Our legal system is a shambles that is clearly not prepared to handle this kind of thing, even setting aside the situation with the supreme court. It's become clear that the "shadow law" of simply passing unconstitutional statutes, filing frivilous lawsuits, etc., is operating independently of the real legal system moves too slowly and does not have adequate mechanisms to prevent what is essentially a DDoS attack. All justice is delayed and so all justice is denied.
As a gun owner, I can confidently state that the continuous stream of unconstitutional laws that must be constantly fought against is no new development.
As a non-gun owner, I imagine that much comes down to what the founders meant by the opening clause of the Second Amendment. Since the Originalists claim to hold special insights into the frame of mind of the founders, and this way of thinking seems to be over-represented on the SCOTUS, I would think this a friendly environment for the issue you care about. That aside, isn’t that the way that U.S. political and justice systems are supposed to function? Representatives pass laws at the behest of their most vocal constituents. Then those of opposing ideologies petition the courts for relief or their representatives for repeal.
Seriously. Never mind when government agents wantonly violate the rights of a gun owner, and the main gun lobbying organization comes out with full-throated support of the government agents. For those that don't know, look up what happened to Kenneth Walker.
the real legal system is slow by design, to carefully review cases and ensure fairness. It should also be based on good faith. The vulnerability comes from one bad faith party flooding the system with bad faith cases and appeals (as trump is doing). Even when he fails, the process becomes the punishment for the opposing side (journalists, political opponents...). When he wins, he wins.
> The vulnerability comes from one bad faith party flooding the system with bad faith cases and appeals
No, this is literally a "both sides" issue. Lawfare is not new. See the continuous legal battles over the second amendment in states like NY, NJ, and CA.
Just last week a New York intermediate appellate court overturned the $500 million fraud judgment against Trump: https://www.politico.com/news/2025/08/21/new-york-civil-frau.... Yes, it wasn't brought by Biden--but it was brought by an elected Democrat Attorney General who campaigned on "going after Trump." Note that, out of the five judge panel, three would have overturned the underlying conviction, while two would have granted a new trial, and one would have thrown the case out entirely:
> Two other judges, John Higgitt and Llinét Rosado, said James had the authority to bring the case but argued for giving Trump a new trial. And the fifth judge, Justice David Friedman, argued to throw out the case, saying James lacked the authority to bring it.
Isn't that the crux of the matter? You have a (crypto)billionaire president using his presidential powers and personal wealth to start frivolous lawsuit to shut down his opponents. If that doesn't worry you I really don't know what to tell you.
It was brought by the elected Attorney General of New York, in furtherance of a promise to voters to pursue unspecified legal actions against the leader of the other party. I don't like lawfare, but I've come to the conclusion that the only proper response to norm violations is a 10x counter-response.
> I've come to the conclusion that the only proper response to norm violations is a 10x counter-response.
That may be true --- or even a 100x response. But the thing is that a 100x (and probably even a 10x) response to many of these norm violations would take us well beyond the entire realm of lawfare. A 10x response would be at least "ignore everything the entire federal court system says because it's irredeemably corrupted", if not actual armed resistance.
Even going back well before Trump, norm violations like McConnell holding Scalia's seat open already made it clear that the Supreme Court was no longer a meaningful institution (if it ever had been). I don't mean I didn't like some of their decisions. I mean the entire thing is a meaningless charade, 24 hours a day, 7 days a week, 365 days a year and 366 in leap years. And that is just one example. The level of "counter-response" required to recover from the norm violations we've had over the last 10-20 years requires an overhaul to the very foundations of our system of government.
The case was based on Trump's former attorney mentioning criminal acts his client had done -- it was an attempt to hold Trump accountable for those crimes.
The reason a democrat would be involved in such prosecution is because every GOP member has effectively sworn fealty to Trump and they will fiercely protect him from any accountability.
Biden was many things, but not corrupt in the sense that Trump is. Yes, his son did business trading on his relationship but that was legal (albeit distasteful).
Most dem voters dislike corruption, even if it's one of their team; I don't see that on the other side of the aisle. Disclaimer: I am not a dem.
If you're talking about the criminal case, it's even worse, as CNN's chief legal correspondent explained: https://nymag.com/intelligencer/article/trump-was-convicted-... ("Most importantly, the DA's charges against Trump push the outer boundaries of the law and due process."). Or, as an MSNBC legal columnist explained: https://www.msnbc.com/opinion/msnbc-opinion/trump-guilty-hus... ("Most DAs wouldn’t have pursued this case against Trump. Alvin Bragg got lucky. Let’s be honest with each other. Manhattan District Attorney Alvin Bragg’s case against former President Donald Trump was convoluted.").
You could write an entire Harvard law review issue about the novel legal issues raised by the Trump criminal case: Can a state crime be predicted on an uncharged federal campaign finance violation? can someone violate campaign finance law--which is focused on preventing candidates from misusing donated funds--by using their own money to pay off a porn star? Can you bootstrap a misdemeanor into a felony through a triple-bank-shot involving an uncharged secondary crime and a choice of three possible tertiary crimes? When you prosecute someone for a business records misdemeanor, but almost all the allegedly bad conduct relates to unspecified secondary and tertiary crimes, how do you instruct the jury? When you give the jury three different options of uncharged tertiary crimes to support the uncharged secondary crime, which in turn supports the charged primary crime, on what points must the jury reach a unanimous decision?
Google's and Apple's "Double Irish with a Dutch Sandwich" was a more straightforward legal theory than the Trump criminal case.
In the interest of avoiding partisan squabbling on HN, I'm going to state the following and let you walk away feeling like you "won" this debate:
1. Trump is the epitome of a corrupt pol and has pretty much gotten away with everything his entire life.
2. Prosecuting him was not in the form of of attacking a rival, it was addressing issue #1
3. If the roles were reversed and this was Biden we were talking about, most dem voters would still be for prosecution of blatant corruption. The magic of Trump is that his supporters (which apparently you are one of) are fine with him doing anything he wants, up to and including shooting someone on Fifth Ave
So congratulations! You are right and I am wrong and I'm so sorry to bother you with my clearly not-Trump-loving observations.
> 1. Trump is the epitome of a corrupt pol and has pretty much gotten away with everything his entire life.
> 2. Prosecuting him was not in the form of of attacking a rival, it was addressing issue #1
You're correct about (2), and that's the problem! A criminal case that relies on an uncharged secondary crime, which in turn relies on one of three uncharged tertiary crimes, to bootstrap a primary misdemeanor into a felony must stand on its own. Uncharged, unproven past conduct is irrelevant.
> magic of Trump is that his supporters (which apparently you are one of)
My wife and I are Fed Soc members, but we like the Georgetown cocktail parties and voted for Biden in 2020! We weren't going to vote in 2024 until the Trump criminal conviction. It was literally radicalizing. My wife used to loathe Trump, but she drove up to Pennsylvania to volunteer for his campaign after that conviction came down.
Fed Soc, eh? I'm shocked you'd consider Biden as everything I see about the org is as a right wing networking club, culminating in ownership of SCOTUS. I know about Leonard Leo and his goals. You must be so excited to know that his hard work has paid off.
The 6 members of SCOTUS who are of your ilk are the exact enablers of our subject of discussion.
And yet you dodge #1. How artful. Now I know that you've not been engaging in good faith, either intentionally or just how Fed Soc taught you.
What specifically do you disagree with in his posts? You can not like Trump and agree that it was a horrible legal case, as the sources he linked obviously do.
Another example is the Mackey case, where the appeals court unanimously overturned the entire conviction, attacking both the legal reasoning and the evidence underlying the entire case. It’s pretty clear the whole thing was cooked up to “get” an influential pro-Trump Twitter user. See: https://ww3.ca2.uscourts.gov/decisions/isysquery/5d7bf858-ff...
What specifically do you disagree with about my point that he's corrupt to the core and has never been held accountable?
The legal system bends to those in power and "justice" occasionally makes an appearance.
Meanwhile the DOJ has been weaponized to serve as the president's personal attack dogs and the entirety of the federal workforce is being staffed with only those who swear fealty to Trump, rather than the constitution and what it stands for.
IANAL, and I'm not equipped to review whatever legal fancy footwork is involved, but I am 100% confident that the Biden admin was as stand up as could be hoped for (i.e., flawed but not devoid of principles), and that Trump has only these principles:
* self-enrichment
* self-aggrandizement
* deflection of any criticism or culpability
He makes GWB look great by comparison.
What rubs salt into the wound is that tens of millions of my fellow citizens literally worship him as a gift from God and will defend him to the end. Watching democracy die before my eyes is beyond heartbreaking.
I am not making any argument about his corruption or lack thereof. We're talking about two specific very bad legal cases using novel legal theories that should have never been brought, with people like CNN's legal correspondent agreeing, not Trump fanactics.
"Trump corrupt" !=> "this case was sound."
I also provided an example of the Mackey case, where the DoJ was weaponized to go after Trump supporters on Twitter.
But that is the problem. It's pointless to talk about the details of individual cases when the entire system is 100% broken. It's like arguing about what color shoes match your shirt when you're running from a burning house.
You keep using that word. I do not think it means what you think it means.
I don't like the twitter case and think it was a mistake. Not as bad as the case that drove Aaron Swartz to suicide (under the Obama admin).
But to lecture on the propriety of the prosecution and declare that it was "weaponized" is a stretch. The feds have made plenty of bad decisions across both sides of the aisle, and their intentions should always be worthy of scrutiny.
The DOJ (and every other federal agency) is being gutted of anyone who does not swear fealty to Donald Trump (the person, not the office) -- that's weaponization.
I'm happy to call out each and every mistake the Biden admin does, but it's almost quaint in comparison to what his successor is doing. We've moved well past the "both sides" debate -- what is happening now is fascism and un-American to it's core. So yeah, boo hoo about the twitter case.
This continues to make little sense since you continue to ignore that a big % of your made up "real" part of the system also constitutes a part of the bad faith party!
> It should also be based on good faith
Setting the wishes aside, it isn't, the judges easily act in bad faith when it suits them, so this also doesn't explain much.
Neither is it "designed" to take bad faith at face value, again, to be specific - just read the Supreme Court case about this law. The flood/design explain nothing: it would've been just as easy to block the implementation of what the court itself says is an unconstitutional law (see, no "good faith" basis required) and then don't even review it fully because the court has no time (see, the flood can flow in either direction)...
That is specifically limited to contract law (a subset of civil law) which is quite distinct from criminal law.
Contract law requires many things, including "a meeting of minds"; that does not imply that all civil lawsuits and criminal hearings require "a meeting of minds".
> In contract law, the implied covenant of good faith and fair dealing is a general presumption that the parties to a contract will deal with each other honestly, fairly, and in good faith, so as to not destroy the right of the other party or parties to receive the benefits of the contract.
> In law, bona fides denotes the mental and moral states of honesty and conviction regarding either the truth or the falsity of a proposition, or of a body of opinion;
There is nothing in there that supports the assertion:
> It [the legal system] should also be based on good faith.
Any legal system based on good faith will fall over in its very first year of operation. They are usually designed to be resilient to bad faith actors. The problem (which you seem to be alluding to) is that, by design, the system errs on the side of caution.
In order to actually be punished for barratry, for example, there needs to be evidence beyond reasonable doubt. Any doubt as to the bad-faith intention and the system will not proceed with punitive measures.
And that's just for barratry - the other sins that people perpetrate on the system have equally cautionary consequential actions taken.
> flooding the system with bad faith cases and appeals (as trump is doing).
Trump is winning most of these fights in the appellate courts and the Supreme Court. Activist groups are flooding the system with a bunch of weak cases, getting weak, poorly reasoned district court rulings, then getting overturned on appeal.
I feel like you're unfamiliar with the Supreme Court rulings, which are almost unilaterally terrible. The Court has made some very torturous interpretations of procedure and precedent to justify rubber-stamping operations that even the conservative justices will admit are unconstitutional, preferring to instead punt the issue and allow the harm to continue, completely circumventing the merits of the cases. Several of the recent shadow docket decisions regarding injunctions have brought up the equities of the suits in question, making the bizarre claim that enjoining the Executive Branch from doing whatever it wants pending a full trial harms it in greater proportion than the harms being actually inflicted on ordinary people.
> Activist groups are flooding the system with a bunch of weak cases, getting weak, poorly reasoned district court rulings, then getting overturned on appeal.
Trump's > 90% success rate at the Supreme Court should be read as an indictment of the Supreme Court, not of the lower courts.
I am unfamiliar with who I'm replying to, but I don't really care; are they some sort of legal expert? If so, I'd expect them to understand that recent decisions such as Trump v. Casa and McMahon v. New York are pretty flimsy.
What makes you say Trump v. Casa is “flimsy?” The Supreme Court addressed injunctions against the executive in Marbury in 1803. Wikipedia’s write up cites scholars that say federal courts issued between 0 and a dozen nationwide injunctions in the first 175 years of the republic: https://en.wikipedia.org/wiki/Nationwide_injunction. The wikipedia write up is actually quite good on this.
McMahon v. New York is obviously correct. A preliminary injunction is an “extraordinary and drastic” remedy requiring a showing that the plaintiff is likely to succeed in the merits: https://www.justice.gov/archives/jm/civil-resource-manual-21.... The argument that federal courts can supervise a reduction in force where the individual firings aren’t themselves illegal (e.g. race based) is a tenuous argument. Besides, what’s the irreparable harm? Being fired is one of the classic examples of something that can be remedied by after a trial with reinstatement and backpay.
For Trump v. Casa, I'm going to set aside the argument that "nationwide injunctions are bad" because it's not really relevant here. The court has had plenty of opportunities to shut down nationwide injunctions, 14 during the Biden administration according to your linked Wikipedia article, and I think you need to consider what it means that the court only now decides to close that door during this administration and this case, specifically.
With regards to McMahon v. New York, what makes you think that the plaintiff is unlikely to succeed in the merits? The court can absolutely take into consideration the intent of the Trump administration and McMahon as his secretary to illegally shutter the Department of Education. On the one hand, you have the executive branch's ability to oversee a reduction in force; on the other, you have the executive reducing force as an end-run around the duty charged to them by law. If the "unitary executive theory" means that the executive can discharge duties they are bound by law to execute, then the Constitution is meaningless (as Sotomayor cites at the very beginning of her dissent, Article 2 section 3 charges the President to "take Care that the Laws be faithfully executed"). Your argument that irreparable harm extends only to the staff being fired is also naively narrow; the states brought the suit, not the staff of the DoEd. The states argue--correctly--that if the Department cannot carry out its duties, then a vast array of students and teachers that rely on services funded or administered by the DoEd would be harmed. It seems batshit to argue that the harms done to the executive by temporarily curtailing that power outweigh the harms that will be done to an uncertain but certainly vast number of people in the interim. It's worth noting that, in this case, providing relief simply means that the government must maintain the status quo for a few months or however long it takes for the case to work through the courts. Restoring someone's job with back pay is sufficient when one person is fired. It is not sufficient when the executive has eliminated 50% of a statutorily-mandated department of the federal government with an eye to cut more.
> I feel like you're unfamiliar with the Supreme Court rulings, which are almost unilaterally terrible.
On the law, the rulings are correct. Article II, Section 2, cl. 1: "The executive Power shall be vested in a President of the United States of America." QED. The contrary "precedents" were ginned up to support Woodrow Wilson's racist fever-dream of an executive run by "expert" civil servants instead of the elected President: https://ballotpedia.org/%22The_Study_of_Administration%22_by.... I remember sitting in Con Law class and reading these cases thinking how obviously wrong they all were. I couldn't even dream that we would ever be able to clean out this horse stable!
> preferring to instead punt the issue and allow the harm to continue, completely circumventing the merits of the cases.
That's because almost all of the rulings coming up to the Supreme Court were preliminary injunctions where the lower court made no determination of the merits.
> making the bizarre claim that enjoining the Executive Branch from doing whatever it wants pending a full trial harms it in greater proportion than the harms being actually inflicted on ordinary people.
Read Marbury v. Madison and look at how much ink Justice Marshall spends trying to avoid enjoining the Secretary of State to do something as ministerial as delivering an already-signed letter. He literally invented judicial review in an effort to avoid that result. Think about how Marshall's lengthy analysis of how courts can't enjoin discretionary actions of the President would apply to the sweeping injunctions being handed out these days.
> It's become clear that the "shadow law" of simply passing unconstitutional statutes
What makes you think the statute is "unconstitutional?" The Supreme Court hasn't tackled the issue directly, but it upheld a law requiring libraries to install blocking software to restrict access to websites for children: https://en.wikipedia.org/wiki/United_States_v._American_Libr.... Remember that, prior to the reinterpretation of the First Amendment in the mid-20th century, the "obscenity" carve-out was broad enough to outright ban things like pornography, much less allowing access to children.
That said, I suspect that the law is probably unconstitutional, insofar as it's targets at a type of speech (social media) that doesn't fall within any of the traditional exceptions. I don't think the "under 18" rationale holds when you're talking about content that traditionally hasn't been prohibited to children.
Regardless, this isn't an instance of the state blatantly violating some clear Supreme Court precedent. (And even that's okay if you have a good-faith basis for challenging the precedent! That's how impact litigation often works.)
Any physical business has to deal with 100s of regulations too, it just means the same culture of making it extremely difficult and expensive to do anything at all is now coming to the online world as well, bit by bit.
If you ship the wine to the US things are different though.
And if you don't do business in the US there is only so much the US can do. Most importantly it can ask ISPs in the US to block your site. As they do for copyright infringement routinely.
We have all accepted that our countries block copyright violations originating from outside their jurisdiction.
But of course this is a disaster for the free internet. While copyright laws are relatively uniform world wide, so if you respect it locally you're probably mostly fine everywhere, incoming regulation like age verification and limits on social media use, or harassment stuff, is anything but uniform.
To some degree this is also maybe more shocking to people in the US, as the US norms have de facto been the internets norms so far. It is, in any case, not entirely new:
"When Germany came after BME for "endangering the youth" and demanded that I make changes to the site to comply with German law, my response was to simply not visit Germany again (and I'm a German citizen). When the US started to pressure us, we moved all of our servers and presence out of the country and backed off on plans to live in the US. No changes were ever made to the site, and no images were ever removed — if anything, the pressure made me push those areas even more."
How do we deal with the fact that we don't have a global mechanism for agreeing (socially and legally) on necessary regulations, whilemaintaining the social good that is a truly global internet?
> And if you don't do business in the US there is only so much the US can do.
They can order overflights to land to arrest you, if they so desire. They can also block you from the more-or-less all legitimate commerce globally with sanctions. And if they really don't like you, they can kill you without due process.
All of which the US has done to undesirables over the years, and can do again without any controls or checks or balances, to anyone globally.
It wouldn't unless the US is willing to justify having their domestic companies fall under the jurisdiction of other countries. Geopolitical reciprocity is still alive an well as the US is starting to find out.
Yes, because that customer is also in Italy, so Italian law also applies to them.
With the internet it's a lot less clear cut. The user is requesting data from Italy, maybe, but is located in another jurisdiction. Add Cloudflare and the data might even be served from the US by a US company you asked to serve your illegal data.
It's becoming a shit show and is breaking up the global internet.
User or customer? That's quite a difference. When I pay to have goods shipped there's an expectation of regulation that doesn't exist when I chat with someone on the phone. (Admittedly all the free product dumping by tech companies blurs the line.)
The current legal reality is a shitshow but I don't think that's inherent to the situation itself. gTLDs and foreign hosting services certainly complicate things, but then so does choosing to (physically) import supplies from abroad. I'm not convinced there's a real issue there at least in theory.
I think that a single "common carrier" type treaty unambiguously placing all burden on the speaker and absolving any liability arising from jurisdictional differences would likely fix 90% of the current issues. If I visit a foreign run site and lie about my country of residence in order to access material that isn't legal where I reside the only liable party in that scenario should be me.
Tbf the Italian restaurant would likely serve you wine if you were 14, and the owner is probably underreporting cash earnings to avoid taxes, and sells bootleg cigarettes without the tax seals from behind the counter...
Indeed - the same here in Spain. One gets used to certain classes of regulation being flaunted much more openly in Europe than they would be in the US.
A blog is speech, but I wouldn't say that deciding to operate a social media site is speech. That said, there are plenty of good reasons to oppose this law.
A social media site is speech (and/or press, but they are grouped together in the first amendment because they are lenses on the same fundamental right not crisply distinguishable ones); now, its well recognized that commercial speech is still subject to some regulations as commerce, but it is not something separate from speech.
I would disagree, for example section 230 reads "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." The content of the site is obviously speech/press, but the decision to operate the site doesn't seem like it is. Very possible I'm mistaken and there is case law to the contrary though, it's a nuanced argument either way
Not sure why you cite Section 230 as if it had anything to say about what is Constitutionally speech; other than inverting the relation between the Constitution and statute law, that is a pretty big misunderstanding of what Section 230 is (and the broader Communication Decency Act in which it was contained was) about.
I suppose this is what confused me then, as it seemed obvious that e.g. the Facebook reccomendation algorithm isn't speech, so if a social media site would be considered speech it would be due to the user content. Section 230 doesn't in any way supercede the constitution, but it does clarify which party is doing the speech and thus where the first ammendment would apply.
