Our legal system is a shambles that is clearly not prepared to handle this kind of thing, even setting aside the situation with the supreme court. It's become clear that the "shadow law" of simply passing unconstitutional statutes, filing frivilous lawsuits, etc., is operating independently of the real legal system moves too slowly and does not have adequate mechanisms to prevent what is essentially a DDoS attack. All justice is delayed and so all justice is denied.
As a gun owner, I can confidently state that the continuous stream of unconstitutional laws that must be constantly fought against is no new development.
As a non-gun owner, I imagine that much comes down to what the founders meant by the opening clause of the Second Amendment. Since the Originalists claim to hold special insights into the frame of mind of the founders, and this way of thinking seems to be over-represented on the SCOTUS, I would think this a friendly environment for the issue you care about. That aside, isn’t that the way that U.S. political and justice systems are supposed to function? Representatives pass laws at the behest of their most vocal constituents. Then those of opposing ideologies petition the courts for relief or their representatives for repeal.
Seriously. Never mind when government agents wantonly violate the rights of a gun owner, and the main gun lobbying organization comes out with full-throated support of the government agents. For those that don't know, look up what happened to Kenneth Walker.
the real legal system is slow by design, to carefully review cases and ensure fairness. It should also be based on good faith. The vulnerability comes from one bad faith party flooding the system with bad faith cases and appeals (as trump is doing). Even when he fails, the process becomes the punishment for the opposing side (journalists, political opponents...). When he wins, he wins.
> It's become clear that the "shadow law" of simply passing unconstitutional statutes
What makes you think the statute is "unconstitutional?" The Supreme Court hasn't tackled the issue directly, but it upheld a law requiring libraries to install blocking software to restrict access to websites for children: https://en.wikipedia.org/wiki/United_States_v._American_Libr.... Remember that, prior to the reinterpretation of the First Amendment in the mid-20th century, the "obscenity" carve-out was broad enough to outright ban things like pornography, much less allowing access to children.
That said, I suspect that the law is probably unconstitutional, insofar as it's targets at a type of speech (social media) that doesn't fall within any of the traditional exceptions. I don't think the "under 18" rationale holds when you're talking about content that traditionally hasn't been prohibited to children.
Regardless, this isn't an instance of the state blatantly violating some clear Supreme Court precedent. (And even that's okay if you have a good-faith basis for challenging the precedent! That's how impact litigation often works.)
Any physical business has to deal with 100s of regulations too, it just means the same culture of making it extremely difficult and expensive to do anything at all is now coming to the online world as well, bit by bit.
Right. But if I open a physical business I only need to abide by the laws of that state. This is definitely an order of magnitude more regulation to deal with.
But yeah, this definitely sounds like a business opportunity for services or hosts.
Closely followed by the BETTERID act in response to sites using substandard identity providers, a set of stringent compliance requirements to ensure the compliant collection and storage of verification documentation requiring annual certification by an approved auditing agency who must provide evidence of controls in place to ensure [...]
Hopefully data centers will be built in more free states. If I live in California, and run a server in California that responds to requests coming from an ISP in California, at what point do I become subject to Mississippi law that I never had a chance to vote for?
If anything, communications between Mississippi and California would be interstate commerce and would thus fall under federal legal jurisdiction.
More to the point, why would anyone outside of Mississippi need to comply? What legal grounds do they have to dictate what other people do outside of their state?
I worry that as a mastodon server operator I could be found guilty of violating their state law and if one day I decide to visit or transit in the state I could be punished say by arrest.
Same goes for other countries as well. It’s insane.
Individuals are not meant to keep track, they're meant to leave the ecosystem. These types of bills are the end product of the process of regulatory capture by the corpos.
Corpos create centralized watering holes that are magnets for social problems, offering low effort service and very little accountability for early users. Corpos then nurture these uses because they drive engagement, and at the early stage any usage is good usage. When the wider public catches on and starts complaining, corpos then cast it as outside meddling and reject addressing the problems they're facilitating, as curation at scale would cost too much. Corpos then become a straightforwardly legible target for politicians to assert control over, demanding some kind of regulation of the problem. Corpos then lobby to make sure such laws are compatible with their business - like simply having to hire more bureaucrats to do compliance (which is the sine-qua-non of a corpo, in the first place). The last few steps can repeat a few cycles as legislation fails to work. But however long it takes, independent individual hosters/users are always left out of those discussions - being shunned by the politicians (individuals are hard to regulate at scale) and the corpos (individuals turn into startups, ie competition). Rinse and repeat.
