement and 5+ months before the birthDate PR.

NEW: 9. Microsoft's $20M Xbox COPPA fine created organizational incentive

In June 2023, Microsoft paid $20M to the FTC for illegally collecting data from 218,000 children on Xbox. That enforcement action likely accelerated investment in proper age verification - including Xbox UK's Yoti-powered system (deployed July 2025).

1. Three decisions, three conflicts

The birthDate field reached production through exactly three decisions - all by individuals with undisclosed interests:

  • Dylan Taylor submitted (first-time contributor, compliance-first ideology)
  • Luca Boccassi merged (Microsoft employee - Microsoft benefits from standardized OS identity infrastructure)
  • Lennart Poettering blocked revert (Amutable founder - startup benefits from richer systemd metadata)

2. Meta is the primary beneficiary

Meta spent $26.3M lobbying for legislation (AB-1043) that shifts age verification from social media platforms to OS providers. A Meta employee (Daan de Meyer) is a systemd maintainer joining Poettering's startup. Meta funds the organizations (ICMEC, DCA) that wrote the model legislation.

3. Amutable's commercial alignment

Poettering's startup "Amutable" (founded 7 weeks before the merge) is built on "verifiable integrity for Linux workloads." Every new identity field in systemd strengthens the case for commercial integrity verification tooling. An Amutable team member (Zbigniew) advocated for the implementation.

4. No governance safeguards

systemd has no conflict-of-interest policy, no community veto mechanism, no steering committee, and no disclosure requirements. Two individuals can permanently alter the identity infrastructure of every major Linux distribution.

5. The legislation itself is contested

CCIA has successfully blocked similar laws in Texas (injunction Dec 2025) and Utah (enforcement blocked Feb 2026). EFF opposes AB-1043 as unconstitutional. The law Taylor cited may not survive legal challenge - but the infrastructure he inserted into systemd will persist regardless.

Methodology

All information in these files was gathered from publicly available sources:

  • GitHub profiles, pull requests, and issue discussions
  • Conference speaker profiles (FOSDEM, All Systems Go!, PackagingCon)
  • News articles (The Register, Linuxiac, It's FOSS, Phoronix, Ars Technica)
  • Legislative texts (California Legislature, Colorado Legislature)
  • Lobbying disclosures and nonprofit filings
  • Mailing list archives (freedesktop xdg, debian-devel, arch-general)
  • Community discussion (Hacker News, Lemmy, Slashdot, Sufficient Velocity)
  • Investigative journalism (sambent.com, tboteproject.com)
  • German corporate registries (Handelsregister via CompanyHouse.de, North Data, Implisense)
  • US trademark filings (Justia)
  • Microsoft technical documentation (Entra Verified ID, Family Safety)
  • FTC enforcement actions and settlements
  • OpenSecrets lobbying data and Senate LD-2 filings

No non-public information, no leaked data, no private communications were accessed.