A lot of people want to conflate several things that shouldn't be conflated. To clarify:
* The First Amendment generally prohibits the government from enacting any laws or regulations that limit speech based on its content (anything you might reasonably call "moderation" would definitely fall into this category!).
* Private companies are not the government. Social media networks are therefore not obligated to follow the First Amendment. (Although there is a decent argument that Trump's social media network is a state actor here and is therefore constitutionally unable to, say, ban anybody from the network.)
* Recommendation algorithms of social media networks are protected speech of those companies. The government cannot generally enact a law that regulate these algorithms, and several courts have already struck down laws that attempted to do so.
* §230 means that user-generated speech is not treated as speech of these companies. This prevents you from winning a suit against them for hosting speech you think injures you (think things like defamation).
* §230 also eliminates the liability of these companies for their moderation or lack thereof.
There remains the interesting question as to whether or not companies can be held liable via their own speech that occurs as a result of the recommendation algorithms of user-generated content. This is somewhat difficult to see litigated because it seems everybody who tries to do a challenge case here instead tries to argue that §230 in its entirety is somehow wrong, and the court rather bluntly telling them that they're only interested in the narrow question doesn't seem to be able to get them to change tactics. (See e.g. the recent SCOTUS case which was thrown out essentially for this reason rather than deciding the question).
> Section 230 doesn't in any way supercede the constitution, but it does clarify which party is doing the speech
No, it immunizes certain parties from being held automatically liable (without separate proof that they knew of the content, as applies to mere distributors [0]), the "publisher or speaker" standard being the standard for such liability (known as publisher liability.)
It doesn't "clarify" (or have any bearing on) where the First Amendment would apply. (In fact, its only relevant when the First Amendment protection doesn't apply, since otherwise there would be no liability to address.)
[0] subsequent case law has also held that Section 230 has the effect of also insulating the parties it covers against distributor liability where that would otherwise apply, as well, but the language of the law was deliberately targeted at the basis for publisher liability.
So they are not the speaker for the purposes of liability, but they are the speaker for the purposes of first ammendment protections? That doesn't make sense to me, but it certaintly wouldn't be the most confusing law on the books and you seem to be more informed on the topic than me. Do you have any insight on how that dynamic would apply to something like The Pirate Bay? Intuitively on that basis, users uploading content would be liable, but taking down the site would be a violation of the operator's first ammendment rights.
> So they are not the speaker for the purposes of liability, but they are the speaker for the purposes of first ammendment protections?
People who are not “the speaker or publisher” for liability purposes have Constitutional first amendment free speech rights in their decision to interact with content, this includes distributors, consumers, people who otherwise have all the characteristics of a “speaker of publisher” but are statutorily relieved of liability as one so as to enable them to make certain editorial decisions over use generated content without instantly becoming fully liable for every bit of that content, etc., yeah.
And arguing the alternative is you making the exact inversion of statute and Constitution I predicted and which you denied, that is, thinking Section 230 could remove First Amendment coverage from something it would have covered without that enactment.
Speech isn't just shouting into the void; it's dialogue back and forth between two or more different people. Social media sites such as Hacker News and the WELL facilitate this, even when they aren't businesses, in much the same way as a dinner party or a church picnic does.
> Speech isn't just shouting into the void; it's dialogue back and forth between two or more different people.
In some cases this arises in US Constitutional law as the freedom of other people to seek and encounter the speech, though I'm not sure if there's a formal name for the idea. (e.g. "Freedom of Hearing".)
Sure, speech happens on and is facilitated by social media sites, but that doesn't imply that operating a social media site is a form of speech any more than operating a notebook factory is.
If having a dinner party at your house gets you busted by the police, you are not living in a liberal society. If notebook factories are under tight surveillance to ensure that their notebooks are serialized and tracked because bad people might use them to plot crimes, you are not living in a liberal society.
I agree in that narrow sense—but shutting down social media sites denies the sites' users their human right of expression, as well as other basic human rights*. The fact that the site operator doesn't necessarily suffer this harm† seems like an irrelevant distraction, and I have no idea why you brought it up, or why you keep repeating it, if you agree that the site users are being illegitimately harmed.
______
* See UDHR articles 12, 18, 19, and 20. This is not an issue limited to the provincial laws of one small country.
† Unless the site operators also use of the site, in which case they too do suffer it; this is in my experience virtually always the case with the noncommercial sites that it is most important to protect.
In the context of "Law requires age verification for social media sites" and "This is an example of the kinds of onerous regulations physical business owners have to comply with being forced on website operators", I took your comment that "Websites aren't necessarily businesses; they're speech." to mean that operating a social media website wasn't like operating a business because it's a form of speech.
If social media sites are shut down but I am free to post my opinions on my personal blog site, how is my freedom of speech affected?
Did I not have freedom of speech before social media existed?
Is there an implication in freedom of speech that any speech facilitating service that can be offered must be allowed to operate? That's at least not obvious to me.
I echo what others said: There are good reasons to oppose all this, but blanket cries of "free speech" without any substance don't exactly help.
It sounds like you are falling into the sort of confusion that leads people to sometimes wonder if murder is actually wrong in a world where cancer and hunger exist.
On the contrary, you appear to be suffering the confusion that a service which facilitates a legally protected activity cannot be regulated, interfered with, or discontinued in the general case. Typically only targeted, motivated interference would constitute a violation.
Shutting down a notebook factory for dodging sales tax is not a violation of the rights of would-be purchasers.
I am fairly sure I am not confused. Instead I believe the post I am replying to didn't actually advance a coherent argument, but just appealed to emotions.
I am not sure that I have ever encountered anyone confused in the way you describe either...
Right. But if I open a physical business I only need to abide by the laws of that state. This is definitely an order of magnitude more regulation to deal with.
But yeah, this definitely sounds like a business opportunity for services or hosts.
> definitely sounds like a business opportunity for services or hosts.
Capitalism at its best. We have a definite problem with over-regulation and a judicial system that isn't coping nor keeping up. Capitalism, instead of fixing the problem, makes a business model out of it.
Capitalism: Why fix it when you can make money of it.
Closely followed by the BETTERID act in response to sites using substandard identity providers, a set of stringent compliance requirements to ensure the compliant collection and storage of verification documentation requiring annual certification by an approved auditing agency who must provide evidence of controls in place to ensure [...]
What would you have preferred? Of course you'd prefer if the law never existed in the first place, but I don't see having a third party auditor verify compliance is any worse than say, letting the government audit it. We don't think it's "regulatory capture" to let private firms audit companies' books, for instance.
Hopefully data centers will be built in more free states. If I live in California, and run a server in California that responds to requests coming from an ISP in California, at what point do I become subject to Mississippi law that I never had a chance to vote for?
If anything, communications between Mississippi and California would be interstate commerce and would thus fall under federal legal jurisdiction.
> should I have to abide by California privacy laws?
It seems these are the conditions:
As of January 1, 2023, your business must comply with both the CCPA and the CPRA if you do business in California and meet any one of the following conditions:
* Earned $25 million in gross annual revenue as of January 1 from the previous calendar year
* Annually buys, sells, or shares the personal information of 100,000 or more California consumers or households
* Derived 50% or more of your gross annual revenue from the selling or sharing of personal information
Also lots of states have their own data privacy laws.
I wasn't trying to suggest California was alone with such laws. Only pointing out they do indeed have internet laws that cross state boundaries, far from the "free state" suggested by the parent comment. Lots of states have such laws, and I generally do agree such things are good.
And yes, in this particular circumstance for this specific law as currently written a private blog doing it's own normal things probably wouldn't infringe or be subject to these rules.
But what about a Utah focused social media site that does have $25M in revenue? It's not trying to court California users. Why should they have to be liable to laws in a state they never intended to do business in? It's these Californians leaving California to interact with an org across state lines. Whatever happened to state sovereignty? Should an Oklahoman be required to buy only 3.2% beer in Texas as well or have some Texas beer and wine shop face the wrath of Oklahoma courts for serving an Okie some real beer?
Where did that web transaction actually happen? On the client or on the server? Where did the data actually get stored and processed?
IMO we're past the time of patchwork laws. The social experiment of figuring out what makes some sense is largely over at least for the basics. It's time for real federal privacy laws to make a real, enforceable nationwide policy.
Yes, but that would require a preemptive blocking strategy in actual practice.
> It's not trying to court California users.
The point that is being made, is that even a site generally designed and expected to be used by Utah citizens can become liable to Californian law because a Californian created an account.
Just as with "over 18" banners, I expect that if all users self-certify as being non-californians the law won't apply to you. And that seems perfectly reasonable to me. Perhaps with the exception that I also think that a modal banner to the effect of "you acknowledge that you are now doing business in Utah" also ought to suffice.
If you actually sell things to Californians that's different. At that point, yeah, I think you _should_ be subject to California law. You're doing the equivalent of mail order business with a resident after all.
I'm not soliciting legal advice, not looking for an opinion on how things are today but asking how we think society and laws should be overall.
If I operate a healthcare facility in New Mexico and a Texan comes in asking an addition, should I be liable to Texas abortion laws? Should they be held liable for an abortion that happened out of the state?
More to the point, why would anyone outside of Mississippi need to comply? What legal grounds do they have to dictate what other people do outside of their state?
I worry that as a mastodon server operator I could be found guilty of violating their state law and if one day I decide to visit or transit in the state I could be punished say by arrest.
Same goes for other countries as well. It’s insane.
> Between this and the UK Online Safety Bill, how are people meant to keep track?
At this point, I almost welcome all these laws. The more they restrict us, the more potential felons, but they can't fine and put us all in jail, no? Chronic over-legislation will crush from its own weight.
That said, like the saying of markets staying irrational longer than people can afford to, the realistic outcome is that bureaucracy will survive longer than a functioning society. Legislation will continue until morale improves.
>Chronic over-legislation will crush from its own weight.
Ideally, yes. I think the reality however will be that most "perpetrators" will be ignored, and anything else will be easy wins and collateral damage to small site operators that these regulators to happen to notice.
Its things like this that make me want the internet excluded from all legal systems as extra territorial. There should be no laws governing the internet. Almost uniformly they are stupid. The most success law enforcement gets out of capturing pedos is setting up honeytraps anyway.
I would argue privacy laws are good. But I do think laws that apply to the internet in the US should only come at a federal level. That would help with uniformity.
Individuals are not meant to keep track, they're meant to leave the ecosystem. These types of bills are the end product of the process of regulatory capture by the corpos.
Corpos create centralized watering holes that are magnets for social problems, offering low effort service and very little accountability for early users. Corpos then nurture these uses because they drive engagement, and at the early stage any usage is good usage. When the wider public catches on and starts complaining, corpos then cast it as outside meddling and reject addressing the problems they're facilitating, as curation at scale would cost too much. Corpos then become a straightforwardly legible target for politicians to assert control over, demanding some kind of regulation of the problem. Corpos then lobby to make sure such laws are compatible with their business - like simply having to hire more bureaucrats to do compliance (which is the sine-qua-non of a corpo, in the first place). The last few steps can repeat a few cycles as legislation fails to work. But however long it takes, independent individual hosters/users are always left out of those discussions - being shunned by the politicians (individuals are hard to regulate at scale) and the corpos (individuals turn into startups, ie competition). Rinse and repeat.
States should come together with their neighboring states to start passing identical model legislation for this sort of stuff, if we don’t have unity across the country. It could be easy and voluntary for the states to do.
The US doesn’t have 50 different cultures with totally different values, but probably has like… 7.
Getting ~340M people to agree on anything is too hard, and now a good chunk of us seem to think the government can’t do anything productive at all. IMO, it would be nice to have an in between layer to do bigger things.
Ok, sorry for the poor writing. I mean states could form informal groups with likeminded states. So, the northeast could all pass the same law, the pacific coast, Texas and friends, wherever else.
Expecting laws to instead propagate from neighbor to neighbor as I accidentally suggested—this wasn’t what I meant to suggest, but in defense of the idea:
> At some point it makes more sense to pass such a law at the federal level since we end up there eventually either way.
I do think there still could be some value. Laws could propagate across states that are more receptive to them, and then people can see if they work or not. Porting Masshealth to the whole country at once seems to have been a little bumpy. If it has instead been rolled out to the rest of New England, NY, then down to Pennsylvania… might have gone a little smoother.
Probably not? I didn’t play it but I don’t think anybody would target a postapocalyptic fiction setting as a goal.
More like: look at the EU, extrapolate how it would look after a little more unification, and then take advantage of the fact that we’re made up of small states already that can group ourselves up as fits. Germany and France seem all-right, so we should organize ourselves into Germany and France size units.
Who says you have to have 340 million people agree? Congress's approval rating hovers around 20% for years and years— they haven't been interested in the will of the people for a long time.
The US would make a lot more sense if it split up between two or three different countries. There's a lot of stuff in US politics which people feel strongest about but are absolutely mutually exclusive.
I think it's going to happen one way or another and the most peaceful way to do it would be sooner rather than later.
We’re better as one country, we just need a France or Germany sized organizational unit that can do interesting projects but is still small enough to be agile.
Not a great line of argument. Vast parts of the US are not food secure and are "basically propped up by" a conservative bread basket. Large portions of the agricultural industry are not economically viable without illegal immigrants. Much of the defense industry and military is populated by conservatives. Such examples are as numerous as they are irrelevant to sensible discussions of policy.
It seems relevant to the chain of comments they were responding to. They are disagreeing with the comment that says multiple states might want to split up the country now, by pointing out that some of them might not be economically viable if they did.
You’ve come up with more reasons not to split up the country, by pointing out some ways the other parts of the country might have trouble.
I think (correct me if I’m wrong) you disagree with the partisan jab at the end, not the actual line of argument.
Instead of just relying on your intuition, you can just look this up, because it's a well-studied question. One simple search is for "fractionalization". If you'd like me to save you the trouble, then, with respect to your claim here: no.
Ever spent any time in Houston, Los Angeles, Miami, San Jose, Casper, Traverse City, Nashville, New York, Buffalo, New Orleans, Cortez, Lubbock, Chicago, Salt Lake City, Minneapolis, Jackson, Boston, Seattle?
In your mind, are these all filled with people who look the same, sound the same, practice the same religion, immigrated from the same place?
You pretty much just plug the IP into a geolocating API and hope. There's nothing else to do. Any collateral damage is on the legislation, not any individual site or admin.
As you say, IP geolocation is unreliable. Unfortunately that's the only option. If it is technologically impossible to comply with the law, you just gotta do the best you can. If someone in MI gets a weird IP, there's absolutely nothing any third party can do. That's on the ISP for not allocating an appropriate IP or the legislators for being morons.
I wonder what is a "commercially reasonable effort" for a non-commercial website to collect, accurately verify, and securely store everyone's identity, location, and age?
Personally I'd say none at all, unless the government itself provides it as a free service, takes on all the liability, and makes it simple to use.
It also defines personally identifiable information as including "pseudonymous information when the information is used by a controller or processor in conjunction with additional information that reasonably links the information to an identified or identifiable individual." But it doesn't specify what it means by 'controller' or 'processor' either.
If a hobbyist just sets up a forum site, with no payment processor and no identified or identifiable information required, it would seem reasonable that the law should not apply. But I'm not a lawyer.
Clearly, however, attempting to comply with the law just in case, by requiring ID, would however then make it applicable, since that is personally identifiable information.
> I wonder what is a "commercially reasonable effort" for a non-commercial website to collect, accurately verify, and securely store everyone's identity, location, and age?
> Personally I'd say none at all, unless the government itself provides it as a free service, takes on all the liability, and makes it simple to use.
1. There are many commercial services that do identity verification. There are many other commercial websites that have tools to do identity verification themselves. There are industry published best practices for these types of activities. All of these are evidence that you could use to demonstrate how you are making a commercially reasonable effort.
2. It's completely irrelevant whether you consider your website "commercial" or not. The law defines which websites it applies to, based on the activities they engage in.
3. Since when does the government have to give you compliance tools for free in order to require something of you? This isn't the standard for anything anywhere. Compliance with the law is often quite expensive. Honestly, buying an identity verification service is pretty cheap in the spectrum of compliance costs.
> If a hobbyist just sets up a forum site, with no payment processor and no identified or identifiable information required, it would seem reasonable that the law should not apply. But I'm not a lawyer.
You don't have to guess whether or not this is reasonable or not. If you read the law, you'll see that it says it only applies to sites that collect personally identifiable information.
From the above link, again:
> "Digital service" means a website, an application, a program, or software that collects or processes personal identifying information with Internet connectivity.
> "Personal identifying information" means any information, including sensitive information, that is linked or reasonably linkable to an identified or identifiable individual. The term includes pseudonymous information when the information is used by a controller or processor in conjunction with additional information that reasonably links the information to an identified or identifiable individual. The term does not include deidentified information or publicly available information.
Completely agree. If someone starts, says a whiskey tasting club, they can easily weed out minors by checking for a government issued ID at the door. It is free, scalable and provided by the government.
If the government want hobbyists to do age verification online then they should provide a solution that is 100% free AND easy to implement.
Government IDs are not free or scalable. You need someone to check them. They also cost money to obtain.
You have conceded that sites with user-generated content should be age restricted. The question for the court is if a state can pass a law making that requirement.
Remember that massive surveillance capitalism apparatus that has been created for years? Now everyone must pay for it to legally comply with whatever arbitrary bullshit no matter how expensive the data becomes
> The most popular GeoIP database has a free tier that would easily work for this
The free tier does have limits on the number of API calls can you can make. But the good news is you don't have to use their API. You can download the database [1] and do all the lookups locally without having to worry about going over their API limits.
It consists of 10 CSV files and is about 45 MB compressed, 380 MB uncompressed. For just identifying US states from IP address you just need 3 of the CSV files: a 207 MB file of IPv4 address information, a 120 MB file for IPv6, and a 6.7 MB file that lets you lookup by an ID that you find in one of the first two the information about the IP address location including state.
It's easy to write a script to turn this into an SQL database that just contains IP ranges and the corresponding state and then use that with sqlite or whatever network database you use internally from any of your stuff that needs this information.
If you don't actually need Geo IP in general and are only adding it in order to block specific states you can easily omit IPs that are not mapped to those states which would make it pretty small. The database has 3.4 million IPv4 address ranges, but only 5 359 of them are listed as being in Mississippi. There are 1.8 million address ranges in the IPv6 file, and 3 946 of them are listed as being in Mississippi.
Here's how to get the Mississippi ranges from the command line, although this is kind of slow--the 3rd line took 7.5 minutes on my M2 Mac Studio and the 4th took almost 4 minutes. A proper script or program would be a lot faster.
Also a proper script or program would be able to look specifically at the correct field when matching the ID from the locations file to the IP range lines. The commands above just hope that things that look like location IDs don't occur in other fields in the IP range files.
Sure, but it is quite common for companies offering database access to offer that via an API to query the database on their server rather than letting customers download the whole database for local use.
It thus seemed worthwhile to make it clear that MaxMind does let you download the whole database.
As far as libraries go sure that's a possibility. But for people who just need a simple IP to country or IP to US state lookup and need that from a variety of languages it may be overall less annoying to make your own DB from the CSV files that just handles what you need and nothing more.
I've already got libraries for sqlite, MySQL, or both for every language I use where I need to do these lookups, and almost all the applications that need these lookups are already connecting to our databases. Add an IPv4_to_Country table to that database (that they are already using) and then it just a matter of doing a "select country_code from IPv4_to_Country where ip_low <= ? and ? <= ip_high" with the two '?'s replaced with the IP address we want to lookup, probably using a DB handle they already have open.
Many would find that a lot easier than adding a dependency on a 3rd party GeoIP library. Beside it being one more thing on each machine that needs periodic updating (or rather N more if you are working in N different languages on that machine), I believe that most of these libraries require you to have a copy of the download database on the local machine, so that's another thing you have to keep up to date on every server.
With the "make your own simple SQL DB" approach you just have to keep an up to date download from MaxMind on the machine that builds your SQL DB. After building the SQL DB you then just have to upload it to your one network DB server (e.g., your MySQL server) and all your apps that query that DB are up to date no matter what server they are on or what language they are in.
If you are building an sqlite DB for some of your apps, you do have to copy that to all the servers that contain such apps, so you don't totally escape having to do updates on those machines.
If making the SQL DB were hard then maybe reducing dependencies and reducing the number of things that need updates might not be worth it, but the CSV files are organized very sensibly. The scripts to make the SQL DBs are close to trivial if you've got a decent CSV parser in the language you are writing them in.
>Remember that massive surveillance capitalism apparatus that has been created for years? Now everyone must pay for it to legally comply with whatever arbitrary bullshit
Calling geoip databases "surveillance capitalism" seems like a stretch. It might be used by "surveillance capitalism", but you don't really have to surveil people to build a geoip database, only scrape RIR allocation records (all public, btw) and BGP routes, do ping tests, and parse geofeeds provided by providers. None of that is "surveillance capitalism" in any meaningful sense.