> Between this and the UK Online Safety Bill, how are people meant to keep track?
At this point, I almost welcome all these laws. The more they restrict us, the more potential felons, but they can't fine and put us all in jail, no? Chronic over-legislation will crush from its own weight.
That said, like the saying of markets staying irrational longer than people can afford to, the realistic outcome is that bureaucracy will survive longer than a functioning society. Legislation will continue until morale improves.
>Chronic over-legislation will crush from its own weight.
Ideally, yes. I think the reality however will be that most "perpetrators" will be ignored, and anything else will be easy wins and collateral damage to small site operators that these regulators to happen to notice.
Its things like this that make me want the internet excluded from all legal systems as extra territorial. There should be no laws governing the internet. Almost uniformly they are stupid. The most success law enforcement gets out of capturing pedos is setting up honeytraps anyway.
I would argue privacy laws are good. But I do think laws that apply to the internet in the US should only come at a federal level. That would help with uniformity.
States should come together with their neighboring states to start passing identical model legislation for this sort of stuff, if we don’t have unity across the country. It could be easy and voluntary for the states to do.
The US doesn’t have 50 different cultures with totally different values, but probably has like… 7.
You pretty much just plug the IP into a geolocating API and hope. There's nothing else to do. Any collateral damage is on the legislation, not any individual site or admin.
As you say, IP geolocation is unreliable. Unfortunately that's the only option. If it is technologically impossible to comply with the law, you just gotta do the best you can. If someone in MI gets a weird IP, there's absolutely nothing any third party can do. That's on the ISP for not allocating an appropriate IP or the legislators for being morons.
I wonder what is a "commercially reasonable effort" for a non-commercial website to collect, accurately verify, and securely store everyone's identity, location, and age?
Personally I'd say none at all, unless the government itself provides it as a free service, takes on all the liability, and makes it simple to use.
It also defines personally identifiable information as including "pseudonymous information when the information is used by a controller or processor in conjunction with additional information that reasonably links the information to an identified or identifiable individual." But it doesn't specify what it means by 'controller' or 'processor' either.
If a hobbyist just sets up a forum site, with no payment processor and no identified or identifiable information required, it would seem reasonable that the law should not apply. But I'm not a lawyer.
Clearly, however, attempting to comply with the law just in case, by requiring ID, would however then make it applicable, since that is personally identifiable information.
Required? Not sure, but probably not, but they do so to monetize your metadata and provide hints to websites so they show language- and country-localized "local" versions of websites before/instead-of/as-a-fallback-to requesting location permissions.
ISPs have no obligation, although the ubiquity of sites and apps relying on IP geolocation mean that ISPs are incentivized to provide correct info these days.
I run a geolocation service, and over the years we've seen more and more ISPs providing official geofeeds. The majority of medium-large ISPs in the US now provide a geofeed, for example. But there's still an ongoing problem in geofeeds being up-to-date, and users being assigned to a correct 'pool' etc.
Mobile IPs are similar but are still certainly the most difficult (relative lack of geofeeds or other accurate data across providers)
Ah! Thank you. I was wondering why mjg59 needed to geo-block people on his blog. I had no idea dreamwidth was a platform and he was only a user of that platform. I don't think I've ever seen anyone else's content on that site. Now I feel dumb because I've been calling him "dreamwidth" in my head for years.
I appreciate that not all modern post 1776 democracies are the same, but in Australia, whose constitution was informed hugely by the US constitution, Federal communications law takes supremacy over states, and states laws cannot constrain trade between the states. There are exceptions, but you'd be in court. "trade" includes communications.
So ultimately, isn't this heading to the FCC, and a state-vs-federal law consideration?
-Not that it means a good outcome. With the current supreme court, who knows?
In his concurring opinion, Justice Kavanaugh said it was likely unconstitutional (but apparently not obviously enough to enjoin it) [1]. So it's going into effect, then the lawsuit follows.