If selling the physical location information of users isn't surveillance capatalism, then the term doesn't mean anything. "We don't surveil people, we just try to find out where they live and sell that data"
If that's "surveillance capitalism", what's your opinion on databases that map phone numbers to locations? eg. when you get a phone call from 217-555-1234, and it shows "Springfield, IL"? Is that "surveillance capitalism"? That's basically all geoip databases are. Moreover there's plenty of non "surveillance capitalism" uses for geoip that make it questionable to call it "surveillance capitalism". Determining the region for a site, or automatically selecting the closest store, for instance. Before the advent of anycast CDNs, it was also basically the only way to route your visitors to the closest server.
Is there a single company out there making it's money selling access to an area code database? GeoIP databases are much higher resolution and use active scanning methods like ping timing. If a company was spam calling me to estimate distance based on call connection lag, yes that would be surveillance capitalism.
There are companies out there making money selling any kind of data you can imagine. A quick search shows dozens of companies offering this data for sale.
> Is there a single company out there making it's money selling access to an area code database? GeoIP databases are much higher resolution and use active scanning methods like ping timing. If a company was spam calling me to estimate distance based on call connection lag, yes that would be surveillance capitalism.
Phone number assignments are mostly public, you don't really need to pay for this information, but there are certainly those who will sell it to you.
Of course, phone numbers don't really tie you to a rate center anymore, but a rate center is often much more geographically specific than an address for a large ISP. What I've seen near me, is a rate center often ties the number to a specific community. Larger cities often have several rate centers, smaller cities may have their own or several small cities may have one. Of course, phone company wiring tends to ignore municipal boundaries.
On the other hand, most large ISPs tend to use a single IP pool for a metro area. Not all large providers do it that way, of course, and larger metro areas may be subdivided. You can't really ping time your way to better data there either, most of the last mile technology adds enough latency that you can't tell if the customer is near the aggregation point or far.
>Is there a single company out there making it's money selling access to an area code database?
So if someone is making money off of it it's suddenly "surveillance capitalism"? What makes it more or less "surveillance capitalism" compared to aws selling cloudfront to some ad company?
Moreover you can do better than area level code granularity. When landlines were more common and local number portability wasn't really a thing, can look at the CO number (second group) to figure out which town or neighborhood a phone number was from. Even if this was all information you could theoretically determine yourself, I'm sure there are companies that package up the data in a nice database for companies to use. In that case is that "surveillance capitalism"? Where's the "surveillance" aspect? It's not like you need to stalk anyone to figure out where a CO is located. That was just a property of the phone network.
>GeoIP databases are much higher resolution and use active scanning methods like ping timing. If a company was spam calling me to estimate distance based on call connection lag, yes that would be surveillance capitalism.
Why is the fact it's "active" or not a relevant factor in determining whether it's "surveillance capitalism" or not? Moreover spam calling people might be bad for other reasons, but it's not exactly "surveillance".
Surveillance definition "Systematic observation of places and people by visual, aural, electronic, photographic or other means." If you are pinging someone's IP to determine their physical location, you are engaged in a form of surveillance. If you have a copy of the table of area codes to city mapping, you are not engaged in surviellance. If you aren't trying to make money, you are not engaged in capitallism.
>Surveillance definition "Systematic observation of places and people by visual, aural, electronic, photographic or other means." If you are pinging someone's IP to determine their physical location, you are engaged in a form of surveillance.
Setting aside the problem with pinging home IPs (most home routers have ICMP echo requests disabled), your definition of "systematic observation" seems very flimsy. Is monitoring the global BGP routing table "systematic observation"? What about scraping RIR records? How is sending ICMP echo requests and observing the response times meaningfully similar to what google et al are doing? I doubt many people are upset about google "systematically observing"... the contents of books (for google books), or the layout of cities (for google maps, ignoring streetview). They're upset about google building dossiers on people. Observing the locations of groups of IP addresses (I'm not aware of any geoip products that can deanonymize specific IP addresses) seems very divorced from that, such that any attempts at equating the two because "systematic observation" is non-nonsensical.
It seems like you missed the specifier "of places and people". Books are not people or places, but an IP addresses at any point in time is tied to either a specific person or place.
> They're upset about google building dossiers on people.
Their location being in that dossier is part of what upsets people.
>but an IP addresses at any point in time is tied to either a specific person or place.
Except I'm not aware of any geoip databases that operate on a per-IP level. It's way too noisy, given that basically everyone uses dynamic IP addresses. At best you can figure out a given /24 is used by a given ISP to cover a certain neighborhood, not that 1.2.3.4 belongs is John Smith or 742 Evergreen Terrace.
At least in some cases, e.g. when multiple devices that are logged into their respective Google accounts are using that IP, and Google knows what location those usually reside at when together.
I've had Google pop up reliable location results for me, to the granularity of a small town, even if they had no information about me specifically to help them deduce this. It doesn't always happen though.
Good to know, that does shift my opinion a bit. There is a spectrum from surveilling individuals to gathering population statistics. I'm not sure exactly where data that identifies a user to a group size of ~250 falls, especially given the geographic correlation, but it's definitely better.
Not really, but there are companies making their money selling a mapping of phone numbers to real names[1].
It's an uniquely American thing (Canada does it too, but access is regulated much more tightly).
This one[2] I could get reliable results from for free, but it seems to be "under maintenance" right now. Twillio just offers it as a service at 1 cent per number.
I'm surprised this is notable these days, because the mapping of numbers to names used to be a completely free service that was dropped off on everyone's front porch.
Phone directories were one of these weird "one way" services.
In principle, you could use them to map numbers to names, but the way they were designed, it was a lot more effort than using them to map names to numbers. That was deliberate I think.
> Calling geoip databases "surveillance capitalism" seems like a stretch. It might be used by "surveillance capitalism", but you don't really have to surveil people to build a geoip database, only scrape RIR allocation records (all public, btw) and BGP routes, do ping tests, and parse geofeeds provided by providers. None of that is "surveillance capitalism" in any meaningful sense.
How is it not? Most "normal" surveillance works the same way - you look up public records for the person you're going after, cross-reference them against each other somehow, and eventually find enough dirt on them or give up. This is surveillance, and it's being done by and in the interests of capitalism.
Vancouver residents may as well be Oregonians anyway. Most of them are paying OR income tax. They do most of their shopping and entertainment in Oregon too.
I work for a Portland company at home in Vancouver so I get to skip their income tax. It's a 10-15 minute drive to the PDX area where there is a Best Buy, Ikea and other stores where I can easily skip sales if I want to.
ISPs have no obligation, although the ubiquity of sites and apps relying on IP geolocation mean that ISPs are incentivized to provide correct info these days.
I run a geolocation service, and over the years we've seen more and more ISPs providing official geofeeds. The majority of medium-large ISPs in the US now provide a geofeed, for example. But there's still an ongoing problem in geofeeds being up-to-date, and users being assigned to a correct 'pool' etc.
Mobile IPs are similar but are still certainly the most difficult (relative lack of geofeeds or other accurate data across providers)
Mobile IPs reflect the user's "registered area" at best, not their actual location.
This is mostly because of how APNs / G-GNS / P-GW systems work. E.G. you may have an APN that puts you straight in a corporate network, and the mobile network needs you to keep using that APN when roaming. This is why your roaming IP is usually in the country you're from, not the one you're currently in.
I've heard of local breakout being possible, but never actually seen it in practice.
Required? Not sure, but probably not, but they do so to monetize your metadata and provide hints to websites so they show language- and country-localized "local" versions of websites before/instead-of/as-a-fallback-to requesting location permissions.
Ah! Thank you. I was wondering why mjg59 needed to geo-block people on his blog. I had no idea dreamwidth was a platform and he was only a user of that platform. I don't think I've ever seen anyone else's content on that site. Now I feel dumb because I've been calling him "dreamwidth" in my head for years.
I appreciate that not all modern post 1776 democracies are the same, but in Australia, whose constitution was informed hugely by the US constitution, Federal communications law takes supremacy over states, and states laws cannot constrain trade between the states. There are exceptions, but you'd be in court. "trade" includes communications.
So ultimately, isn't this heading to the FCC, and a state-vs-federal law consideration?
-Not that it means a good outcome. With the current supreme court, who knows?
In his concurring opinion, Justice Kavanaugh said it was likely unconstitutional (but apparently not obviously enough to enjoin it) [1]. So it's going into effect, then the lawsuit follows.
Similar laws in California, Arkansas and Ohio were all found unconstitutional, so I am hopeful. That said, these were all district court decisions, and all of them are being appealed. When they lose on appeal, they go to the Supreme Court for (hopefully) the final smack-down.
Interestingly, reading the summary MS HB1126 [2], this law is doing two things. It regulates companies and defines crimes.
States are allowed to set their own criminal codes. If Mississippi drops the mandate part and passes a new law that simply defines certain things as crimes with corresponding penalties, that law would probably be constitutional.
> States are allowed to set their own criminal codes. If Mississippi drops the mandate part and passes a new law that simply defines certain things as crimes with corresponding penalties, that law would probably be constitutional.
States have limits to what things they define as crimes. Defining certain type of trade to be criminal is regulating trade. And regulating interstate trade is reserved for Congress. Yet, many state laws criminalize some commerce, and case law has expanded interstate commerce to often include sales where the buyer, seller, and manufacturer are all in the same state... consistency is not a strength of our system.
In theory yes, but in reality the "Dormant Commerce Clause" is weak protection.
We've let states set their own "internet services" taxes, making selling anything online in the US a regulatory nightmare. A third-party vendor to manage (and keep up with) the tax laws to stay compliant is basically required for anyone selling online, or risk the wrath of various state tax bodies.
Clueless human, but what stops a company from ignoring these laws from certain states? How is this enforceable if a company doesn't have any infrastructure within that state?
> Clueless human, but what stops a company from ignoring these laws from certain states?
The threat of lawsuits.
> How is this enforceable if a company doesn't have any infrastructure within that state?
If you are intentionally doing business in a US state, and either you or your assets are within the reach of courts in the US, you can probably be sued under the state's laws, either in the state's courts or in federal courts, and there is a reasonable chance that if the law is valid at all, it will be applied to your provision of your service to people in that state. Likewise, you have a risk from criminal laws of the state if you are personally within reach of any US law enforcement, through intrastate extradition (which, while there is occasional high-profile resistance, is generally Constitutionally mandatory and can be compelled by the federal courts.)
That's why services taking reasonable steps to cut off customers accessing their service from the states whose laws they don't want to deal with is a common response.
That sounds a lot like regulating cross-state commerce, which is traditionally the purview of the federal government. Not that I have any real faith in this particular federal government or Supreme Court jealously protecting federal supremacy in this particular case.
> That sounds a lot like regulating cross-state commerce, which is traditionally the purview of the federal government.
Except for very specific things that are forbidden to the states in Art. I Sec. 10, or where Congress has specifically closed off state action in its own actions under the Interstate Commerce Clause, states retain the ability to regulate commerce in manners that impact interstate commerce so long as they do not discriminate against interestate commerce compared to in-state commerce in such regulations.
"The Zone of Death is the 50-square-mile (130 km2) area in the Idaho section of Yellowstone National Park in which, as a result of the Vicinage Clause in the Constitution of the United States, a person may be able to theoretically avoid conviction for any major crime, up to and including murder"
That's a separate thing -- it's not about being in a different state from where the crime was committed, it's about (supposedly) it being procedurally impossible to give you the jury trial you have to have, because literally no one lives in the relevant district.
No, because no one lives in the relevant combination of state and district, hence why only portion of the District of Wyoming that is actually in the State of Idaho is affected.
Which really just means of anyone tried to exploit the loophole and wasn’t politically untouchable cough, everyone would just ignore the problem and assign them to some nearby district or whatever.
It seems like a problem of states trying to pass laws that control things outside their borders. The jurisdiction of Louisiana courts is Louisiana.
I mean it would be absurd if an anti-death-sentence state started trying to extradite the executioners working in pro-death-sentence states for murder, right?
If the executioner did their work in the anti-death-sentence state it wouldn't seem to be absurd, no. E. g. if they had pulled the cord that activated the electric chair remotely from a pro-death-sentence state (tele-execution ... sounds very BlackMirror).
Not by the same definition, no, its not, though there is a crime called "murder" in all states, and there tends to be significant overlap in the definitions.
Even if there aren't (there are cases where individuals fight extradition to other states though I have no idea if that's ever effective, and questions of conflict between states has come up recently regarding interstate prescribing of abortion medications, etc. with some states explicitly stating that they will not cooperate with Texasistan), a civil judgement against an entity operating in one state could likely be enforced without even interacting with the state where that entity exists - e.g. if they're using a bank with a presence in MS, the state might be able to simply go after their accounts held with the national-scale bank.
Apparently, U.S. statutory and case law establish that a business has an "economic nexus" in a state can be made subject to that state's laws. An economic nexus doesn't require a physical presence, just sufficient economic activity. Sufficient economic activity is usually defined, by each state, according to revenue or volume of transactions. Another test for an economic nexus is something called purposeful availment, which is whether a business is targeting the residents of a jurisdiction. So it seems like, "Are you intentionally selling to Missouri residents?"
To enforce all this, states can sue companies and they can take steps to ensure companies can't do business in their state (so like maybe force ISPs to block Dreamwidth?).
Iirc, there was case law where a site was successfully found guilty because the site allowed ads, and the advertisers were targeting based on ip location. Not the site! The site didn't even log that data. But the ads were used as the vector of purposful availment.
When I get the time, I'll be hosting a site from my closet that allows anything short of csam and I will reject states like MS and TX. My final act will be to die. But I don't much want to live.
You can't "elevate" state criminal charges to federal charges, though the state can simply seek your extradition (which, if the receiving state resists, the federal courts can enforce, because it is a Constitutional obligation).
(It is possible for state charges existing to make other actions federal crimes, though, e.g., there is a federal crime of interstate travel to avoid prosecution, service of process, or appearance as a witness. But state charges themselves can't get "bumped up" to the federal level.)
You can’t elevate something to federal charges that is not a federal crime, mostly committed across state lines (at least not in a just system); and the interstate commerce clause and possibly the free speech clause would likely be where that gets hung up.
There is a certain group in the USA that is working hard on undermining the rights of the people of America, the enemies, foreign and domestic, per se; and this is part of their plank to control speech through fear and total control and evisceration of anonymity.
I support controlling access to porn for children, especially since I know people who were harmed and groomed by it, but these types of laws are really just the typical liar’s wedge to get the poison pill of tracking and suppression in the door.
I hope some of the court cases can fix some of these treasonous and enemy acts by enemies within, but reality is that likely at the very least some aspects of these control mechanisms will remain intact.
If it really was about preventing harm against children, then they would have prevented children from accessing things, not adults. But that’s how you know it’s a perfidious lie.
This MS situation is just another step towards what they really want, total control over speech, thought, and what you are able to see and read.
This MS situation is just a kind of trial balloon, a probe of the American people and the Constitution and this thing we still call America even though enemies are within our walls dismantling everything.
As you may have read, in MS they are trying to require all social media companies to “…deanonymize and age-verify all users…” …… to protect the children, of course. So you, an adult, have to identify yourself online in the public square that is already censored and controlled and mapped, to the government so it can, e.g., see if you oppose or share information about the genocide it is supporting … to protect Mississippi children, of course.
There used to be the "Oregon sales tax loophole" where residents of neighboring states (Washington, California, Idaho) would make large purchases (car) just over the border in Oregon where there was no sales tax.
That loophole got closed once inter-state data sharing became possible and Oregon merchants were required to start collecting those out-of-state taxes at the point of sale.
How would that have ever worked for a car in OR as a CA resident? You don't need inter-state data sharing when you have to register the newly-purchased car with the CA DMV and fill out the form saying you bought it inside or outside of CA. If you said "inside" when you didn't CA could likely catch that discrepancy against purely in-state dealer/tax records; if you said "outside" then they're gonna make you pay the tax difference.
Now, buying a fancy computer or something... but a car?
> How would that have ever worked for a car in OR as a CA resident? You don't need inter-state data sharing when you have to register the newly-purchased car with the CA DMV and fill out the form saying you bought it inside or outside of CA.
I haven't seen it as much in WA, but I used to see a lot of Oregon plates on new vehicles in Northern California where I had reason to believe the driver was a resident of CA. I do know someone who was pulled over for driving like a Californian while having out of state plates, so there's some enforcement that way anyhow. (Changed several lanes from the fast lane to the exiting lane in a continuous motion)
> That loophole got closed once inter-state data sharing became possible and Oregon merchants were required to start collecting those out-of-state taxes at the point of sale.
Oregon merchants are not required to collect sales tax for any other jurisdictions outside of Oregon. And they don’t, any non Oregonian can go to any merchant in Oregon right now, and you will be charged the same as any other customer who lives in Oregon.
Also, it was never a loophole to buy things in Oregon to evade sales tax. All states with sales tax require their residents to remit use tax for any items brought into the state to make up the difference for any sales tax that would have been paid had it been purchased in their home state.
Avoiding taxes. It's different. It was always perfectly legal to travel to another state to buy something expensive and bring it back home. No crimes were committed.
It was a loophole that you could buy in Oregon specifically to avoid $1,000s in sales taxes.
> It was always perfectly legal to travel to another state to buy something expensive and bring it back home.
It was legal to do that. If it was purchased out of state with the intent of bringing it back home, then (assuming the home state was California) California use taxes were always owed on it. Other states with sales taxes also tend to have similarly-structured use taxes with rates similar to the sales tax rates.
They were legally avoiding sales taxes, but also illegally evading use taxes, and, moreover, there is very little reason for the former if you aren't also doing the latter, unless you just have some moral objection to your taxes being taken at the point of sale and the paperwork and remittance to the government being done by the retailer instead of being a burden you deal with yourself.
It was the same for WA, so you're right, this was always (illegal) tax evasion, not mere avoidance.
AFAIK it's not that Oregon changed anything, either. It's that Washington passed additional laws that require out-of-state merchants to collect the tax when selling to customers in WA, and said out-of-state merchants complied.
Prior to this ruling, if you were a merchant in state A and you mailed something to someone in State B, you were not considered to have an economic nexus in state B, and hence state B had no jurisdiction over you to enforce sales tax collection.
Previous definitions of economic nexus involved having physical buildings or employees operating within a jurisdiction's boundaries.
South Dakota v Wayfair said that mailing something to a customer established economic nexus in the customer's jurisdiction, hence the merchant now has to register as a business in the customer's jurisdiction and collect applicable sales taxes and follow all the laws of that jurisdiction.
The whole ruling is weird though, because the justification came down to it's messing up the order of things, and since Congress can't be bothered to fix it with legislation, the Courts have to make up stuff to prolong the status quo.
I think the point was that interstate data sharing closed the loophole on evading use-taxes. Now states report to each other about large purchases. It's no longer possible to buy a car or tractor in Oregon and never report the unpaid sales tax back to Washington or California. They will know.
I was addressing the debate that that prompted over whether the situation before that was tax evasion or mere tax avoidance, but yes, the point about interstate data sharing is what that tangent spun off from several posts upthread.
If you do not pay sales tax on items bought in neighboring states, you typically owe your state use tax on those items. Many people simply did not report these purchases however, and this is evasion.
The situation petcat described is tax evasion (illegal, since use tax is due in lieu of paying sales tax at point of purchase, assuming item is brought back to home state).
Tax avoidance is simply minimizing tax liability, completely legal.
You are correct, virtually every state has a law that says “If you buy something in another state and pay less sales tax than we charge, you owe us the sales tax we would’ve charged you.”
It’s called a ‘use tax’. In practice, nobody pays (personal) use tax, myself included.
So, all of those people going to Oregon to shop without sales tax and not paying use tax were technically breaking the law, not using a loophole. I’m not judging them, I don’t pay use tax either :)
Washington at least will refund sales tax paid for goods purchased in Washington for use exclusively outside of Washington if purchased by residents of US states and CA provinces with low sales taxes, if the forms are followed.
I understand it used to be possible to show ID in store and have sales tax not be applied, but now you need to submit receipts and etc.
Surprising how quickly everyone is expected to comply with these laws - within a week you're supposed to block what could be a portion of your user base?
Most areas of governance usually give years of preparation ahead of anything actually being enforced. This is so short-sighted.
>Surprising how quickly everyone is expected to comply with these laws - within a week you're supposed to block what could be a portion of your user base?
But the law was signed over a year ago[1]? The recent development was that the injunction blocking the bill from being implemented got struck down. I'm not sure what you'd expected here, that the courts delay lifting the injunction because of the sites that didn't bother complying with the law, because they thought they'd prevail in court?
This is the inevitable result of inconsistent privacy laws across jurisdictions. Instead of one clear federal standard, we get a patchwork of conflicting requirements.
Small companies can't afford legal teams to navigate 50 different state privacy laws. So they just block entire states rather than risk compliance violations.
This helps no one - not consumers who lose access to services, not businesses who lose customers, not states that wanted to protect their residents.
Might it be sufficient to dynamically block anyone that has a registered home address in Mississippi for their payment method? Most ISP's span multiple states.
Google have additional information about IP addresses that updates dynamically based on cell phone, wifi and other magic usage so maybe ask them if they have some javascript that queries their site for more specific city/state details. Also call Pornhub and ask how they were blocking specific states to meet legal requirements.