Similar laws in California, Arkansas and Ohio were all found unconstitutional, so I am hopeful. That said, these were all district court decisions, and all of them are being appealed. When they lose on appeal, they go to the Supreme Court for (hopefully) the final smack-down.
Interestingly, reading the summary MS HB1126 [2], this law is doing two things. It regulates companies and defines crimes.
States are allowed to set their own criminal codes. If Mississippi drops the mandate part and passes a new law that simply defines certain things as crimes with corresponding penalties, that law would probably be constitutional.
Clueless human, but what stops a company from ignoring these laws from certain states? How is this enforceable if a company doesn't have any infrastructure within that state?
> Clueless human, but what stops a company from ignoring these laws from certain states?
The threat of lawsuits.
> How is this enforceable if a company doesn't have any infrastructure within that state?
If you are intentionally doing business in a US state, and either you or your assets are within the reach of courts in the US, you can probably be sued under the state's laws, either in the state's courts or in federal courts, and there is a reasonable chance that if the law is valid at all, it will be applied to your provision of your service to people in that state. Likewise, you have a risk from criminal laws of the state if you are personally within reach of any US law enforcement, through intrastate extradition (which, while there is occasional high-profile resistance, is generally Constitutionally mandatory and can be compelled by the federal courts.)
That's why services taking reasonable steps to cut off customers accessing their service from the states whose laws they don't want to deal with is a common response.
Apparently, U.S. statutory and case law establish that a business has an "economic nexus" in a state can be made subject to that state's laws. An economic nexus doesn't require a physical presence, just sufficient economic activity. Sufficient economic activity is usually defined, by each state, according to revenue or volume of transactions. Another test for an economic nexus is something called purposeful availment, which is whether a business is targeting the residents of a jurisdiction. So it seems like, "Are you intentionally selling to Missouri residents?"
To enforce all this, states can sue companies and they can take steps to ensure companies can't do business in their state (so like maybe force ISPs to block Dreamwidth?).
Surprising how quickly everyone is expected to comply with these laws - within a week you're supposed to block what could be a portion of your user base?
Most areas of governance usually give years of preparation ahead of anything actually being enforced. This is so short-sighted.
>Surprising how quickly everyone is expected to comply with these laws - within a week you're supposed to block what could be a portion of your user base?
But the law was signed over a year ago[1]? The recent development was that the injunction blocking the bill from being implemented got struck down. I'm not sure what you'd expected here, that the courts delay lifting the injunction because of the sites that didn't bother complying with the law, because they thought they'd prevail in court?
An adult contracts with the ISP. The ISP provides unfiltered internet access to the adult. It is the adult who then chooses to provide access to adult, social, or otherwise-restricted websites to children. I don't see how this isn't obvious to any court.
Might it be sufficient to dynamically block anyone that has a registered home address in Mississippi for their payment method? Most ISP's span multiple states.
Google have additional information about IP addresses that updates dynamically based on cell phone, wifi and other magic usage so maybe ask them if they have some javascript that queries their site for more specific city/state details. Also call Pornhub and ask how they were blocking specific states to meet legal requirements.
If I were in Dreamwidth's shoes, I'd be very much concerned with minimizing legal exposure, not number of users excluded. At 10k/user*day, it's a reasonable choice to block as broadly as makes sense.
Tough for the neighbors, but nitpicking "resident" is not a good choice here.
For the Bluesky ban, I'm not in Mississippi, but whatever IP Geolocation service they're use thinks I my home internet is in Mississippi. It's doubtless that lots of people inside Mississippi but near borders aren't being blocked, because that's just not a thing that's really possible.
IANAL but i don't think using a vpn matters...Because whether a user is using a vpn or otherwise or not, if the user is identified as from Mississippi, that would be the test for whether these guys would need to block or not. Like, if a user from Mississippi uses a vpn, and these guys don't know that and detect that this user's IP is from, say, Arkansas...how would they be held liable? Unless, i'm missing something, right?
I don’t see how, but the people trying to implement total control of speech, thought, and communication in America are a diabolical and crafty bunch that will likely try putting someone through the wringer for that one day.
The end game here is total control and awareness of who is saying what at any time, in order to allow those messages to be thwarted.
NAL, but yes, I believe that it would still be a violation of the law. That said, laws aren't applied by robots and it's likely they would be given leniency if they could show they actually tried to respect the law.
If they make an honest attempt to comply and a small number of people using VPNs slip through the cracks, if they're ever reported, they'll likely be given a slap on the wrist at most. If they ignore the law or do some obvious half assed attempt to comply and thousands of Mississippi users are still using their site and they get reported, it's far less likely that a judge will be lenient.
The site is legally required to apply "commercially reasonable measures" to prevent the kind of access that this law is against. Whether that includes blocking accessing it over VPNs is anyone's guess.
I wonder if these state laws are at some point going to collide with Apple’s Private Relay service. It’s included with an iCloud subscription, and very easy to turn on, so I imagine Apple has way, way more users than a typical VPN provider. And they make no effort to ensure your exit node is in the same state as you are. A most it will keep the same “general location,” and there’s an option to let it use anything in the same country and time zone.
Yeah the Wikipedia explanation has faulty grammar. I couldn't figure it out either.
My understanding is that this is similar to the law the UK passed recently except instead of verifying age of users for "adult" content, every platform needs to verify (and log) age of all users for all content?
When will people understand geoblocking won’t save you? If a Mississippi user is on a VPN and they access your website you must still comply.
If you have a competitor, you can hire a bunch of Mississippians to access their website by VPN, collect evidence of them doing so, and then report them to have the shit fined out of them. It will pierce their corporate veil and leave them personally bankrupted, ending their website.
As an aside, it would be curious if deepening political polarization creates a trend of blocking IPs from specific states or regions for whatever reason... perhaps in such a scenario there would be interesting relations or comparisons between the digital and physical divides...
Interesting, all I see is "403 Forbidden" when I open this website, and Im not even from the mentioned location's country! I guess might as well block everyone to avoid any possible future litigation.
> On a completely unrelated note while I have you all here, have I mentioned lately that I really like ProtonVPN's service, privacy practices, and pricing?
Did your lawyer review this? Because you just committed a felony.
> And because we're part of the organization suing Mississippi over it, and were explicitly named in the now-overturned preliminary injunction, we think the risk of the state deciding to engage in retaliatory prosecution while the full legal challenge continues to work its way through the courts is a lot higher than we're comfortable with
Since you can't really block all state IPs, but also since prosecution isn't bound by honesty, this retaliatory risk doesn't decrease much (though hard to assess precisely).
This is the inevitable result of inconsistent privacy laws across jurisdictions. Instead of one clear federal standard, we get a patchwork of conflicting requirements.
Small companies can't afford legal teams to navigate 50 different state privacy laws. So they just block entire states rather than risk compliance violations.
This helps no one - not consumers who lose access to services, not businesses who lose customers, not states that wanted to protect their residents.
Same with UK's OSA: don't most governments already have the tools to block domains based on operator compliance with laws? What's wrong with that approach that leads to this kind of universal jurisdiction approach?
I leave my home computer network open to the public and now suddenly I'm liable to some random jurisdiction around the world because someone in that location decides to call my computer?
One thing that's interesting about these regional laws is that they all necessarily use geolocation, but the regional laws are jurisdiction-based. Geolocation is inaccurate in many circumstances and also just insufficient in some circumstances (VPN, near a state border, proxied requests, embedded content, etc.)
IANAL, but there’s a question of reasonable burden. Not sure if that applies here, but it’s not unreasonable to say you simply don’t want to do business in a state where the regulations are cost prohibitive. Given they make a reasonable effort to not provide a service to MI, it’s not really on them to police people trying to circumvent a state’s local laws.
Pornhub and BlueSky have done similar in response to this legislation in Texas. Wikipedia and a few other sites blocked the UK to avoid being burdened by their Safety act. Pretty much every streaming platform implements regional geo blocking for licensing reasons.
I’ll be curious to see how things shake out in the long run given the current political climate.
IANAL, but if the actual legislation did not either recommend or dictate which method would be either good or even considered valid for purposes of enactment of the law, would it then be subject to interpretation?
Also, for the enforcement agency who is/will be tasked with checking things out here...do they know whether geo-blocking is valid method or not? Its a silly law, don't get me wrong...but if its enforcement validation mechanisms are not up to snuff, i wonder how things will play out - both here in dreamwidth's case and other folks in a similar boat?