For the Bluesky ban, I'm not in Mississippi, but whatever IP Geolocation service they're use thinks I my home internet is in Mississippi. It's doubtless that lots of people inside Mississippi but near borders aren't being blocked, because that's just not a thing that's really possible.
If I were in Dreamwidth's shoes, I'd be very much concerned with minimizing legal exposure, not number of users excluded. At 10k/user*day, it's a reasonable choice to block as broadly as makes sense.
Tough for the neighbors, but nitpicking "resident" is not a good choice here.
IANAL but i don't think using a vpn matters...Because whether a user is using a vpn or otherwise or not, if the user is identified as from Mississippi, that would be the test for whether these guys would need to block or not. Like, if a user from Mississippi uses a vpn, and these guys don't know that and detect that this user's IP is from, say, Arkansas...how would they be held liable? Unless, i'm missing something, right?
The site is legally required to apply "commercially reasonable measures" to prevent the kind of access that this law is against. Whether that includes blocking accessing it over VPNs is anyone's guess.
NAL, but yes, I believe that it would still be a violation of the law. That said, laws aren't applied by robots and it's likely they would be given leniency if they could show they actually tried to respect the law.
If they make an honest attempt to comply and a small number of people using VPNs slip through the cracks, if they're ever reported, they'll likely be given a slap on the wrist at most. If they ignore the law or do some obvious half assed attempt to comply and thousands of Mississippi users are still using their site and they get reported, it's far less likely that a judge will be lenient.
I don’t see how, but the people trying to implement total control of speech, thought, and communication in America are a diabolical and crafty bunch that will likely try putting someone through the wringer for that one day.
The end game here is total control and awareness of who is saying what at any time, in order to allow those messages to be thwarted.
Yes to your first question, and no to the second question... the law says it must "primarily function" in that respect.
Putting a small jobs board on instagram would not make instagram "primarily function" as a job application website. LinkedIn is primarily a professional networking website - it qualifies.
Yeah the Wikipedia explanation has faulty grammar. I couldn't figure it out either.
My understanding is that this is similar to the law the UK passed recently except instead of verifying age of users for "adult" content, every platform needs to verify (and log) age of all users for all content?
Interesting, all I see is "403 Forbidden" when I open this website, and Im not even from the mentioned location's country! I guess might as well block everyone to avoid any possible future litigation.
> And because we're part of the organization suing Mississippi over it, and were explicitly named in the now-overturned preliminary injunction, we think the risk of the state deciding to engage in retaliatory prosecution while the full legal challenge continues to work its way through the courts is a lot higher than we're comfortable with
Since you can't really block all state IPs, but also since prosecution isn't bound by honesty, this retaliatory risk doesn't decrease much (though hard to assess precisely).
> On a completely unrelated note while I have you all here, have I mentioned lately that I really like ProtonVPN's service, privacy practices, and pricing?
Did your lawyer review this? Because you just committed a felony.
As an aside, it would be curious if deepening political polarization creates a trend of blocking IPs from specific states or regions for whatever reason... perhaps in such a scenario there would be interesting relations or comparisons between the digital and physical divides...
Same with UK's OSA: don't most governments already have the tools to block domains based on operator compliance with laws? What's wrong with that approach that leads to this kind of universal jurisdiction approach?
I leave my home computer network open to the public and now suddenly I'm liable to some random jurisdiction around the world because someone in that location decides to call my computer?
If hosting companies make this an easy block/choice it just becomes the CA cancer warning where everyone does it. Then everyone in Mississippi and locales that adopt this have to use a VPN.
IANAL, but there’s a question of reasonable burden. Not sure if that applies here, but it’s not unreasonable to say you simply don’t want to do business in a state where the regulations are cost prohibitive. Given they make a reasonable effort to not provide a service to MI, it’s not really on them to police people trying to circumvent a state’s local laws.
Pornhub and BlueSky have done similar in response to this legislation in Texas. Wikipedia and a few other sites blocked the UK to avoid being burdened by their Safety act. Pretty much every streaming platform implements regional geo blocking for licensing reasons.
I’ll be curious to see how things shake out in the long run given the current political climate.
For the record, Wikipedia has not (yet) blocked the UK. They are awaiting official classification by Ofcom of the Wikipedia website. However, the uncertainty is definitely vexing, and the direction this is going is truly worrying.
IANAL, but if the actual legislation did not either recommend or dictate which method would be either good or even considered valid for purposes of enactment of the law, would it then be subject to interpretation?
Also, for the enforcement agency who is/will be tasked with checking things out here...do they know whether geo-blocking is valid method or not? Its a silly law, don't get me wrong...but if its enforcement validation mechanisms are not up to snuff, i wonder how things will play out - both here in dreamwidth's case and other folks in a similar boat?
Is it insufficient? The law says they need to take commercially reasonable efforts to verify people's age in Mississippi. Geoblocking is a pretty commercially reasonable effort to identify who lives in Mississippi, and they don't provide service to those people.
> How is this vaguely sufficient to meet the legal requirements of the law?
It may not be, if the law can be applied to them.
OTOH, may be sufficient to make it illegal to apply the law to them in the first place. US states do not have unlimited jurisdiction to regulate conduct occurring outside of their borders, but they do have more ability to regulate conduct of entities intentionally doing business within their borders.
How can any website determine the location of a user that uses a VM inside an Azure/AWS/GCP data enter? My VM inside Azure WestUS2 geolocates somewhere in WA state…
An adult contracts with the ISP. The ISP provides unfiltered internet access to the adult. It is the adult who then chooses to provide access to adult, social, or otherwise-restricted websites to children. I don't see how this isn't obvious to any court.
>Unfortunately, the penalties for failing to comply with the Mississippi law are incredibly steep: fines of $10,000 per user from Mississippi who we don't have identity documents verifying age for, per incident -- which means every time someone from Mississippi loaded Dreamwidth, we'd potentially owe Mississippi $10,000. Even a single $10,000 fine would be rough for us, but the per-user, per-incident nature of the actual fine structure is an existential threat.
Reminds me of Silicon Valley. PiperChat has grossly violated COPPA as there was no parental consent form on the app leading to a 21 billion dollar fine: https://www.youtube.com/watch?v=N3zU7sV4bJE
Far from it. Australia is trying to age-block social media at the moment (we'll see what happens in december), the EU is likely to move on this stuff before long, lots of US states are doing it... it seems like it's the way of the future, one way or another.
Since some idiotic courts have ruled a website’s Terms of Service to be legally binding, why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
I’m not being glib. Honestly, why can’t I? There’s precedent for saying that’s unauthorized access, so the feds (not the state; “Interstate Commerce Clause” and all that) should prosecute the visitor for violating my ToS.
For the same reason a bars don't just ask people to sign a document saying they're 21 in lieu of an ID.
The laws are written in a way where the responsibility for enforcement falls on the operator of the business. In both cases, the business doesn't actually have to verify anything if they don't want to, but if it's found that they're allowing violations to happen, they will be held legally responsible.
> why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
So, I'm genuinely curious about this. Does the US not require any kind of territorial nexus in order for a jurisdiction's laws to apply to an individual? Can Texas criminalise abortions in New York, by New Yorkers, for New Yorkers? This seems very unlikely to me.
Under private international law, very generally speaking, you tend to require a nexus of some kind (otherwise, we'd all be breaking Uzbekistani laws constantly). I assume there must exist some kind of nexus requirement in US federal constitutional law too.
Assuming you have no presence, staff, offices, or users in a state, and you expressly ban that state in your T&C, why would that state's laws apply to you at all? You're not providing any services from or to that state, and in as far they can open your landing page, that's sort of like saying they can call your phone number. And in the absence of that state's laws applying at all, would not any requirements about geoblocking etc that may exist in those laws be moot?
(Usual risk calculus would seem to apply re over-zealous state prosecutors, etc.)
> Since some idiotic courts have ruled a website’s Terms of Service to be legally binding, why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
That would allow you, perhaps, to sue people from MS that used your site for violating the ToS (though, "some idiotic courts have ruled" does not mean "the courts which actually create binding precedent over those that would adjudicate your case have ruled...", so, be careful even there.) But that doesn't actually mean that, if someone from MS used your site and you took no further steps to prevent it you would not be liable to the extent that you did not comply with the age verification law.
> There’s precedent for saying that’s unauthorized access, so the feds (not the state; “Interstate Commerce Clause” and all that) should prosecute the visitor for violating my ToS.
Most things in interstate commerce, except where the feds have specifically excluded the states, are both federal and state jurisdiction, but neither the feds nor the state are obligated, even if applicable law exists which allows them to, to prosecute anyone for violating your ToS. You can (civilly) attempt to do so if you are bothered by it.
When will people understand geoblocking won’t save you? If a Mississippi user is on a VPN and they access your website you must still comply.
If you have a competitor, you can hire a bunch of Mississippians to access their website by VPN, collect evidence of them doing so, and then report them to have the shit fined out of them. It will pierce their corporate veil and leave them personally bankrupted, ending their website.
It is more than sufficient. The law doesn’t care about “Mississippi IPs”, the spirit of the law is if a person is accessing your website from Mississippi, you must verify their age, regardless of what path they are taking to reach it. Can’t verify where they are from? Then you just verify them anyway, you don’t get to just be lazy because you don’t know your user. If you don’t, there is a case that you are being negligent.
Not arguing for or against this law, but at some point if your site reaches a certain size that it is having a distortion effect on democracy or society in someway I'm going to want transparency and regulation.
You can't have it both ways. Tech oligarchy is just another road to fascism city.
I wonder if these state laws are at some point going to collide with Apple’s Private Relay service. It’s included with an iCloud subscription, and very easy to turn on, so I imagine Apple has way, way more users than a typical VPN provider. And they make no effort to ensure your exit node is in the same state as you are. A most it will keep the same “general location,” and there’s an option to let it use anything in the same country and time zone.
One thing that's interesting about these regional laws is that they all necessarily use geolocation, but the regional laws are jurisdiction-based. Geolocation is inaccurate in many circumstances and also just insufficient in some circumstances (VPN, near a state border, proxied requests, embedded content, etc.)
You think so? My state's supreme Court has interpreted our state constitution's freedom of expression clause even more broadly than the federal first amendment. It's hard to see how anything like that could survive judicial review here.
I see the larger objective as total control over all speech, thought, and information in more circuitous and pernicious ways than something in one of the poster-boys of “tyranny”.
This is just the start and the trial balloons. The enemy within is a bit nervous about this attack on the most fundamental freedom that the Constitution is protecting, free speech, but they’re also very confident in themselves.
it is just a new better Internet era - everybody to use VPN. Thanks to the conservatives for facilitating such a progress.
For example, these days in Russia awareness and usage of VPN is well beyond any normal country. With Facebook and IG for example blocked for Meta being officially branded an "extremist organization" (by the way Taliban was taken off that list recently, so what do you guys in Menlo Park are cooking what is worse than Taliban? May be some freedom of speech? :) people in Russia of all strata is still using it, now through VPN, many from mobile devices. The thing of note from USSR/Russia here is that habitual violation of unreasonable laws breeds wide disrespect for the system of law as a whole, and it i very hard to reverse the flow.
>True, but the next thing, will VPNs be forced to age verify eventually ?
it is like age verifying current generic access to the Internet. Sure, we'll come to this too (the anti-utopias aren't fiction, it is future :), yet we still don't verify such a generic access because it isn't the time yet, the society isn't yet totalitarian enough.
As a preview - in Russia (i'm less familiar with China to comment on it) they do already attack VPN by making it illegal to advertise it, something like this.
Russia is doing quite sophisticated technological enforcement, as well - even if you're running your own VPN server, you need something like V2Ray or Trojan to get through.
Now they also have their own paramilitary, better funded than most national armies. I'm afraid people have a very naive view of what life looked like for an average German resident in the late 1930s. Just because tanks aren't running down Main St, Normalville, USA doesn't mean we aren't treading in seriously dangerous waters just now. We are pushing past points of no return every day this continues.
Please don't comment like this on HN. We need everyone to avoid ideological flamebait and unkind swipes. Please take a moment to read the guidelines and make an effort to observe them in future.
Sometimes, often even, Dreamwidth can do the right thing like this. I fully support them in this fight and hope they win. But let's not pretend banning huge IP ranges for years at a time is new to them.
Dreamwidth has been at the forefront of banning large swaths of the internet. They started doing it years before anyone else. Before the for-profit corporate spidering of HTTP/S content even began causing issues. This is well trod territory and entirely familiar for them and their upstream network provider they like to blame their inability to fix it on.
Nah, not cloudflare. Just their upstream network provider (or so they say in support emails) and Dreamwidth's well established and long running practice of not caring that huge ranges of IPv4 are blocked from viewing any sites hosted on them. They do control the blocks but they have their tech support lie about it; as evidenced by this fine grain and specific blocking they're doing now re: Mississippi.
Our legal system is a shambles that is clearly not prepared to handle this kind of thing, even setting aside the situation with the supreme court. It's become clear that the "shadow law" of simply passing unconstitutional statutes, filing frivilous lawsuits, etc., is operating independently of the real legal system moves too slowly and does not have adequate mechanisms to prevent what is essentially a DDoS attack. All justice is delayed and so all justice is denied.
As a gun owner, I can confidently state that the continuous stream of unconstitutional laws that must be constantly fought against is no new development.
As a non-gun owner, I imagine that much comes down to what the founders meant by the opening clause of the Second Amendment. Since the Originalists claim to hold special insights into the frame of mind of the founders, and this way of thinking seems to be over-represented on the SCOTUS, I would think this a friendly environment for the issue you care about. That aside, isn’t that the way that U.S. political and justice systems are supposed to function? Representatives pass laws at the behest of their most vocal constituents. Then those of opposing ideologies petition the courts for relief or their representatives for repeal.
Seriously. Never mind when government agents wantonly violate the rights of a gun owner, and the main gun lobbying organization comes out with full-throated support of the government agents. For those that don't know, look up what happened to Kenneth Walker.
> passing unconstitutional statutes > independently of the real legal system
The former is literally the real legal system, nothing shadow about it. Shadow would be some hidden deal to drop charges or something.
It's also not DDOS when a huge part of what you call "real" is exactly the same, so not unwillingly overloaded but willingly complicit.
the real legal system is slow by design, to carefully review cases and ensure fairness. It should also be based on good faith. The vulnerability comes from one bad faith party flooding the system with bad faith cases and appeals (as trump is doing). Even when he fails, the process becomes the punishment for the opposing side (journalists, political opponents...). When he wins, he wins.
> The vulnerability comes from one bad faith party flooding the system with bad faith cases and appeals
No, this is literally a "both sides" issue. Lawfare is not new. See the continuous legal battles over the second amendment in states like NY, NJ, and CA.
i was not aware of Biden or Democrat presidents filing personal lawsuits against journalists and politcal opponents...
Just last week a New York intermediate appellate court overturned the $500 million fraud judgment against Trump: https://www.politico.com/news/2025/08/21/new-york-civil-frau.... Yes, it wasn't brought by Biden--but it was brought by an elected Democrat Attorney General who campaigned on "going after Trump." Note that, out of the five judge panel, three would have overturned the underlying conviction, while two would have granted a new trial, and one would have thrown the case out entirely:
> Two other judges, John Higgitt and Llinét Rosado, said James had the authority to bring the case but argued for giving Trump a new trial. And the fifth judge, Justice David Friedman, argued to throw out the case, saying James lacked the authority to bring it.
> Yes, it wasn't brought by Biden
Isn't that the crux of the matter? You have a (crypto)billionaire president using his presidential powers and personal wealth to start frivolous lawsuit to shut down his opponents. If that doesn't worry you I really don't know what to tell you.
It was brought by the elected Attorney General of New York, in furtherance of a promise to voters to pursue unspecified legal actions against the leader of the other party. I don't like lawfare, but I've come to the conclusion that the only proper response to norm violations is a 10x counter-response.
> I've come to the conclusion that the only proper response to norm violations is a 10x counter-response.
That may be true --- or even a 100x response. But the thing is that a 100x (and probably even a 10x) response to many of these norm violations would take us well beyond the entire realm of lawfare. A 10x response would be at least "ignore everything the entire federal court system says because it's irredeemably corrupted", if not actual armed resistance.
Even going back well before Trump, norm violations like McConnell holding Scalia's seat open already made it clear that the Supreme Court was no longer a meaningful institution (if it ever had been). I don't mean I didn't like some of their decisions. I mean the entire thing is a meaningless charade, 24 hours a day, 7 days a week, 365 days a year and 366 in leap years. And that is just one example. The level of "counter-response" required to recover from the norm violations we've had over the last 10-20 years requires an overhaul to the very foundations of our system of government.
The case was based on Trump's former attorney mentioning criminal acts his client had done -- it was an attempt to hold Trump accountable for those crimes.
The reason a democrat would be involved in such prosecution is because every GOP member has effectively sworn fealty to Trump and they will fiercely protect him from any accountability.
Biden was many things, but not corrupt in the sense that Trump is. Yes, his son did business trading on his relationship but that was legal (albeit distasteful).
Most dem voters dislike corruption, even if it's one of their team; I don't see that on the other side of the aisle. Disclaimer: I am not a dem.
The link above is about the New York civil case.
If you're talking about the criminal case, it's even worse, as CNN's chief legal correspondent explained: https://nymag.com/intelligencer/article/trump-was-convicted-... ("Most importantly, the DA's charges against Trump push the outer boundaries of the law and due process."). Or, as an MSNBC legal columnist explained: https://www.msnbc.com/opinion/msnbc-opinion/trump-guilty-hus... ("Most DAs wouldn’t have pursued this case against Trump. Alvin Bragg got lucky. Let’s be honest with each other. Manhattan District Attorney Alvin Bragg’s case against former President Donald Trump was convoluted.").
You could write an entire Harvard law review issue about the novel legal issues raised by the Trump criminal case: Can a state crime be predicted on an uncharged federal campaign finance violation? can someone violate campaign finance law--which is focused on preventing candidates from misusing donated funds--by using their own money to pay off a porn star? Can you bootstrap a misdemeanor into a felony through a triple-bank-shot involving an uncharged secondary crime and a choice of three possible tertiary crimes? When you prosecute someone for a business records misdemeanor, but almost all the allegedly bad conduct relates to unspecified secondary and tertiary crimes, how do you instruct the jury? When you give the jury three different options of uncharged tertiary crimes to support the uncharged secondary crime, which in turn supports the charged primary crime, on what points must the jury reach a unanimous decision?
Google's and Apple's "Double Irish with a Dutch Sandwich" was a more straightforward legal theory than the Trump criminal case.
In the interest of avoiding partisan squabbling on HN, I'm going to state the following and let you walk away feeling like you "won" this debate:
So congratulations! You are right and I am wrong and I'm so sorry to bother you with my clearly not-Trump-loving observations.> 1. Trump is the epitome of a corrupt pol and has pretty much gotten away with everything his entire life. > 2. Prosecuting him was not in the form of of attacking a rival, it was addressing issue #1
You're correct about (2), and that's the problem! A criminal case that relies on an uncharged secondary crime, which in turn relies on one of three uncharged tertiary crimes, to bootstrap a primary misdemeanor into a felony must stand on its own. Uncharged, unproven past conduct is irrelevant.
> magic of Trump is that his supporters (which apparently you are one of)
My wife and I are Fed Soc members, but we like the Georgetown cocktail parties and voted for Biden in 2020! We weren't going to vote in 2024 until the Trump criminal conviction. It was literally radicalizing. My wife used to loathe Trump, but she drove up to Pennsylvania to volunteer for his campaign after that conviction came down.
Fed Soc, eh? I'm shocked you'd consider Biden as everything I see about the org is as a right wing networking club, culminating in ownership of SCOTUS. I know about Leonard Leo and his goals. You must be so excited to know that his hard work has paid off.
The 6 members of SCOTUS who are of your ilk are the exact enablers of our subject of discussion.
And yet you dodge #1. How artful. Now I know that you've not been engaging in good faith, either intentionally or just how Fed Soc taught you.
What specifically do you disagree with in his posts? You can not like Trump and agree that it was a horrible legal case, as the sources he linked obviously do.
Another example is the Mackey case, where the appeals court unanimously overturned the entire conviction, attacking both the legal reasoning and the evidence underlying the entire case. It’s pretty clear the whole thing was cooked up to “get” an influential pro-Trump Twitter user. See: https://ww3.ca2.uscourts.gov/decisions/isysquery/5d7bf858-ff...
What specifically do you disagree with about my point that he's corrupt to the core and has never been held accountable?
The legal system bends to those in power and "justice" occasionally makes an appearance.
Meanwhile the DOJ has been weaponized to serve as the president's personal attack dogs and the entirety of the federal workforce is being staffed with only those who swear fealty to Trump, rather than the constitution and what it stands for.
IANAL, and I'm not equipped to review whatever legal fancy footwork is involved, but I am 100% confident that the Biden admin was as stand up as could be hoped for (i.e., flawed but not devoid of principles), and that Trump has only these principles:
He makes GWB look great by comparison.What rubs salt into the wound is that tens of millions of my fellow citizens literally worship him as a gift from God and will defend him to the end. Watching democracy die before my eyes is beyond heartbreaking.
I am not making any argument about his corruption or lack thereof. We're talking about two specific very bad legal cases using novel legal theories that should have never been brought, with people like CNN's legal correspondent agreeing, not Trump fanactics.
"Trump corrupt" !=> "this case was sound."
I also provided an example of the Mackey case, where the DoJ was weaponized to go after Trump supporters on Twitter.
But that is the problem. It's pointless to talk about the details of individual cases when the entire system is 100% broken. It's like arguing about what color shoes match your shirt when you're running from a burning house.
You keep using that word. I do not think it means what you think it means.
I don't like the twitter case and think it was a mistake. Not as bad as the case that drove Aaron Swartz to suicide (under the Obama admin).
But to lecture on the propriety of the prosecution and declare that it was "weaponized" is a stretch. The feds have made plenty of bad decisions across both sides of the aisle, and their intentions should always be worthy of scrutiny.
The DOJ (and every other federal agency) is being gutted of anyone who does not swear fealty to Donald Trump (the person, not the office) -- that's weaponization.
I'm happy to call out each and every mistake the Biden admin does, but it's almost quaint in comparison to what his successor is doing. We've moved well past the "both sides" debate -- what is happening now is fascism and un-American to it's core. So yeah, boo hoo about the twitter case.
This continues to make little sense since you continue to ignore that a big % of your made up "real" part of the system also constitutes a part of the bad faith party!
> It should also be based on good faith
Setting the wishes aside, it isn't, the judges easily act in bad faith when it suits them, so this also doesn't explain much.
Neither is it "designed" to take bad faith at face value, again, to be specific - just read the Supreme Court case about this law. The flood/design explain nothing: it would've been just as easy to block the implementation of what the court itself says is an unconstitutional law (see, no "good faith" basis required) and then don't even review it fully because the court has no time (see, the flood can flow in either direction)...
> the real legal system is slow by design, to carefully review cases and ensure fairness. It should also be based on good faith.
It isn't, and it isn't designed to be based on good faith or good faith actors.
https://en.wikipedia.org/wiki/Good_faith#Law
there are many many resources online you can find on the matter
That is specifically limited to contract law (a subset of civil law) which is quite distinct from criminal law.
Contract law requires many things, including "a meeting of minds"; that does not imply that all civil lawsuits and criminal hearings require "a meeting of minds".
See https://en.wikipedia.org/wiki/Good_faith_(law)
There are many resources online you can find on the matter.
> That is specifically limited to contract law
That is false, and the wiki paragraph does not say that
https://www.law.cornell.edu/rules/frcp/rule_11
> quite distinct from criminal law.
Trumps frivolous lawsuits have been civil matters, which is obviouos because private persons do not file criminal lawsuits, prosecutors do that.
> That is false, and the wiki paragraph does not say that
Are you sure? This is the first sentence of my link: https://en.wikipedia.org/wiki/Good_faith_(law)
> In contract law, the implied covenant of good faith and fair dealing is a general presumption that the parties to a contract will deal with each other honestly, fairly, and in good faith, so as to not destroy the right of the other party or parties to receive the benefits of the contract.
This is the first sentence of your original link: https://en.wikipedia.org/wiki/Good_faith#Law
> In law, bona fides denotes the mental and moral states of honesty and conviction regarding either the truth or the falsity of a proposition, or of a body of opinion;
There is nothing in there that supports the assertion:
> It [the legal system] should also be based on good faith.
Any legal system based on good faith will fall over in its very first year of operation. They are usually designed to be resilient to bad faith actors. The problem (which you seem to be alluding to) is that, by design, the system errs on the side of caution.
In order to actually be punished for barratry, for example, there needs to be evidence beyond reasonable doubt. Any doubt as to the bad-faith intention and the system will not proceed with punitive measures.
And that's just for barratry - the other sins that people perpetrate on the system have equally cautionary consequential actions taken.
> flooding the system with bad faith cases and appeals (as trump is doing).
Trump is winning most of these fights in the appellate courts and the Supreme Court. Activist groups are flooding the system with a bunch of weak cases, getting weak, poorly reasoned district court rulings, then getting overturned on appeal.
But all of those results are meaningless on both sides, because the entire federal judiciary is not genuinely in the business of doing justice.
I feel like you're unfamiliar with the Supreme Court rulings, which are almost unilaterally terrible. The Court has made some very torturous interpretations of procedure and precedent to justify rubber-stamping operations that even the conservative justices will admit are unconstitutional, preferring to instead punt the issue and allow the harm to continue, completely circumventing the merits of the cases. Several of the recent shadow docket decisions regarding injunctions have brought up the equities of the suits in question, making the bizarre claim that enjoining the Executive Branch from doing whatever it wants pending a full trial harms it in greater proportion than the harms being actually inflicted on ordinary people.
> Activist groups are flooding the system with a bunch of weak cases, getting weak, poorly reasoned district court rulings, then getting overturned on appeal.
Trump's > 90% success rate at the Supreme Court should be read as an indictment of the Supreme Court, not of the lower courts.
> I feel like you're unfamiliar with the Supreme Court rulings
I feel like you are unfamiliar with who you are replying to. That doesn't make it any less amusing.
I am unfamiliar with who I'm replying to, but I don't really care; are they some sort of legal expert? If so, I'd expect them to understand that recent decisions such as Trump v. Casa and McMahon v. New York are pretty flimsy.
> are they some sort of legal expert
Yes.
> If so, I'd expect them to understand that recent decisions such as Trump v. Casa and McMahon v. New York are pretty flimsy.
That's what makes it extra interesting.
Well in that case, that is amusing.
What makes you say Trump v. Casa is “flimsy?” The Supreme Court addressed injunctions against the executive in Marbury in 1803. Wikipedia’s write up cites scholars that say federal courts issued between 0 and a dozen nationwide injunctions in the first 175 years of the republic: https://en.wikipedia.org/wiki/Nationwide_injunction. The wikipedia write up is actually quite good on this.
McMahon v. New York is obviously correct. A preliminary injunction is an “extraordinary and drastic” remedy requiring a showing that the plaintiff is likely to succeed in the merits: https://www.justice.gov/archives/jm/civil-resource-manual-21.... The argument that federal courts can supervise a reduction in force where the individual firings aren’t themselves illegal (e.g. race based) is a tenuous argument. Besides, what’s the irreparable harm? Being fired is one of the classic examples of something that can be remedied by after a trial with reinstatement and backpay.
For Trump v. Casa, I'm going to set aside the argument that "nationwide injunctions are bad" because it's not really relevant here. The court has had plenty of opportunities to shut down nationwide injunctions, 14 during the Biden administration according to your linked Wikipedia article, and I think you need to consider what it means that the court only now decides to close that door during this administration and this case, specifically.
With regards to McMahon v. New York, what makes you think that the plaintiff is unlikely to succeed in the merits? The court can absolutely take into consideration the intent of the Trump administration and McMahon as his secretary to illegally shutter the Department of Education. On the one hand, you have the executive branch's ability to oversee a reduction in force; on the other, you have the executive reducing force as an end-run around the duty charged to them by law. If the "unitary executive theory" means that the executive can discharge duties they are bound by law to execute, then the Constitution is meaningless (as Sotomayor cites at the very beginning of her dissent, Article 2 section 3 charges the President to "take Care that the Laws be faithfully executed"). Your argument that irreparable harm extends only to the staff being fired is also naively narrow; the states brought the suit, not the staff of the DoEd. The states argue--correctly--that if the Department cannot carry out its duties, then a vast array of students and teachers that rely on services funded or administered by the DoEd would be harmed. It seems batshit to argue that the harms done to the executive by temporarily curtailing that power outweigh the harms that will be done to an uncertain but certainly vast number of people in the interim. It's worth noting that, in this case, providing relief simply means that the government must maintain the status quo for a few months or however long it takes for the case to work through the courts. Restoring someone's job with back pay is sufficient when one person is fired. It is not sufficient when the executive has eliminated 50% of a statutorily-mandated department of the federal government with an eye to cut more.
> I feel like you're unfamiliar with the Supreme Court rulings, which are almost unilaterally terrible.
On the law, the rulings are correct. Article II, Section 2, cl. 1: "The executive Power shall be vested in a President of the United States of America." QED. The contrary "precedents" were ginned up to support Woodrow Wilson's racist fever-dream of an executive run by "expert" civil servants instead of the elected President: https://ballotpedia.org/%22The_Study_of_Administration%22_by.... I remember sitting in Con Law class and reading these cases thinking how obviously wrong they all were. I couldn't even dream that we would ever be able to clean out this horse stable!
> preferring to instead punt the issue and allow the harm to continue, completely circumventing the merits of the cases.
That's because almost all of the rulings coming up to the Supreme Court were preliminary injunctions where the lower court made no determination of the merits.
> making the bizarre claim that enjoining the Executive Branch from doing whatever it wants pending a full trial harms it in greater proportion than the harms being actually inflicted on ordinary people.
Read Marbury v. Madison and look at how much ink Justice Marshall spends trying to avoid enjoining the Secretary of State to do something as ministerial as delivering an already-signed letter. He literally invented judicial review in an effort to avoid that result. Think about how Marshall's lengthy analysis of how courts can't enjoin discretionary actions of the President would apply to the sweeping injunctions being handed out these days.
> It's become clear that the "shadow law" of simply passing unconstitutional statutes
What makes you think the statute is "unconstitutional?" The Supreme Court hasn't tackled the issue directly, but it upheld a law requiring libraries to install blocking software to restrict access to websites for children: https://en.wikipedia.org/wiki/United_States_v._American_Libr.... Remember that, prior to the reinterpretation of the First Amendment in the mid-20th century, the "obscenity" carve-out was broad enough to outright ban things like pornography, much less allowing access to children.
That said, I suspect that the law is probably unconstitutional, insofar as it's targets at a type of speech (social media) that doesn't fall within any of the traditional exceptions. I don't think the "under 18" rationale holds when you're talking about content that traditionally hasn't been prohibited to children.
Regardless, this isn't an instance of the state blatantly violating some clear Supreme Court precedent. (And even that's okay if you have a good-faith basis for challenging the precedent! That's how impact litigation often works.)
What makes you think the current Supreme Court has any interest in upholding the constitution?
The bigger issue though is what makes any of us think that upholding the constitution is upholding justice, right, or any such substantive ideals?
the comparison to a DDoS attack is very clever. Also in regards to the "muzzle velocity" strategy of Trump/Bannon
How does DDOS explain the fact the the Supreme Court didn't deny service, but simply decided not to block an unconstitutional law?
I dont think OP was referring only to this singular event, this is just a "request" in a much wider DDOS attack.
Not blocking an unconstitutional law _is_ denial of service by the Supreme Court (although DDoS referred to more than that).
Between this and the UK Online Safety Bill, how are people meant to keep track?
Launch a small website and commit a felony in 7 states and 13 countries.
I wouldn't have known about the Mississippi bill unless I'd read this. How are we have to know?
Any physical business has to deal with 100s of regulations too, it just means the same culture of making it extremely difficult and expensive to do anything at all is now coming to the online world as well, bit by bit.
If you have a restaurant in Italy and some 18 year old from Mississippi orders a glass of wine - you can happily and lawfully serve it.
You don’t need to know all the laws of Mississippi to serve such customer, or any laws from anywhere else other than Italy.
If you ship the wine to the US things are different though.
And if you don't do business in the US there is only so much the US can do. Most importantly it can ask ISPs in the US to block your site. As they do for copyright infringement routinely.
We have all accepted that our countries block copyright violations originating from outside their jurisdiction.
But of course this is a disaster for the free internet. While copyright laws are relatively uniform world wide, so if you respect it locally you're probably mostly fine everywhere, incoming regulation like age verification and limits on social media use, or harassment stuff, is anything but uniform.
To some degree this is also maybe more shocking to people in the US, as the US norms have de facto been the internets norms so far. It is, in any case, not entirely new:
"When Germany came after BME for "endangering the youth" and demanded that I make changes to the site to comply with German law, my response was to simply not visit Germany again (and I'm a German citizen). When the US started to pressure us, we moved all of our servers and presence out of the country and backed off on plans to live in the US. No changes were ever made to the site, and no images were ever removed — if anything, the pressure made me push those areas even more."
https://en.m.wikipedia.org/wiki/BMEzine
How do we deal with the fact that we don't have a global mechanism for agreeing (socially and legally) on necessary regulations, whilemaintaining the social good that is a truly global internet?
> And if you don't do business in the US there is only so much the US can do.
They can order overflights to land to arrest you, if they so desire. They can also block you from the more-or-less all legitimate commerce globally with sanctions. And if they really don't like you, they can kill you without due process.
All of which the US has done to undesirables over the years, and can do again without any controls or checks or balances, to anyone globally.
> You don’t need to know all the laws of Mississippi to serve such customer, or any laws from anywhere else other than Italy.
Except that in this case it's more like applying state sales taxes to online purchases. That has been a thing for years at this point.
If you offered them a place to do leverage trading, you would be getting extradited to the US. Failure to do your KyC is no excuse.
Be careful what you put in that menu.
how would US jurisdiction be able to affect an Italian website that does not require ID for Missisipi residents?
It wouldn't unless the US is willing to justify having their domestic companies fall under the jurisdiction of other countries. Geopolitical reciprocity is still alive an well as the US is starting to find out.
Yes, because that customer is also in Italy, so Italian law also applies to them.
With the internet it's a lot less clear cut. The user is requesting data from Italy, maybe, but is located in another jurisdiction. Add Cloudflare and the data might even be served from the US by a US company you asked to serve your illegal data.
It's becoming a shit show and is breaking up the global internet.
User or customer? That's quite a difference. When I pay to have goods shipped there's an expectation of regulation that doesn't exist when I chat with someone on the phone. (Admittedly all the free product dumping by tech companies blurs the line.)
The current legal reality is a shitshow but I don't think that's inherent to the situation itself. gTLDs and foreign hosting services certainly complicate things, but then so does choosing to (physically) import supplies from abroad. I'm not convinced there's a real issue there at least in theory.
I think that a single "common carrier" type treaty unambiguously placing all burden on the speaker and absolving any liability arising from jurisdictional differences would likely fix 90% of the current issues. If I visit a foreign run site and lie about my country of residence in order to access material that isn't legal where I reside the only liable party in that scenario should be me.
Tbf the Italian restaurant would likely serve you wine if you were 14, and the owner is probably underreporting cash earnings to avoid taxes, and sells bootleg cigarettes without the tax seals from behind the counter...
Indeed - the same here in Spain. One gets used to certain classes of regulation being flaunted much more openly in Europe than they would be in the US.
Websites aren't necessarily businesses; they're speech.
A blog is speech, but I wouldn't say that deciding to operate a social media site is speech. That said, there are plenty of good reasons to oppose this law.
A social media site is speech (and/or press, but they are grouped together in the first amendment because they are lenses on the same fundamental right not crisply distinguishable ones); now, its well recognized that commercial speech is still subject to some regulations as commerce, but it is not something separate from speech.
I would disagree, for example section 230 reads "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." The content of the site is obviously speech/press, but the decision to operate the site doesn't seem like it is. Very possible I'm mistaken and there is case law to the contrary though, it's a nuanced argument either way
Not sure why you cite Section 230 as if it had anything to say about what is Constitutionally speech; other than inverting the relation between the Constitution and statute law, that is a pretty big misunderstanding of what Section 230 is (and the broader Communication Decency Act in which it was contained was) about.
> A social media site is speech (and/or press
I suppose this is what confused me then, as it seemed obvious that e.g. the Facebook reccomendation algorithm isn't speech, so if a social media site would be considered speech it would be due to the user content. Section 230 doesn't in any way supercede the constitution, but it does clarify which party is doing the speech and thus where the first ammendment would apply.
A lot of people want to conflate several things that shouldn't be conflated. To clarify:
* The First Amendment generally prohibits the government from enacting any laws or regulations that limit speech based on its content (anything you might reasonably call "moderation" would definitely fall into this category!).
* Private companies are not the government. Social media networks are therefore not obligated to follow the First Amendment. (Although there is a decent argument that Trump's social media network is a state actor here and is therefore constitutionally unable to, say, ban anybody from the network.)
* Recommendation algorithms of social media networks are protected speech of those companies. The government cannot generally enact a law that regulate these algorithms, and several courts have already struck down laws that attempted to do so.
* §230 means that user-generated speech is not treated as speech of these companies. This prevents you from winning a suit against them for hosting speech you think injures you (think things like defamation).
* §230 also eliminates the liability of these companies for their moderation or lack thereof.
There remains the interesting question as to whether or not companies can be held liable via their own speech that occurs as a result of the recommendation algorithms of user-generated content. This is somewhat difficult to see litigated because it seems everybody who tries to do a challenge case here instead tries to argue that §230 in its entirety is somehow wrong, and the court rather bluntly telling them that they're only interested in the narrow question doesn't seem to be able to get them to change tactics. (See e.g. the recent SCOTUS case which was thrown out essentially for this reason rather than deciding the question).
> Section 230 doesn't in any way supercede the constitution, but it does clarify which party is doing the speech
No, it immunizes certain parties from being held automatically liable (without separate proof that they knew of the content, as applies to mere distributors [0]), the "publisher or speaker" standard being the standard for such liability (known as publisher liability.)
It doesn't "clarify" (or have any bearing on) where the First Amendment would apply. (In fact, its only relevant when the First Amendment protection doesn't apply, since otherwise there would be no liability to address.)
[0] subsequent case law has also held that Section 230 has the effect of also insulating the parties it covers against distributor liability where that would otherwise apply, as well, but the language of the law was deliberately targeted at the basis for publisher liability.
So they are not the speaker for the purposes of liability, but they are the speaker for the purposes of first ammendment protections? That doesn't make sense to me, but it certaintly wouldn't be the most confusing law on the books and you seem to be more informed on the topic than me. Do you have any insight on how that dynamic would apply to something like The Pirate Bay? Intuitively on that basis, users uploading content would be liable, but taking down the site would be a violation of the operator's first ammendment rights.
> So they are not the speaker for the purposes of liability, but they are the speaker for the purposes of first ammendment protections?
People who are not “the speaker or publisher” for liability purposes have Constitutional first amendment free speech rights in their decision to interact with content, this includes distributors, consumers, people who otherwise have all the characteristics of a “speaker of publisher” but are statutorily relieved of liability as one so as to enable them to make certain editorial decisions over use generated content without instantly becoming fully liable for every bit of that content, etc., yeah.
And arguing the alternative is you making the exact inversion of statute and Constitution I predicted and which you denied, that is, thinking Section 230 could remove First Amendment coverage from something it would have covered without that enactment.
Speech isn't just shouting into the void; it's dialogue back and forth between two or more different people. Social media sites such as Hacker News and the WELL facilitate this, even when they aren't businesses, in much the same way as a dinner party or a church picnic does.
> Speech isn't just shouting into the void; it's dialogue back and forth between two or more different people.
In some cases this arises in US Constitutional law as the freedom of other people to seek and encounter the speech, though I'm not sure if there's a formal name for the idea. (e.g. "Freedom of Hearing".)
freedom of association
That usually gets used in more of a "you guys can't make a club together" sense, as opposed to "you aren't allowed to search for that keyword."
Sure, speech happens on and is facilitated by social media sites, but that doesn't imply that operating a social media site is a form of speech any more than operating a notebook factory is.
If having a dinner party at your house gets you busted by the police, you are not living in a liberal society. If notebook factories are under tight surveillance to ensure that their notebooks are serialized and tracked because bad people might use them to plot crimes, you are not living in a liberal society.
Conversely, if your restaurant is well known for hosting criminals plotting their next gig, it will be put under tight surveillance.
And if the police has reason to suspect that there is illegal gambling happening at your dinner party they can obtain a warrant to bust your party.
Hell even if your party is to loud and annoys the neighbours the police can and will shut it down.
I agree, there are better grounds to oppose such measures than "this violates the notebook factory owner's freedom of speech" though.
No, it violates the potential notebook buyers' freedom of speech. The factory owner's freedoms don't come into it.
Sounds like we are in agreement then, the root of this was
>A blog is speech, but I wouldn't say that deciding to operate a social media site is speech.
I agree in that narrow sense—but shutting down social media sites denies the sites' users their human right of expression, as well as other basic human rights*. The fact that the site operator doesn't necessarily suffer this harm† seems like an irrelevant distraction, and I have no idea why you brought it up, or why you keep repeating it, if you agree that the site users are being illegitimately harmed.
______
* See UDHR articles 12, 18, 19, and 20. This is not an issue limited to the provincial laws of one small country.
† Unless the site operators also use of the site, in which case they too do suffer it; this is in my experience virtually always the case with the noncommercial sites that it is most important to protect.
In the context of "Law requires age verification for social media sites" and "This is an example of the kinds of onerous regulations physical business owners have to comply with being forced on website operators", I took your comment that "Websites aren't necessarily businesses; they're speech." to mean that operating a social media website wasn't like operating a business because it's a form of speech.
I don't follow.
If social media sites are shut down but I am free to post my opinions on my personal blog site, how is my freedom of speech affected?
Did I not have freedom of speech before social media existed?
Is there an implication in freedom of speech that any speech facilitating service that can be offered must be allowed to operate? That's at least not obvious to me.
I echo what others said: There are good reasons to oppose all this, but blanket cries of "free speech" without any substance don't exactly help.