Is it insufficient? The law says they need to take commercially reasonable efforts to verify people's age in Mississippi. Geoblocking is a pretty commercially reasonable effort to identify who lives in Mississippi, and they don't provide service to those people.
> How is this vaguely sufficient to meet the legal requirements of the law?
It may not be, if the law can be applied to them.
OTOH, may be sufficient to make it illegal to apply the law to them in the first place. US states do not have unlimited jurisdiction to regulate conduct occurring outside of their borders, but they do have more ability to regulate conduct of entities intentionally doing business within their borders.
If hosting companies make this an easy block/choice it just becomes the CA cancer warning where everyone does it. Then everyone in Mississippi and locales that adopt this have to use a VPN.
How can any website determine the location of a user that uses a VM inside an Azure/AWS/GCP data enter? My VM inside Azure WestUS2 geolocates somewhere in WA state…
it is just a new better Internet era - everybody to use VPN. Thanks to the conservatives for facilitating such a progress.
For example, these days in Russia awareness and usage of VPN is well beyond any normal country. With Facebook and IG for example blocked for Meta being officially branded an "extremist organization" (by the way Taliban was taken off that list recently, so what do you guys in Menlo Park are cooking what is worse than Taliban? May be some freedom of speech? :) people in Russia of all strata is still using it, now through VPN, many from mobile devices. The thing of note from USSR/Russia here is that habitual violation of unreasonable laws breeds wide disrespect for the system of law as a whole, and it i very hard to reverse the flow.
>Unfortunately, the penalties for failing to comply with the Mississippi law are incredibly steep: fines of $10,000 per user from Mississippi who we don't have identity documents verifying age for, per incident -- which means every time someone from Mississippi loaded Dreamwidth, we'd potentially owe Mississippi $10,000. Even a single $10,000 fine would be rough for us, but the per-user, per-incident nature of the actual fine structure is an existential threat.
Reminds me of Silicon Valley. PiperChat has grossly violated COPPA as there was no parental consent form on the app leading to a 21 billion dollar fine: https://www.youtube.com/watch?v=N3zU7sV4bJE
Far from it. Australia is trying to age-block social media at the moment (we'll see what happens in december), the EU is likely to move on this stuff before long, lots of US states are doing it... it seems like it's the way of the future, one way or another.
I see the larger objective as total control over all speech, thought, and information in more circuitous and pernicious ways than something in one of the poster-boys of “tyranny”.
This is just the start and the trial balloons. The enemy within is a bit nervous about this attack on the most fundamental freedom that the Constitution is protecting, free speech, but they’re also very confident in themselves.
Since some idiotic courts have ruled a website’s Terms of Service to be legally binding, why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
I’m not being glib. Honestly, why can’t I? There’s precedent for saying that’s unauthorized access, so the feds (not the state; “Interstate Commerce Clause” and all that) should prosecute the visitor for violating my ToS.
For the same reason a bars don't just ask people to sign a document saying they're 21 in lieu of an ID.
The laws are written in a way where the responsibility for enforcement falls on the operator of the business. In both cases, the business doesn't actually have to verify anything if they don't want to, but if it's found that they're allowing violations to happen, they will be held legally responsible.
> Since some idiotic courts have ruled a website’s Terms of Service to be legally binding, why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
That would allow you, perhaps, to sue people from MS that used your site for violating the ToS (though, "some idiotic courts have ruled" does not mean "the courts which actually create binding precedent over those that would adjudicate your case have ruled...", so, be careful even there.) But that doesn't actually mean that, if someone from MS used your site and you took no further steps to prevent it you would not be liable to the extent that you did not comply with the age verification law.
> There’s precedent for saying that’s unauthorized access, so the feds (not the state; “Interstate Commerce Clause” and all that) should prosecute the visitor for violating my ToS.
Most things in interstate commerce, except where the feds have specifically excluded the states, are both federal and state jurisdiction, but neither the feds nor the state are obligated, even if applicable law exists which allows them to, to prosecute anyone for violating your ToS. You can (civilly) attempt to do so if you are bothered by it.