It sounds like you are falling into the sort of confusion that leads people to sometimes wonder if murder is actually wrong in a world where cancer and hunger exist.
On the contrary, you appear to be suffering the confusion that a service which facilitates a legally protected activity cannot be regulated, interfered with, or discontinued in the general case. Typically only targeted, motivated interference would constitute a violation.
Shutting down a notebook factory for dodging sales tax is not a violation of the rights of would-be purchasers.
I am fairly sure I am not confused. Instead I believe the post I am replying to didn't actually advance a coherent argument, but just appealed to emotions.
I am not sure that I have ever encountered anyone confused in the way you describe either...
> Any physical business
Websites don't have to be a business or be related to one.
But the jurisdiction is obvious, and it doesn't change just because someone from Mississippi walked in.
Right. But if I open a physical business I only need to abide by the laws of that state. This is definitely an order of magnitude more regulation to deal with.
But yeah, this definitely sounds like a business opportunity for services or hosts.
> definitely sounds like a business opportunity for services or hosts.
Capitalism at its best. We have a definite problem with over-regulation and a judicial system that isn't coping nor keeping up. Capitalism, instead of fixing the problem, makes a business model out of it.
Capitalism: Why fix it when you can make money of it.
Probably an area for Cloudflare to offer it as a service. Content type X, blocked in [locales]. Advertised as a liability mitigation.
Closely followed by the BETTERID act in response to sites using substandard identity providers, a set of stringent compliance requirements to ensure the compliant collection and storage of verification documentation requiring annual certification by an approved auditing agency who must provide evidence of controls in place to ensure [...]
Regulatory capture in real time!
>Regulatory capture in real time!
What would you have preferred? Of course you'd prefer if the law never existed in the first place, but I don't see having a third party auditor verify compliance is any worse than say, letting the government audit it. We don't think it's "regulatory capture" to let private firms audit companies' books, for instance.
it's regulatory capture if there's an oligopoly of audit firms.
it's regulatory capture if a cartel of ID verification companies are lobbying for specific requirements that lock out upstart competitors.
Hopefully data centers will be built in more free states. If I live in California, and run a server in California that responds to requests coming from an ISP in California, at what point do I become subject to Mississippi law that I never had a chance to vote for?
If anything, communications between Mississippi and California would be interstate commerce and would thus fall under federal legal jurisdiction.
Don't count on sensible, well established laws from the past applying in the near future.
While I'm not trying to argue for or against any particular law in this comment, California is far from a "free state" in terms of internet laws.
If I run a server in Utah primarily for myself, and you as a Californian happen to stumble upon it, should I have to abide by California privacy laws?
https://termly.io/resources/articles/ccpa-vs-cpra/#who-must-...
> should I have to abide by California privacy laws?
It seems these are the conditions:
As of January 1, 2023, your business must comply with both the CCPA and the CPRA if you do business in California and meet any one of the following conditions:
* Earned $25 million in gross annual revenue as of January 1 from the previous calendar year
* Annually buys, sells, or shares the personal information of 100,000 or more California consumers or households
* Derived 50% or more of your gross annual revenue from the selling or sharing of personal information
Also lots of states have their own data privacy laws.
https://iapp.org/media/pdf/resource_center/State_Comp_Privac...
I wasn't trying to suggest California was alone with such laws. Only pointing out they do indeed have internet laws that cross state boundaries, far from the "free state" suggested by the parent comment. Lots of states have such laws, and I generally do agree such things are good.
And yes, in this particular circumstance for this specific law as currently written a private blog doing it's own normal things probably wouldn't infringe or be subject to these rules.
But what about a Utah focused social media site that does have $25M in revenue? It's not trying to court California users. Why should they have to be liable to laws in a state they never intended to do business in? It's these Californians leaving California to interact with an org across state lines. Whatever happened to state sovereignty? Should an Oklahoman be required to buy only 3.2% beer in Texas as well or have some Texas beer and wine shop face the wrath of Oklahoma courts for serving an Okie some real beer?
Where did that web transaction actually happen? On the client or on the server? Where did the data actually get stored and processed?
IMO we're past the time of patchwork laws. The social experiment of figuring out what makes some sense is largely over at least for the basics. It's time for real federal privacy laws to make a real, enforceable nationwide policy.
Not a lawyer but I think that if none of your users are from California then nobody would have standing to sue you.
Yes, but that would require a preemptive blocking strategy in actual practice.
> It's not trying to court California users.
The point that is being made, is that even a site generally designed and expected to be used by Utah citizens can become liable to Californian law because a Californian created an account.
Just as with "over 18" banners, I expect that if all users self-certify as being non-californians the law won't apply to you. And that seems perfectly reasonable to me. Perhaps with the exception that I also think that a modal banner to the effect of "you acknowledge that you are now doing business in Utah" also ought to suffice.
If you actually sell things to Californians that's different. At that point, yeah, I think you _should_ be subject to California law. You're doing the equivalent of mail order business with a resident after all.
I'm not soliciting legal advice, not looking for an opinion on how things are today but asking how we think society and laws should be overall.
If I operate a healthcare facility in New Mexico and a Texan comes in asking an addition, should I be liable to Texas abortion laws? Should they be held liable for an abortion that happened out of the state?
More to the point, why would anyone outside of Mississippi need to comply? What legal grounds do they have to dictate what other people do outside of their state?
I worry that as a mastodon server operator I could be found guilty of violating their state law and if one day I decide to visit or transit in the state I could be punished say by arrest.
Same goes for other countries as well. It’s insane.
you could even be extradited to Mississippi by another state, depending on how friendly they are and how much they want you.
At least in my country you can appeal your extradition on the basis of human rights.
Oh, the EU is also coming with an age verification requirement through the Digital Safety Act
Australia is too
> Between this and the UK Online Safety Bill, how are people meant to keep track?
At this point, I almost welcome all these laws. The more they restrict us, the more potential felons, but they can't fine and put us all in jail, no? Chronic over-legislation will crush from its own weight.
That said, like the saying of markets staying irrational longer than people can afford to, the realistic outcome is that bureaucracy will survive longer than a functioning society. Legislation will continue until morale improves.
This is where it goes wrong. It will be selectively applied. The worst.
It's just wrong and it breaks the internet. We had it so good for so little.
>Chronic over-legislation will crush from its own weight.
Ideally, yes. I think the reality however will be that most "perpetrators" will be ignored, and anything else will be easy wins and collateral damage to small site operators that these regulators to happen to notice.
i feel like it will just result in discriminatory policing
Its things like this that make me want the internet excluded from all legal systems as extra territorial. There should be no laws governing the internet. Almost uniformly they are stupid. The most success law enforcement gets out of capturing pedos is setting up honeytraps anyway.
"When catapults are outlawed, only outlaws will have catapults."
Welcome back to the 90s and the PGP, Clipper chip, warez, and DeCSS days.
At some point, they will have outlawed enough things that most people want, that most people will become outlaws.
I would argue privacy laws are good. But I do think laws that apply to the internet in the US should only come at a federal level. That would help with uniformity.
> how are people meant to keep track?
Individuals are not meant to keep track, they're meant to leave the ecosystem. These types of bills are the end product of the process of regulatory capture by the corpos.
Corpos create centralized watering holes that are magnets for social problems, offering low effort service and very little accountability for early users. Corpos then nurture these uses because they drive engagement, and at the early stage any usage is good usage. When the wider public catches on and starts complaining, corpos then cast it as outside meddling and reject addressing the problems they're facilitating, as curation at scale would cost too much. Corpos then become a straightforwardly legible target for politicians to assert control over, demanding some kind of regulation of the problem. Corpos then lobby to make sure such laws are compatible with their business - like simply having to hire more bureaucrats to do compliance (which is the sine-qua-non of a corpo, in the first place). The last few steps can repeat a few cycles as legislation fails to work. But however long it takes, independent individual hosters/users are always left out of those discussions - being shunned by the politicians (individuals are hard to regulate at scale) and the corpos (individuals turn into startups, ie competition). Rinse and repeat.
Check your local laws and make sure never to travel outside your current state.
States should come together with their neighboring states to start passing identical model legislation for this sort of stuff, if we don’t have unity across the country. It could be easy and voluntary for the states to do.
The US doesn’t have 50 different cultures with totally different values, but probably has like… 7.
> States should come together with their neighboring states to start passing identical model legislation for this sort of stuff...
Yes! Make a union of states! How should we call that? States Union... Union of States... United States! Yeah, that should work.
Getting ~340M people to agree on anything is too hard, and now a good chunk of us seem to think the government can’t do anything productive at all. IMO, it would be nice to have an in between layer to do bigger things.
Sure. But the idea was to have neighboring states pass matching laws. Oregon borders Washington. Washington borders Idaho. Idaho borders Montana…etc.
At some point it makes more sense to pass such a law at the federal level since we end up there eventually either way.
Ok, sorry for the poor writing. I mean states could form informal groups with likeminded states. So, the northeast could all pass the same law, the pacific coast, Texas and friends, wherever else.
Expecting laws to instead propagate from neighbor to neighbor as I accidentally suggested—this wasn’t what I meant to suggest, but in defense of the idea:
> At some point it makes more sense to pass such a law at the federal level since we end up there eventually either way.
I do think there still could be some value. Laws could propagate across states that are more receptive to them, and then people can see if they work or not. Porting Masshealth to the whole country at once seems to have been a little bumpy. If it has instead been rolled out to the rest of New England, NY, then down to Pennsylvania… might have gone a little smoother.
So basically fallout style commonwealthes?
Probably not? I didn’t play it but I don’t think anybody would target a postapocalyptic fiction setting as a goal.
More like: look at the EU, extrapolate how it would look after a little more unification, and then take advantage of the fact that we’re made up of small states already that can group ourselves up as fits. Germany and France seem all-right, so we should organize ourselves into Germany and France size units.
Who says you have to have 340 million people agree? Congress's approval rating hovers around 20% for years and years— they haven't been interested in the will of the people for a long time.
They wouldn't be "united" in many things though.
Sounds more like a... Confederation? of states. Or maybe... a Confederacy?
The US would make a lot more sense if it split up between two or three different countries. There's a lot of stuff in US politics which people feel strongest about but are absolutely mutually exclusive.
I think it's going to happen one way or another and the most peaceful way to do it would be sooner rather than later.
We’re better as one country, we just need a France or Germany sized organizational unit that can do interesting projects but is still small enough to be agile.
We tried that. It didn't go well for any involved.
At the time only side wanted to leave. That's no longer the case.
Vast parts of the US are not economically viable and basically propped up by blue states.
Not a great line of argument. Vast parts of the US are not food secure and are "basically propped up by" a conservative bread basket. Large portions of the agricultural industry are not economically viable without illegal immigrants. Much of the defense industry and military is populated by conservatives. Such examples are as numerous as they are irrelevant to sensible discussions of policy.
It seems relevant to the chain of comments they were responding to. They are disagreeing with the comment that says multiple states might want to split up the country now, by pointing out that some of them might not be economically viable if they did.
You’ve come up with more reasons not to split up the country, by pointing out some ways the other parts of the country might have trouble.
I think (correct me if I’m wrong) you disagree with the partisan jab at the end, not the actual line of argument.
Fair enough. Indeed I object to the partisan framing but I suppose there is a valid point to be made about the generalized case here.
I wasn't thinking carefully enough because I've grown accustomed to such lines of argument being simultaneously partisan and irrelevant.
Or Balkans?
This sounds great, until those states hate each other and want to get one over on the other one, even if they're ideologically aligned.
Source: am from Kansas City.
Yeah, increasing political tension--and not just any political tension, but political tension between states--doesn't seem good.
Historically speaking, the tension in this case (between Missouri and Kansas) is low.
No cities are on fire and there aren't raiding parties crossing the border.
This is true.
Source: am from St. Louis.
> The US doesn’t have 50 different cultures with totally different values...
Indeed. It has far more than that. The US is astonishingly diverse.
The US is astonishingly homogenous for its size and population. I'm not sure what possible metric you could use to claim otherwise?
Instead of just relying on your intuition, you can just look this up, because it's a well-studied question. One simple search is for "fractionalization". If you'd like me to save you the trouble, then, with respect to your claim here: no.
Ever spent any time in Houston, Los Angeles, Miami, San Jose, Casper, Traverse City, Nashville, New York, Buffalo, New Orleans, Cortez, Lubbock, Chicago, Salt Lake City, Minneapolis, Jackson, Boston, Seattle?
In your mind, are these all filled with people who look the same, sound the same, practice the same religion, immigrated from the same place?
Is there even such a thing as a "Mississippi IP?"
I.E. Are US ISPs, particularly big ones like Comcast, required to geolocate ISPs to the state where the person is actually in? What about mobile ones?
Where I live (not US), it is extremely common to get an IP that Maxmind geolocates to a region far from where you actually live.
You pretty much just plug the IP into a geolocating API and hope. There's nothing else to do. Any collateral damage is on the legislation, not any individual site or admin.
As you say, IP geolocation is unreliable. Unfortunately that's the only option. If it is technologically impossible to comply with the law, you just gotta do the best you can. If someone in MI gets a weird IP, there's absolutely nothing any third party can do. That's on the ISP for not allocating an appropriate IP or the legislators for being morons.
MI is Michigan.
Right, they might get an MS IP and be blocked :P
GeoIP services are not 100% accurate, but that doesn't mean they're completely useless.
The law in question requires "commercially reasonable efforts"
I wonder what is a "commercially reasonable effort" for a non-commercial website to collect, accurately verify, and securely store everyone's identity, location, and age?
Personally I'd say none at all, unless the government itself provides it as a free service, takes on all the liability, and makes it simple to use.
It also defines personally identifiable information as including "pseudonymous information when the information is used by a controller or processor in conjunction with additional information that reasonably links the information to an identified or identifiable individual." But it doesn't specify what it means by 'controller' or 'processor' either.
If a hobbyist just sets up a forum site, with no payment processor and no identified or identifiable information required, it would seem reasonable that the law should not apply. But I'm not a lawyer.
Clearly, however, attempting to comply with the law just in case, by requiring ID, would however then make it applicable, since that is personally identifiable information.
> I wonder what is a "commercially reasonable effort" for a non-commercial website to collect, accurately verify, and securely store everyone's identity, location, and age?
> Personally I'd say none at all, unless the government itself provides it as a free service, takes on all the liability, and makes it simple to use.
1. There are many commercial services that do identity verification. There are many other commercial websites that have tools to do identity verification themselves. There are industry published best practices for these types of activities. All of these are evidence that you could use to demonstrate how you are making a commercially reasonable effort.
2. It's completely irrelevant whether you consider your website "commercial" or not. The law defines which websites it applies to, based on the activities they engage in.
https://law.justia.com/codes/mississippi/title-45/chapter-38...
3. Since when does the government have to give you compliance tools for free in order to require something of you? This isn't the standard for anything anywhere. Compliance with the law is often quite expensive. Honestly, buying an identity verification service is pretty cheap in the spectrum of compliance costs.
> If a hobbyist just sets up a forum site, with no payment processor and no identified or identifiable information required, it would seem reasonable that the law should not apply. But I'm not a lawyer.
You don't have to guess whether or not this is reasonable or not. If you read the law, you'll see that it says it only applies to sites that collect personally identifiable information.
From the above link, again:
> "Digital service" means a website, an application, a program, or software that collects or processes personal identifying information with Internet connectivity.
> "Personal identifying information" means any information, including sensitive information, that is linked or reasonably linkable to an identified or identifiable individual. The term includes pseudonymous information when the information is used by a controller or processor in conjunction with additional information that reasonably links the information to an identified or identifiable individual. The term does not include deidentified information or publicly available information.
Worth noting that email is (or rather, may be) a PII, so having a comment box means you're processing PII.
Comments don't necessarily require email.
If this law singlehandedly manages to get registration emails replaced with an anonymous messaging alternative that would be quite the unexpected win.
Completely agree. If someone starts, says a whiskey tasting club, they can easily weed out minors by checking for a government issued ID at the door. It is free, scalable and provided by the government. If the government want hobbyists to do age verification online then they should provide a solution that is 100% free AND easy to implement.
Government IDs are not free or scalable. You need someone to check them. They also cost money to obtain.
You have conceded that sites with user-generated content should be age restricted. The question for the court is if a state can pass a law making that requirement.
Remember that massive surveillance capitalism apparatus that has been created for years? Now everyone must pay for it to legally comply with whatever arbitrary bullshit no matter how expensive the data becomes
The most popular GeoIP database has a free tier that would easily work for this. And there are many other options.
> The most popular GeoIP database has a free tier that would easily work for this
The free tier does have limits on the number of API calls can you can make. But the good news is you don't have to use their API. You can download the database [1] and do all the lookups locally without having to worry about going over their API limits.
It consists of 10 CSV files and is about 45 MB compressed, 380 MB uncompressed. For just identifying US states from IP address you just need 3 of the CSV files: a 207 MB file of IPv4 address information, a 120 MB file for IPv6, and a 6.7 MB file that lets you lookup by an ID that you find in one of the first two the information about the IP address location including state.
It's easy to write a script to turn this into an SQL database that just contains IP ranges and the corresponding state and then use that with sqlite or whatever network database you use internally from any of your stuff that needs this information.
If you don't actually need Geo IP in general and are only adding it in order to block specific states you can easily omit IPs that are not mapped to those states which would make it pretty small. The database has 3.4 million IPv4 address ranges, but only 5 359 of them are listed as being in Mississippi. There are 1.8 million address ranges in the IPv6 file, and 3 946 of them are listed as being in Mississippi.
Here's how to get the Mississippi ranges from the command line, although this is kind of slow--the 3rd line took 7.5 minutes on my M2 Mac Studio and the 4th took almost 4 minutes. A proper script or program would be a lot faster.
Also a proper script or program would be able to look specifically at the correct field when matching the ID from the locations file to the IP range lines. The commands above just hope that things that look like location IDs don't occur in other fields in the IP range files.My comment said "database" and not "API" :)
Also there is no need to spend time parsing it yourself, there are plenty of existing libraries you can simply point at the file.
> My comment said "database" and not "API" :)
Sure, but it is quite common for companies offering database access to offer that via an API to query the database on their server rather than letting customers download the whole database for local use.
It thus seemed worthwhile to make it clear that MaxMind does let you download the whole database.
As far as libraries go sure that's a possibility. But for people who just need a simple IP to country or IP to US state lookup and need that from a variety of languages it may be overall less annoying to make your own DB from the CSV files that just handles what you need and nothing more.
I've already got libraries for sqlite, MySQL, or both for every language I use where I need to do these lookups, and almost all the applications that need these lookups are already connecting to our databases. Add an IPv4_to_Country table to that database (that they are already using) and then it just a matter of doing a "select country_code from IPv4_to_Country where ip_low <= ? and ? <= ip_high" with the two '?'s replaced with the IP address we want to lookup, probably using a DB handle they already have open.
Many would find that a lot easier than adding a dependency on a 3rd party GeoIP library. Beside it being one more thing on each machine that needs periodic updating (or rather N more if you are working in N different languages on that machine), I believe that most of these libraries require you to have a copy of the download database on the local machine, so that's another thing you have to keep up to date on every server.
With the "make your own simple SQL DB" approach you just have to keep an up to date download from MaxMind on the machine that builds your SQL DB. After building the SQL DB you then just have to upload it to your one network DB server (e.g., your MySQL server) and all your apps that query that DB are up to date no matter what server they are on or what language they are in.
If you are building an sqlite DB for some of your apps, you do have to copy that to all the servers that contain such apps, so you don't totally escape having to do updates on those machines.
If making the SQL DB were hard then maybe reducing dependencies and reducing the number of things that need updates might not be worth it, but the CSV files are organized very sensibly. The scripts to make the SQL DBs are close to trivial if you've got a decent CSV parser in the language you are writing them in.
Exactly. No need to pay money to someone else for what's available for free(mium).
>Remember that massive surveillance capitalism apparatus that has been created for years? Now everyone must pay for it to legally comply with whatever arbitrary bullshit
Calling geoip databases "surveillance capitalism" seems like a stretch. It might be used by "surveillance capitalism", but you don't really have to surveil people to build a geoip database, only scrape RIR allocation records (all public, btw) and BGP routes, do ping tests, and parse geofeeds provided by providers. None of that is "surveillance capitalism" in any meaningful sense.
If selling the physical location information of users isn't surveillance capatalism, then the term doesn't mean anything. "We don't surveil people, we just try to find out where they live and sell that data"
If that's "surveillance capitalism", what's your opinion on databases that map phone numbers to locations? eg. when you get a phone call from 217-555-1234, and it shows "Springfield, IL"? Is that "surveillance capitalism"? That's basically all geoip databases are. Moreover there's plenty of non "surveillance capitalism" uses for geoip that make it questionable to call it "surveillance capitalism". Determining the region for a site, or automatically selecting the closest store, for instance. Before the advent of anycast CDNs, it was also basically the only way to route your visitors to the closest server.
Is there a single company out there making it's money selling access to an area code database? GeoIP databases are much higher resolution and use active scanning methods like ping timing. If a company was spam calling me to estimate distance based on call connection lag, yes that would be surveillance capitalism.