> why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
So, I'm genuinely curious about this. Does the US not require any kind of territorial nexus in order for a jurisdiction's laws to apply to an individual? Can Texas criminalise abortions in New York, by New Yorkers, for New Yorkers? This seems very unlikely to me.
Under private international law, very generally speaking, you tend to require a nexus of some kind (otherwise, we'd all be breaking Uzbekistani laws constantly). I assume there must exist some kind of nexus requirement in US federal constitutional law too.
Assuming you have no presence, staff, offices, or users in a state, and you expressly ban that state in your T&C, why would that state's laws apply to you at all? You're not providing any services from or to that state, and in as far they can open your landing page, that's sort of like saying they can call your phone number. And in the absence of that state's laws applying at all, would not any requirements about geoblocking etc that may exist in those laws be moot?
(Usual risk calculus would seem to apply re over-zealous state prosecutors, etc.)
Not arguing for or against this law, but at some point if your site reaches a certain size that it is having a distortion effect on democracy or society in someway I'm going to want transparency and regulation.
You can't have it both ways. Tech oligarchy is just another road to fascism city.
Now they also have their own paramilitary, better funded than most national armies. I'm afraid people have a very naive view of what life looked like for an average German resident in the late 1930s. Just because tanks aren't running down Main St, Normalville, USA doesn't mean we aren't treading in seriously dangerous waters just now. We are pushing past points of no return every day this continues.
Please don't comment like this on HN. We need everyone to avoid ideological flamebait and unkind swipes. Please take a moment to read the guidelines and make an effort to observe them in future.
Sometimes, often even, Dreamwidth can do the right thing like this. I fully support them in this fight and hope they win. But let's not pretend banning huge IP ranges for years at a time is new to them.
Dreamwidth has been at the forefront of banning large swaths of the internet. They started doing it years before anyone else. Before the for-profit corporate spidering of HTTP/S content even began causing issues. This is well trod territory and entirely familiar for them and their upstream network provider they like to blame their inability to fix it on.
Our legal system is a shambles that is clearly not prepared to handle this kind of thing, even setting aside the situation with the supreme court. It's become clear that the "shadow law" of simply passing unconstitutional statutes, filing frivilous lawsuits, etc., is operating independently of the real legal system moves too slowly and does not have adequate mechanisms to prevent what is essentially a DDoS attack. All justice is delayed and so all justice is denied.
As a gun owner, I can confidently state that the continuous stream of unconstitutional laws that must be constantly fought against is no new development.
As a non-gun owner, I imagine that much comes down to what the founders meant by the opening clause of the Second Amendment. Since the Originalists claim to hold special insights into the frame of mind of the founders, and this way of thinking seems to be over-represented on the SCOTUS, I would think this a friendly environment for the issue you care about. That aside, isn’t that the way that U.S. political and justice systems are supposed to function? Representatives pass laws at the behest of their most vocal constituents. Then those of opposing ideologies petition the courts for relief or their representatives for repeal.
Seriously. Never mind when government agents wantonly violate the rights of a gun owner, and the main gun lobbying organization comes out with full-throated support of the government agents. For those that don't know, look up what happened to Kenneth Walker.
> passing unconstitutional statutes > independently of the real legal system
The former is literally the real legal system, nothing shadow about it. Shadow would be some hidden deal to drop charges or something.
It's also not DDOS when a huge part of what you call "real" is exactly the same, so not unwillingly overloaded but willingly complicit.
the real legal system is slow by design, to carefully review cases and ensure fairness. It should also be based on good faith. The vulnerability comes from one bad faith party flooding the system with bad faith cases and appeals (as trump is doing). Even when he fails, the process becomes the punishment for the opposing side (journalists, political opponents...). When he wins, he wins.
> It's become clear that the "shadow law" of simply passing unconstitutional statutes
What makes you think the statute is "unconstitutional?" The Supreme Court hasn't tackled the issue directly, but it upheld a law requiring libraries to install blocking software to restrict access to websites for children: https://en.wikipedia.org/wiki/United_States_v._American_Libr.... Remember that, prior to the reinterpretation of the First Amendment in the mid-20th century, the "obscenity" carve-out was broad enough to outright ban things like pornography, much less allowing access to children.