There are companies out there making money selling any kind of data you can imagine. A quick search shows dozens of companies offering this data for sale.
> Is there a single company out there making it's money selling access to an area code database? GeoIP databases are much higher resolution and use active scanning methods like ping timing. If a company was spam calling me to estimate distance based on call connection lag, yes that would be surveillance capitalism.
Phone number assignments are mostly public, you don't really need to pay for this information, but there are certainly those who will sell it to you.
Of course, phone numbers don't really tie you to a rate center anymore, but a rate center is often much more geographically specific than an address for a large ISP. What I've seen near me, is a rate center often ties the number to a specific community. Larger cities often have several rate centers, smaller cities may have their own or several small cities may have one. Of course, phone company wiring tends to ignore municipal boundaries.
On the other hand, most large ISPs tend to use a single IP pool for a metro area. Not all large providers do it that way, of course, and larger metro areas may be subdivided. You can't really ping time your way to better data there either, most of the last mile technology adds enough latency that you can't tell if the customer is near the aggregation point or far.
>Is there a single company out there making it's money selling access to an area code database?
So if someone is making money off of it it's suddenly "surveillance capitalism"? What makes it more or less "surveillance capitalism" compared to aws selling cloudfront to some ad company?
Moreover you can do better than area level code granularity. When landlines were more common and local number portability wasn't really a thing, can look at the CO number (second group) to figure out which town or neighborhood a phone number was from. Even if this was all information you could theoretically determine yourself, I'm sure there are companies that package up the data in a nice database for companies to use. In that case is that "surveillance capitalism"? Where's the "surveillance" aspect? It's not like you need to stalk anyone to figure out where a CO is located. That was just a property of the phone network.
>GeoIP databases are much higher resolution and use active scanning methods like ping timing. If a company was spam calling me to estimate distance based on call connection lag, yes that would be surveillance capitalism.
Why is the fact it's "active" or not a relevant factor in determining whether it's "surveillance capitalism" or not? Moreover spam calling people might be bad for other reasons, but it's not exactly "surveillance".
Surveillance definition "Systematic observation of places and people by visual, aural, electronic, photographic or other means." If you are pinging someone's IP to determine their physical location, you are engaged in a form of surveillance. If you have a copy of the table of area codes to city mapping, you are not engaged in surviellance. If you aren't trying to make money, you are not engaged in capitallism.
>Surveillance definition "Systematic observation of places and people by visual, aural, electronic, photographic or other means." If you are pinging someone's IP to determine their physical location, you are engaged in a form of surveillance.
Setting aside the problem with pinging home IPs (most home routers have ICMP echo requests disabled), your definition of "systematic observation" seems very flimsy. Is monitoring the global BGP routing table "systematic observation"? What about scraping RIR records? How is sending ICMP echo requests and observing the response times meaningfully similar to what google et al are doing? I doubt many people are upset about google "systematically observing"... the contents of books (for google books), or the layout of cities (for google maps, ignoring streetview). They're upset about google building dossiers on people. Observing the locations of groups of IP addresses (I'm not aware of any geoip products that can deanonymize specific IP addresses) seems very divorced from that, such that any attempts at equating the two because "systematic observation" is non-nonsensical.
It seems like you missed the specifier "of places and people". Books are not people or places, but an IP addresses at any point in time is tied to either a specific person or place.
> They're upset about google building dossiers on people.
Their location being in that dossier is part of what upsets people.
>but an IP addresses at any point in time is tied to either a specific person or place.
Except I'm not aware of any geoip databases that operate on a per-IP level. It's way too noisy, given that basically everyone uses dynamic IP addresses. At best you can figure out a given /24 is used by a given ISP to cover a certain neighborhood, not that 1.2.3.4 belongs is John Smith or 742 Evergreen Terrace.
Google does it I think?
At least in some cases, e.g. when multiple devices that are logged into their respective Google accounts are using that IP, and Google knows what location those usually reside at when together.
I've had Google pop up reliable location results for me, to the granularity of a small town, even if they had no information about me specifically to help them deduce this. It doesn't always happen though.
Good to know, that does shift my opinion a bit. There is a spectrum from surveilling individuals to gathering population statistics. I'm not sure exactly where data that identifies a user to a group size of ~250 falls, especially given the geographic correlation, but it's definitely better.
Not really, but there are companies making their money selling a mapping of phone numbers to real names[1].
It's an uniquely American thing (Canada does it too, but access is regulated much more tightly).
This one[2] I could get reliable results from for free, but it seems to be "under maintenance" right now. Twillio just offers it as a service at 1 cent per number.
[1] https://en.wikipedia.org/wiki/CNAM [2] https://www.sent.dm/resources/phone-lookup
I'm surprised this is notable these days, because the mapping of numbers to names used to be a completely free service that was dropped off on everyone's front porch.
https://en.wikipedia.org/wiki/Telephone_directory
Phone directories were one of these weird "one way" services.
In principle, you could use them to map numbers to names, but the way they were designed, it was a lot more effort than using them to map names to numbers. That was deliberate I think.
> Calling geoip databases "surveillance capitalism" seems like a stretch. It might be used by "surveillance capitalism", but you don't really have to surveil people to build a geoip database, only scrape RIR allocation records (all public, btw) and BGP routes, do ping tests, and parse geofeeds provided by providers. None of that is "surveillance capitalism" in any meaningful sense.
How is it not? Most "normal" surveillance works the same way - you look up public records for the person you're going after, cross-reference them against each other somehow, and eventually find enough dirt on them or give up. This is surveillance, and it's being done by and in the interests of capitalism.
I live in Vancouver, WA and my IP comes back to Portland, OR.
Vancouver residents may as well be Oregonians anyway. Most of them are paying OR income tax. They do most of their shopping and entertainment in Oregon too.
I work for a Portland company at home in Vancouver so I get to skip their income tax. It's a 10-15 minute drive to the PDX area where there is a Best Buy, Ikea and other stores where I can easily skip sales if I want to.
You live the best life; basically only federal income taxes.
The 20 min further south than you I live costs me over $30k/year.
Yeah, I was working from home anyway so it just made sense to move. The money I saved paid my rent fully and then some.
ISPs have no obligation, although the ubiquity of sites and apps relying on IP geolocation mean that ISPs are incentivized to provide correct info these days.
I run a geolocation service, and over the years we've seen more and more ISPs providing official geofeeds. The majority of medium-large ISPs in the US now provide a geofeed, for example. But there's still an ongoing problem in geofeeds being up-to-date, and users being assigned to a correct 'pool' etc.
Mobile IPs are similar but are still certainly the most difficult (relative lack of geofeeds or other accurate data across providers)
Mobile IPs reflect the user's "registered area" at best, not their actual location.
This is mostly because of how APNs / G-GNS / P-GW systems work. E.G. you may have an APN that puts you straight in a corporate network, and the mobile network needs you to keep using that APN when roaming. This is why your roaming IP is usually in the country you're from, not the one you're currently in.
I've heard of local breakout being possible, but never actually seen it in practice.
Required? Not sure, but probably not, but they do so to monetize your metadata and provide hints to websites so they show language- and country-localized "local" versions of websites before/instead-of/as-a-fallback-to requesting location permissions.
In case anyone is wondering what I was wondering:
https://en.wikipedia.org/wiki/Dreamwidth
Ah! Thank you. I was wondering why mjg59 needed to geo-block people on his blog. I had no idea dreamwidth was a platform and he was only a user of that platform. I don't think I've ever seen anyone else's content on that site. Now I feel dumb because I've been calling him "dreamwidth" in my head for years.
I think there are quite a lot of Livejournal diehards on it.
And the law in question:
https://en.wikipedia.org/wiki/The_Walker_Montgomery_Protecti...
Thanks, I could not get by their really bad captha
Related thread,
https://news.ycombinator.com/item?id=44990886 ("Bluesky Goes Dark in Mississippi over Age Verification Law (wired.com)"—175 comments)
The USA has a F(ederal) CC. Not S(tate) CC.
I appreciate that not all modern post 1776 democracies are the same, but in Australia, whose constitution was informed hugely by the US constitution, Federal communications law takes supremacy over states, and states laws cannot constrain trade between the states. There are exceptions, but you'd be in court. "trade" includes communications.
So ultimately, isn't this heading to the FCC, and a state-vs-federal law consideration?
-Not that it means a good outcome. With the current supreme court, who knows?
> With the current supreme court, who knows?
In his concurring opinion, Justice Kavanaugh said it was likely unconstitutional (but apparently not obviously enough to enjoin it) [1]. So it's going into effect, then the lawsuit follows.
Similar laws in California, Arkansas and Ohio were all found unconstitutional, so I am hopeful. That said, these were all district court decisions, and all of them are being appealed. When they lose on appeal, they go to the Supreme Court for (hopefully) the final smack-down.
Interestingly, reading the summary MS HB1126 [2], this law is doing two things. It regulates companies and defines crimes.
States are allowed to set their own criminal codes. If Mississippi drops the mandate part and passes a new law that simply defines certain things as crimes with corresponding penalties, that law would probably be constitutional.
[1] https://www.supremecourt.gov/opinions/24pdf/25a97_5h25.pdf
[2] https://legiscan.com/MS/bill/HB1126/2024
> States are allowed to set their own criminal codes. If Mississippi drops the mandate part and passes a new law that simply defines certain things as crimes with corresponding penalties, that law would probably be constitutional.
States have limits to what things they define as crimes. Defining certain type of trade to be criminal is regulating trade. And regulating interstate trade is reserved for Congress. Yet, many state laws criminalize some commerce, and case law has expanded interstate commerce to often include sales where the buyer, seller, and manufacturer are all in the same state... consistency is not a strength of our system.
I hope you are right!
then the lawsuit follows.
...and then the lawyers profit.
In theory, the US constitution forbids states from interfering with interstate commerce too.
In theory yes, but in reality the "Dormant Commerce Clause" is weak protection.
We've let states set their own "internet services" taxes, making selling anything online in the US a regulatory nightmare. A third-party vendor to manage (and keep up with) the tax laws to stay compliant is basically required for anyone selling online, or risk the wrath of various state tax bodies.
<insert Yogi Berra quote about theory and practice here>
Clueless human, but what stops a company from ignoring these laws from certain states? How is this enforceable if a company doesn't have any infrastructure within that state?
> Clueless human, but what stops a company from ignoring these laws from certain states?
The threat of lawsuits.
> How is this enforceable if a company doesn't have any infrastructure within that state?
If you are intentionally doing business in a US state, and either you or your assets are within the reach of courts in the US, you can probably be sued under the state's laws, either in the state's courts or in federal courts, and there is a reasonable chance that if the law is valid at all, it will be applied to your provision of your service to people in that state. Likewise, you have a risk from criminal laws of the state if you are personally within reach of any US law enforcement, through intrastate extradition (which, while there is occasional high-profile resistance, is generally Constitutionally mandatory and can be compelled by the federal courts.)
That's why services taking reasonable steps to cut off customers accessing their service from the states whose laws they don't want to deal with is a common response.
That sounds a lot like regulating cross-state commerce, which is traditionally the purview of the federal government. Not that I have any real faith in this particular federal government or Supreme Court jealously protecting federal supremacy in this particular case.
> That sounds a lot like regulating cross-state commerce, which is traditionally the purview of the federal government.
Except for very specific things that are forbidden to the states in Art. I Sec. 10, or where Congress has specifically closed off state action in its own actions under the Interstate Commerce Clause, states retain the ability to regulate commerce in manners that impact interstate commerce so long as they do not discriminate against interestate commerce compared to in-state commerce in such regulations.
Now I am curious as well. Are there…extradition treaties between states?
The treaty in question is the Constitution. All states must grant extradition to any other state.
It would be pretty crazy if you could kill someone in Arizona and then just walk over the border to California and not be able to be prosecuted…
You mean the Zone Of Death?
https://en.wikipedia.org/wiki/Zone_of_Death_(Yellowstone)
"The Zone of Death is the 50-square-mile (130 km2) area in the Idaho section of Yellowstone National Park in which, as a result of the Vicinage Clause in the Constitution of the United States, a person may be able to theoretically avoid conviction for any major crime, up to and including murder"
That's a separate thing -- it's not about being in a different state from where the crime was committed, it's about (supposedly) it being procedurally impossible to give you the jury trial you have to have, because literally no one lives in the relevant district.
No, because no one lives in the relevant combination of state and district, hence why only portion of the District of Wyoming that is actually in the State of Idaho is affected.
Yup, sorry, I was imprecise.
Which really just means of anyone tried to exploit the loophole and wasn’t politically untouchable cough, everyone would just ignore the problem and assign them to some nearby district or whatever.
Seems like the solution is to bus in new residents if such a trial was needed.
https://www.nbcnews.com/news/us-news/ny-gov-hochul-rejects-l...
>New York governor rejects Louisiana's extradition request for doctor in abortion pill case
cough
Exactly. We don't have a problem with too few laws and regulations. We have a problem with enforcement and accountability.
It seems like a problem of states trying to pass laws that control things outside their borders. The jurisdiction of Louisiana courts is Louisiana.
I mean it would be absurd if an anti-death-sentence state started trying to extradite the executioners working in pro-death-sentence states for murder, right?
If the executioner did their work in the anti-death-sentence state it wouldn't seem to be absurd, no. E. g. if they had pulled the cord that activated the electric chair remotely from a pro-death-sentence state (tele-execution ... sounds very BlackMirror).
I’d expect that to result in a very confusing court case. Fortunately, despite all the other messes going on, we haven’t tried anything that silly.
Murder is a crime in all states. If the two states disagree on if a crime occurred, does the requesting state get to impose its laws on everyone?
> Murder is a crime in all states.
Not by the same definition, no, its not, though there is a crime called "murder" in all states, and there tends to be significant overlap in the definitions.
So Murder is a crime in all states.
Yeah, that would be crazy, but the point here is that the "crime" is not being committed in Mississippi at all.
Even if there aren't (there are cases where individuals fight extradition to other states though I have no idea if that's ever effective, and questions of conflict between states has come up recently regarding interstate prescribing of abortion medications, etc. with some states explicitly stating that they will not cooperate with Texasistan), a civil judgement against an entity operating in one state could likely be enforced without even interacting with the state where that entity exists - e.g. if they're using a bank with a presence in MS, the state might be able to simply go after their accounts held with the national-scale bank.
There are certainly extraditions between states, so whether there's a treaty is rather academic
Apparently, U.S. statutory and case law establish that a business has an "economic nexus" in a state can be made subject to that state's laws. An economic nexus doesn't require a physical presence, just sufficient economic activity. Sufficient economic activity is usually defined, by each state, according to revenue or volume of transactions. Another test for an economic nexus is something called purposeful availment, which is whether a business is targeting the residents of a jurisdiction. So it seems like, "Are you intentionally selling to Missouri residents?"
To enforce all this, states can sue companies and they can take steps to ensure companies can't do business in their state (so like maybe force ISPs to block Dreamwidth?).
Iirc, there was case law where a site was successfully found guilty because the site allowed ads, and the advertisers were targeting based on ip location. Not the site! The site didn't even log that data. But the ads were used as the vector of purposful availment.
When I get the time, I'll be hosting a site from my closet that allows anything short of csam and I will reject states like MS and TX. My final act will be to die. But I don't much want to live.
Why block MS and TX?
Anyway find a reason to live, unless you're objectively suffering there's quite a few
Sorry - poor wording on my part. I meant I would reject the states' new laws requiring identification of users to access social media on my site.
If they're able to elevate some of your charges to the federal level you're fucked. IANAL though so I don't know if/how that would happen.
You can't "elevate" state criminal charges to federal charges, though the state can simply seek your extradition (which, if the receiving state resists, the federal courts can enforce, because it is a Constitutional obligation).
(It is possible for state charges existing to make other actions federal crimes, though, e.g., there is a federal crime of interstate travel to avoid prosecution, service of process, or appearance as a witness. But state charges themselves can't get "bumped up" to the federal level.)
You can’t elevate something to federal charges that is not a federal crime, mostly committed across state lines (at least not in a just system); and the interstate commerce clause and possibly the free speech clause would likely be where that gets hung up.
There is a certain group in the USA that is working hard on undermining the rights of the people of America, the enemies, foreign and domestic, per se; and this is part of their plank to control speech through fear and total control and evisceration of anonymity.
I support controlling access to porn for children, especially since I know people who were harmed and groomed by it, but these types of laws are really just the typical liar’s wedge to get the poison pill of tracking and suppression in the door.
I hope some of the court cases can fix some of these treasonous and enemy acts by enemies within, but reality is that likely at the very least some aspects of these control mechanisms will remain intact.
If it really was about preventing harm against children, then they would have prevented children from accessing things, not adults. But that’s how you know it’s a perfidious lie.
This MS situation is just another step towards what they really want, total control over speech, thought, and what you are able to see and read.
This MS situation is just a kind of trial balloon, a probe of the American people and the Constitution and this thing we still call America even though enemies are within our walls dismantling everything.
As you may have read, in MS they are trying to require all social media companies to “…deanonymize and age-verify all users…” …… to protect the children, of course. So you, an adult, have to identify yourself online in the public square that is already censored and controlled and mapped, to the government so it can, e.g., see if you oppose or share information about the genocide it is supporting … to protect Mississippi children, of course.
> How is this enforceable if a company doesn't have any infrastructure within that state?
It's a good question. Maybe something with interstate commerce laws?
There used to be the "Oregon sales tax loophole" where residents of neighboring states (Washington, California, Idaho) would make large purchases (car) just over the border in Oregon where there was no sales tax.
That loophole got closed once inter-state data sharing became possible and Oregon merchants were required to start collecting those out-of-state taxes at the point of sale.
How would that have ever worked for a car in OR as a CA resident? You don't need inter-state data sharing when you have to register the newly-purchased car with the CA DMV and fill out the form saying you bought it inside or outside of CA. If you said "inside" when you didn't CA could likely catch that discrepancy against purely in-state dealer/tax records; if you said "outside" then they're gonna make you pay the tax difference.
Now, buying a fancy computer or something... but a car?
> How would that have ever worked for a car in OR as a CA resident? You don't need inter-state data sharing when you have to register the newly-purchased car with the CA DMV and fill out the form saying you bought it inside or outside of CA.
I haven't seen it as much in WA, but I used to see a lot of Oregon plates on new vehicles in Northern California where I had reason to believe the driver was a resident of CA. I do know someone who was pulled over for driving like a Californian while having out of state plates, so there's some enforcement that way anyhow. (Changed several lanes from the fast lane to the exiting lane in a continuous motion)
> That loophole got closed once inter-state data sharing became possible and Oregon merchants were required to start collecting those out-of-state taxes at the point of sale.
Oregon merchants are not required to collect sales tax for any other jurisdictions outside of Oregon. And they don’t, any non Oregonian can go to any merchant in Oregon right now, and you will be charged the same as any other customer who lives in Oregon.
Also, it was never a loophole to buy things in Oregon to evade sales tax. All states with sales tax require their residents to remit use tax for any items brought into the state to make up the difference for any sales tax that would have been paid had it been purchased in their home state.
That wasn't a loophole. It was just a bunch of people evading taxes.
> people evading taxes
Avoiding taxes. It's different. It was always perfectly legal to travel to another state to buy something expensive and bring it back home. No crimes were committed.
It was a loophole that you could buy in Oregon specifically to avoid $1,000s in sales taxes.
> It was always perfectly legal to travel to another state to buy something expensive and bring it back home.
It was legal to do that. If it was purchased out of state with the intent of bringing it back home, then (assuming the home state was California) California use taxes were always owed on it. Other states with sales taxes also tend to have similarly-structured use taxes with rates similar to the sales tax rates.
They were legally avoiding sales taxes, but also illegally evading use taxes, and, moreover, there is very little reason for the former if you aren't also doing the latter, unless you just have some moral objection to your taxes being taken at the point of sale and the paperwork and remittance to the government being done by the retailer instead of being a burden you deal with yourself.
It was the same for WA, so you're right, this was always (illegal) tax evasion, not mere avoidance.
AFAIK it's not that Oregon changed anything, either. It's that Washington passed additional laws that require out-of-state merchants to collect the tax when selling to customers in WA, and said out-of-state merchants complied.
Washington did not pass additional laws. It was the Supreme Court's South Dakota v Wayfair ruling:
https://www.supremecourt.gov/opinions/17pdf/17-494_j4el.pdf
https://en.wikipedia.org/wiki/South_Dakota_v._Wayfair,_Inc.
Prior to this ruling, if you were a merchant in state A and you mailed something to someone in State B, you were not considered to have an economic nexus in state B, and hence state B had no jurisdiction over you to enforce sales tax collection.
Previous definitions of economic nexus involved having physical buildings or employees operating within a jurisdiction's boundaries.
South Dakota v Wayfair said that mailing something to a customer established economic nexus in the customer's jurisdiction, hence the merchant now has to register as a business in the customer's jurisdiction and collect applicable sales taxes and follow all the laws of that jurisdiction.
The whole ruling is weird though, because the justification came down to it's messing up the order of things, and since Congress can't be bothered to fix it with legislation, the Courts have to make up stuff to prolong the status quo.
I think the point was that interstate data sharing closed the loophole on evading use-taxes. Now states report to each other about large purchases. It's no longer possible to buy a car or tractor in Oregon and never report the unpaid sales tax back to Washington or California. They will know.
I was addressing the debate that that prompted over whether the situation before that was tax evasion or mere tax avoidance, but yes, the point about interstate data sharing is what that tangent spun off from several posts upthread.
If you do not pay sales tax on items bought in neighboring states, you typically owe your state use tax on those items. Many people simply did not report these purchases however, and this is evasion.
chrismcb is correct.
The situation petcat described is tax evasion (illegal, since use tax is due in lieu of paying sales tax at point of purchase, assuming item is brought back to home state).
Tax avoidance is simply minimizing tax liability, completely legal.
You are correct, virtually every state has a law that says “If you buy something in another state and pay less sales tax than we charge, you owe us the sales tax we would’ve charged you.”
It’s called a ‘use tax’. In practice, nobody pays (personal) use tax, myself included.
Washington has a use tax: https://dor.wa.gov/taxes-rates/use-tax
California has a use tax: https://cdtfa.ca.gov/taxes-and-fees/use-tax/
Idaho has a use tax: https://tax.idaho.gov/taxes/sales-use/use-tax/online-guide/
So, all of those people going to Oregon to shop without sales tax and not paying use tax were technically breaking the law, not using a loophole. I’m not judging them, I don’t pay use tax either :)
Washington at least will refund sales tax paid for goods purchased in Washington for use exclusively outside of Washington if purchased by residents of US states and CA provinces with low sales taxes, if the forms are followed.
I understand it used to be possible to show ID in store and have sales tax not be applied, but now you need to submit receipts and etc.
Do you insist on paying your home tax rate if you go somewhere else and buy food or products?
I’ve never understood people like you that say anything and everything to increase taxes.
How does it make any rational or logical sense that you should pay higher taxes for something?
So when you go to Delaware that has 0% sales taxes, you make sure to log everything and pay taxes to your home state upon return?
> So when you go to Delaware that has 0% sales taxes, you make sure to log everything and pay taxes to your home state upon return?
If you don't, you are technically violating the law. All states with sales tax also have a use tax.
For example, if you are a resident of neighboring Maryland, this is the form you'd need to fill out for purchases you make in Delaware.
https://www.marylandcomptroller.gov/content/dam/mdcomp/tax/f...
He's just stating the law. Eat a cookie and take a nap.
Surprising how quickly everyone is expected to comply with these laws - within a week you're supposed to block what could be a portion of your user base?
Most areas of governance usually give years of preparation ahead of anything actually being enforced. This is so short-sighted.
> This is so short-sighted.
Might as well be the slogan of the current era
>Surprising how quickly everyone is expected to comply with these laws - within a week you're supposed to block what could be a portion of your user base?
But the law was signed over a year ago[1]? The recent development was that the injunction blocking the bill from being implemented got struck down. I'm not sure what you'd expected here, that the courts delay lifting the injunction because of the sites that didn't bother complying with the law, because they thought they'd prevail in court?
[1] https://legiscan.com/MS/bill/HB1126/2024
I don’t think it’s short sighted. They just don’t care.
This is the inevitable result of inconsistent privacy laws across jurisdictions. Instead of one clear federal standard, we get a patchwork of conflicting requirements. Small companies can't afford legal teams to navigate 50 different state privacy laws. So they just block entire states rather than risk compliance violations. This helps no one - not consumers who lose access to services, not businesses who lose customers, not states that wanted to protect their residents.
Might it be sufficient to dynamically block anyone that has a registered home address in Mississippi for their payment method? Most ISP's span multiple states.
Google have additional information about IP addresses that updates dynamically based on cell phone, wifi and other magic usage so maybe ask them if they have some javascript that queries their site for more specific city/state details. Also call Pornhub and ask how they were blocking specific states to meet legal requirements.
For the Bluesky ban, I'm not in Mississippi, but whatever IP Geolocation service they're use thinks I my home internet is in Mississippi. It's doubtless that lots of people inside Mississippi but near borders aren't being blocked, because that's just not a thing that's really possible.
Definitely not because the law would apply e.g. to someone who lives in a different state, but loads the site while physically in Mississippi.
Unlikely. You wouldn't have a payment method address for any free/non-paid/gifted account.
If I were in Dreamwidth's shoes, I'd be very much concerned with minimizing legal exposure, not number of users excluded. At 10k/user*day, it's a reasonable choice to block as broadly as makes sense.
Tough for the neighbors, but nitpicking "resident" is not a good choice here.
From my perspective that means "the entire US". I don't live there and I have no idea how to not break this law.
If you're using a VPN while inside Missxi and access the site without age verification, would that cause the site to be in violation of the law?
IANAL but i don't think using a vpn matters...Because whether a user is using a vpn or otherwise or not, if the user is identified as from Mississippi, that would be the test for whether these guys would need to block or not. Like, if a user from Mississippi uses a vpn, and these guys don't know that and detect that this user's IP is from, say, Arkansas...how would they be held liable? Unless, i'm missing something, right?
The site is legally required to apply "commercially reasonable measures" to prevent the kind of access that this law is against. Whether that includes blocking accessing it over VPNs is anyone's guess.
NAL, but yes, I believe that it would still be a violation of the law. That said, laws aren't applied by robots and it's likely they would be given leniency if they could show they actually tried to respect the law.
If they make an honest attempt to comply and a small number of people using VPNs slip through the cracks, if they're ever reported, they'll likely be given a slap on the wrist at most. If they ignore the law or do some obvious half assed attempt to comply and thousands of Mississippi users are still using their site and they get reported, it's far less likely that a judge will be lenient.
I don’t see how, but the people trying to implement total control of speech, thought, and communication in America are a diabolical and crafty bunch that will likely try putting someone through the wringer for that one day.
The end game here is total control and awareness of who is saying what at any time, in order to allow those messages to be thwarted.
Seems to work without issue in states that require age verification for pornography sites. Would assume a site like pornhub has spent money on lawyers
https://en.wikipedia.org/wiki/The_Walker_Montgomery_Protecti...
> However, it doesn't apply to news sources, online games or the content that is be made is by the service itself or is an application website.
What is an "application website"? I can't seem to find how they're defining that.
It’s unclear how that phrase got into the wiki; the bill text https://billstatus.ls.state.ms.us/documents/2024/html/HB/110... does not seem to mention that phrase.
Thanks, Section 3 is much clearer than the Wikipedia wording.
The law mentions that it does not apply to job application websites.
https://law.justia.com/codes/mississippi/title-45/chapter-38...
That's probably what the wikipedia author meant to say
so does that mean all of linkedin is exempt?
does that also mean that all social media platforms will start a small jobs board?
Yes to your first question, and no to the second question... the law says it must "primarily function" in that respect.
Putting a small jobs board on instagram would not make instagram "primarily function" as a job application website. LinkedIn is primarily a professional networking website - it qualifies.
Yeah the Wikipedia explanation has faulty grammar. I couldn't figure it out either.
My understanding is that this is similar to the law the UK passed recently except instead of verifying age of users for "adult" content, every platform needs to verify (and log) age of all users for all content?
It can't possibly be that ridiculous.
It's Mississippi. Least educated state in the US. Not surprising the elected officials didn't think this one through.
Interesting, all I see is "403 Forbidden" when I open this website, and Im not even from the mentioned location's country! I guess might as well block everyone to avoid any possible future litigation.
> And because we're part of the organization suing Mississippi over it, and were explicitly named in the now-overturned preliminary injunction, we think the risk of the state deciding to engage in retaliatory prosecution while the full legal challenge continues to work its way through the courts is a lot higher than we're comfortable with
Since you can't really block all state IPs, but also since prosecution isn't bound by honesty, this retaliatory risk doesn't decrease much (though hard to assess precisely).
> On a completely unrelated note while I have you all here, have I mentioned lately that I really like ProtonVPN's service, privacy practices, and pricing?
Did your lawyer review this? Because you just committed a felony.
As an aside, it would be curious if deepening political polarization creates a trend of blocking IPs from specific states or regions for whatever reason... perhaps in such a scenario there would be interesting relations or comparisons between the digital and physical divides...
Same with UK's OSA: don't most governments already have the tools to block domains based on operator compliance with laws? What's wrong with that approach that leads to this kind of universal jurisdiction approach?
I leave my home computer network open to the public and now suddenly I'm liable to some random jurisdiction around the world because someone in that location decides to call my computer?
China's GFW seems benign in comparison
If hosting companies make this an easy block/choice it just becomes the CA cancer warning where everyone does it. Then everyone in Mississippi and locales that adopt this have to use a VPN.
While I realize I'm not entitled to read this website, I'd like to report it seems to be geoblocking me in Viet Nam. I get a 403 Forbidden.
I was totally ready to consider blocking US IP ranges too, if there was a good reason. I run a small business and 0% of my customers are overseas.
It would be of great benefit to the internet if servers couldn't geolocate clients.
How is this vaguely sufficient to meet the legal requirements of the law? They know geo-blocking is insufficient.
IANAL, but there’s a question of reasonable burden. Not sure if that applies here, but it’s not unreasonable to say you simply don’t want to do business in a state where the regulations are cost prohibitive. Given they make a reasonable effort to not provide a service to MI, it’s not really on them to police people trying to circumvent a state’s local laws.
Pornhub and BlueSky have done similar in response to this legislation in Texas. Wikipedia and a few other sites blocked the UK to avoid being burdened by their Safety act. Pretty much every streaming platform implements regional geo blocking for licensing reasons.
I’ll be curious to see how things shake out in the long run given the current political climate.
> Wikipedia and a few other sites blocked the UK
No? Wikipedia is not blocked in the UK.
For the record, Wikipedia has not (yet) blocked the UK. They are awaiting official classification by Ofcom of the Wikipedia website. However, the uncertainty is definitely vexing, and the direction this is going is truly worrying.
Good callout! Sadly, I’m unable to update my comment to correct. This whole area of law seems to be busy lately.
IANAL, but if the actual legislation did not either recommend or dictate which method would be either good or even considered valid for purposes of enactment of the law, would it then be subject to interpretation?
Also, for the enforcement agency who is/will be tasked with checking things out here...do they know whether geo-blocking is valid method or not? Its a silly law, don't get me wrong...but if its enforcement validation mechanisms are not up to snuff, i wonder how things will play out - both here in dreamwidth's case and other folks in a similar boat?
Is it insufficient? The law says they need to take commercially reasonable efforts to verify people's age in Mississippi. Geoblocking is a pretty commercially reasonable effort to identify who lives in Mississippi, and they don't provide service to those people.
> How is this vaguely sufficient to meet the legal requirements of the law?
It may not be, if the law can be applied to them.
OTOH, may be sufficient to make it illegal to apply the law to them in the first place. US states do not have unlimited jurisdiction to regulate conduct occurring outside of their borders, but they do have more ability to regulate conduct of entities intentionally doing business within their borders.
The law requires them to take commercially reasonable measures. Geo-blocking is industry standard/best practice.
Stupid question - can’t these websites use a service like id.me and not store anything?
It’s not a stupid question, and I have the same one.
How can any website determine the location of a user that uses a VM inside an Azure/AWS/GCP data enter? My VM inside Azure WestUS2 geolocates somewhere in WA state…
Please make sure to use the correct HTTP code for the block:
451 - Blocked for legal reasons.
Is someone maintaining a list of what territories have which restrictions so I don't accidentally commit an international crime?
An adult contracts with the ISP. The ISP provides unfiltered internet access to the adult. It is the adult who then chooses to provide access to adult, social, or otherwise-restricted websites to children. I don't see how this isn't obvious to any court.
>Unfortunately, the penalties for failing to comply with the Mississippi law are incredibly steep: fines of $10,000 per user from Mississippi who we don't have identity documents verifying age for, per incident -- which means every time someone from Mississippi loaded Dreamwidth, we'd potentially owe Mississippi $10,000. Even a single $10,000 fine would be rough for us, but the per-user, per-incident nature of the actual fine structure is an existential threat.
Reminds me of Silicon Valley. PiperChat has grossly violated COPPA as there was no parental consent form on the app leading to a 21 billion dollar fine: https://www.youtube.com/watch?v=N3zU7sV4bJE
I guess the uk isn’t the only place with lawmakers that have no grasp on technical matters but yolo it anyway
Honestly this sort of thing seems to be popping up everywhere now. Almost feels like a co-ordinated effort.
Far from it. Australia is trying to age-block social media at the moment (we'll see what happens in december), the EU is likely to move on this stuff before long, lots of US states are doing it... it seems like it's the way of the future, one way or another.
403. Are Singapore IPs being geoblocked as well?
Since some idiotic courts have ruled a website’s Terms of Service to be legally binding, why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
I’m not being glib. Honestly, why can’t I? There’s precedent for saying that’s unauthorized access, so the feds (not the state; “Interstate Commerce Clause” and all that) should prosecute the visitor for violating my ToS.
For the same reason a bars don't just ask people to sign a document saying they're 21 in lieu of an ID.
The laws are written in a way where the responsibility for enforcement falls on the operator of the business. In both cases, the business doesn't actually have to verify anything if they don't want to, but if it's found that they're allowing violations to happen, they will be held legally responsible.
> The laws are written in a way where the responsibility for enforcement falls on the operator of the business.
Excluding "identity theft".
You can't contract away something that the law requires of you.
> why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
So, I'm genuinely curious about this. Does the US not require any kind of territorial nexus in order for a jurisdiction's laws to apply to an individual? Can Texas criminalise abortions in New York, by New Yorkers, for New Yorkers? This seems very unlikely to me.
Under private international law, very generally speaking, you tend to require a nexus of some kind (otherwise, we'd all be breaking Uzbekistani laws constantly). I assume there must exist some kind of nexus requirement in US federal constitutional law too.
Assuming you have no presence, staff, offices, or users in a state, and you expressly ban that state in your T&C, why would that state's laws apply to you at all? You're not providing any services from or to that state, and in as far they can open your landing page, that's sort of like saying they can call your phone number. And in the absence of that state's laws applying at all, would not any requirements about geoblocking etc that may exist in those laws be moot?
(Usual risk calculus would seem to apply re over-zealous state prosecutors, etc.)
> Since some idiotic courts have ruled a website’s Terms of Service to be legally binding, why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
That would allow you, perhaps, to sue people from MS that used your site for violating the ToS (though, "some idiotic courts have ruled" does not mean "the courts which actually create binding precedent over those that would adjudicate your case have ruled...", so, be careful even there.) But that doesn't actually mean that, if someone from MS used your site and you took no further steps to prevent it you would not be liable to the extent that you did not comply with the age verification law.
> There’s precedent for saying that’s unauthorized access, so the feds (not the state; “Interstate Commerce Clause” and all that) should prosecute the visitor for violating my ToS.
Most things in interstate commerce, except where the feds have specifically excluded the states, are both federal and state jurisdiction, but neither the feds nor the state are obligated, even if applicable law exists which allows them to, to prosecute anyone for violating your ToS. You can (civilly) attempt to do so if you are bothered by it.
sounds similar to how many remote job applications skirt around posting the actual salary range by not allowing residents of NY, etc. to apply
When will people understand geoblocking won’t save you? If a Mississippi user is on a VPN and they access your website you must still comply.
If you have a competitor, you can hire a bunch of Mississippians to access their website by VPN, collect evidence of them doing so, and then report them to have the shit fined out of them. It will pierce their corporate veil and leave them personally bankrupted, ending their website.
If that actually works, that's terrifying. Do you know of examples of companies facing legal trouble despite geoblocking efforts?
Not companies, just small individuals who couldn’t afford the legal battle.
That shouldn't matter, I'm just curious if it would actually be sufficient legal grounds for a suit or if it would be dismissed immediately.
It is more than sufficient. The law doesn’t care about “Mississippi IPs”, the spirit of the law is if a person is accessing your website from Mississippi, you must verify their age, regardless of what path they are taking to reach it. Can’t verify where they are from? Then you just verify them anyway, you don’t get to just be lazy because you don’t know your user. If you don’t, there is a case that you are being negligent.
Is that just your opinion or is there case law supporting that?
Not arguing for or against this law, but at some point if your site reaches a certain size that it is having a distortion effect on democracy or society in someway I'm going to want transparency and regulation.
You can't have it both ways. Tech oligarchy is just another road to fascism city.
I wonder if these state laws are at some point going to collide with Apple’s Private Relay service. It’s included with an iCloud subscription, and very easy to turn on, so I imagine Apple has way, way more users than a typical VPN provider. And they make no effort to ensure your exit node is in the same state as you are. A most it will keep the same “general location,” and there’s an option to let it use anything in the same country and time zone.
Bluesky is doing the same in case people here did nor know
https://www.wired.com/story/bluesky-goes-dark-in-mississippi...
One thing that's interesting about these regional laws is that they all necessarily use geolocation, but the regional laws are jurisdiction-based. Geolocation is inaccurate in many circumstances and also just insufficient in some circumstances (VPN, near a state border, proxied requests, embedded content, etc.)
https://archive.is/XuUkc
This is happening in Australia, and it's awful legislation.
Eventually we're going to end up with freedom loving states and puritanical nanny states.
No, we're going to end up with a lot puritanical nanny states policing different things, depending on their flavor of authoritarianism.
You think so? My state's supreme Court has interpreted our state constitution's freedom of expression clause even more broadly than the federal first amendment. It's hard to see how anything like that could survive judicial review here.
The makeup of a court is temporary. Maybe your court is "safe" today; that won't necessarily still be the case tomorrow.
I see the larger objective as total control over all speech, thought, and information in more circuitous and pernicious ways than something in one of the poster-boys of “tyranny”.
This is just the start and the trial balloons. The enemy within is a bit nervous about this attack on the most fundamental freedom that the Constitution is protecting, free speech, but they’re also very confident in themselves.
it is just a new better Internet era - everybody to use VPN. Thanks to the conservatives for facilitating such a progress.
For example, these days in Russia awareness and usage of VPN is well beyond any normal country. With Facebook and IG for example blocked for Meta being officially branded an "extremist organization" (by the way Taliban was taken off that list recently, so what do you guys in Menlo Park are cooking what is worse than Taliban? May be some freedom of speech? :) people in Russia of all strata is still using it, now through VPN, many from mobile devices. The thing of note from USSR/Russia here is that habitual violation of unreasonable laws breeds wide disrespect for the system of law as a whole, and it i very hard to reverse the flow.
True, but the next thing, will VPNs be forced to age verify eventually ?
It is possible some US States and maybe the UK will end up like China.
>True, but the next thing, will VPNs be forced to age verify eventually ?
it is like age verifying current generic access to the Internet. Sure, we'll come to this too (the anti-utopias aren't fiction, it is future :), yet we still don't verify such a generic access because it isn't the time yet, the society isn't yet totalitarian enough.
As a preview - in Russia (i'm less familiar with China to comment on it) they do already attack VPN by making it illegal to advertise it, something like this.
Russia is doing quite sophisticated technological enforcement, as well - even if you're running your own VPN server, you need something like V2Ray or Trojan to get through.
Project 2025 at work
Now they also have their own paramilitary, better funded than most national armies. I'm afraid people have a very naive view of what life looked like for an average German resident in the late 1930s. Just because tanks aren't running down Main St, Normalville, USA doesn't mean we aren't treading in seriously dangerous waters just now. We are pushing past points of no return every day this continues.
[dead]
[flagged]
> Stop crying about it
Please don't comment like this on HN. We need everyone to avoid ideological flamebait and unkind swipes. Please take a moment to read the guidelines and make an effort to observe them in future.
https://news.ycombinator.com/newsguidelines.html
Glad we didn't have you at the Constitutional Convention.
Also "operate in or leave" doesn't make a lick of sense on THE INTERNET
No, be loud about bad laws.
Sometimes, often even, Dreamwidth can do the right thing like this. I fully support them in this fight and hope they win. But let's not pretend banning huge IP ranges for years at a time is new to them.
Dreamwidth has been at the forefront of banning large swaths of the internet. They started doing it years before anyone else. Before the for-profit corporate spidering of HTTP/S content even began causing issues. This is well trod territory and entirely familiar for them and their upstream network provider they like to blame their inability to fix it on.
For those of us unfamiliar with dreamwidth: huh??
I think this has something to do with Cloudflare.
Nah, not cloudflare. Just their upstream network provider (or so they say in support emails) and Dreamwidth's well established and long running practice of not caring that huge ranges of IPv4 are blocked from viewing any sites hosted on them. They do control the blocks but they have their tech support lie about it; as evidenced by this fine grain and specific blocking they're doing now re: Mississippi.
Well, we can blame the voters of Mississippi for their ass-backware representatives, who they evidently like, for these ignorant laws.
Cut the ignoramuses from the US internet until they can learn to be decent people. Serves them right, and well, legally.
i don't maybe read a few history books about the south before you write off an entire state. or just look at some data: https://ballotpedia.org/Mississippi_gubernatorial_election,_...
very incurious/very unhacker
Why geoblock Mississippi but scramble to comply with California right to delete. Political favorites? Easier to implement? Something else?
Maybe already had the implementation ready because of EU regulations?
'Why would you comply with the forth largest economy in the world, but not the second poorest state in the country?'