That said, I suspect that the law is probably unconstitutional, insofar as it's targets at a type of speech (social media) that doesn't fall within any of the traditional exceptions. I don't think the "under 18" rationale holds when you're talking about content that traditionally hasn't been prohibited to children.
Regardless, this isn't an instance of the state blatantly violating some clear Supreme Court precedent. (And even that's okay if you have a good-faith basis for challenging the precedent! That's how impact litigation often works.)
What makes you think the current Supreme Court has any interest in upholding the constitution?
the comparison to a DDoS attack is very clever. Also in regards to the "muzzle velocity" strategy of Trump/Bannon
How does DDOS explain the fact the the Supreme Court didn't deny service, but simply decided not to block an unconstitutional law?
Between this and the UK Online Safety Bill, how are people meant to keep track?
Launch a small website and commit a felony in 7 states and 13 countries.
I wouldn't have known about the Mississippi bill unless I'd read this. How are we have to know?
Any physical business has to deal with 100s of regulations too, it just means the same culture of making it extremely difficult and expensive to do anything at all is now coming to the online world as well, bit by bit.
If you have a restaurant in Italy and some 18 year old from Mississippi orders a glass of wine - you can happily and lawfully serve it.
You don’t need to know all the laws of Mississippi to serve such customer, or any laws from anywhere else other than Italy.
Websites aren't necessarily businesses; they're speech.
Right. But if I open a physical business I only need to abide by the laws of that state. This is definitely an order of magnitude more regulation to deal with.
But yeah, this definitely sounds like a business opportunity for services or hosts.
> Any physical business
Websites don't have to be a business or be related to one.
But the jurisdiction is obvious, and it doesn't change just because someone from Mississippi walked in.
Probably an area for Cloudflare to offer it as a service. Content type X, blocked in [locales]. Advertised as a liability mitigation.
Closely followed by the BETTERID act in response to sites using substandard identity providers, a set of stringent compliance requirements to ensure the compliant collection and storage of verification documentation requiring annual certification by an approved auditing agency who must provide evidence of controls in place to ensure [...]
Regulatory capture in real time!
Hopefully data centers will be built in more free states. If I live in California, and run a server in California that responds to requests coming from an ISP in California, at what point do I become subject to Mississippi law that I never had a chance to vote for?
If anything, communications between Mississippi and California would be interstate commerce and would thus fall under federal legal jurisdiction.
Don't count on sensible, well established laws from the past applying in the near future.
While I'm not trying to argue for or against any particular law in this comment, California is far from a "free state" in terms of internet laws.
If I run a server in Utah primarily for myself, and you as a Californian happen to stumble upon it, should I have to abide by California privacy laws?
More to the point, why would anyone outside of Mississippi need to comply? What legal grounds do they have to dictate what other people do outside of their state?
I worry that as a mastodon server operator I could be found guilty of violating their state law and if one day I decide to visit or transit in the state I could be punished say by arrest.
Same goes for other countries as well. It’s insane.
Oh, the EU is also coming with an age verification requirement through the Digital Safety Act
Australia is too
> how are people meant to keep track?
Individuals are not meant to keep track, they're meant to leave the ecosystem. These types of bills are the end product of the process of regulatory capture by the corpos.
Corpos create centralized watering holes that are magnets for social problems, offering low effort service and very little accountability for early users. Corpos then nurture these uses because they drive engagement, and at the early stage any usage is good usage. When the wider public catches on and starts complaining, corpos then cast it as outside meddling and reject addressing the problems they're facilitating, as curation at scale would cost too much. Corpos then become a straightforwardly legible target for politicians to assert control over, demanding some kind of regulation of the problem. Corpos then lobby to make sure such laws are compatible with their business - like simply having to hire more bureaucrats to do compliance (which is the sine-qua-non of a corpo, in the first place). The last few steps can repeat a few cycles as legislation fails to work. But however long it takes, independent individual hosters/users are always left out of those discussions - being shunned by the politicians (individuals are hard to regulate at scale) and the corpos (individuals turn into startups, ie competition). Rinse and repeat.
> Between this and the UK Online Safety Bill, how are people meant to keep track?
At this point, I almost welcome all these laws. The more they restrict us, the more potential felons, but they can't fine and put us all in jail, no? Chronic over-legislation will crush from its own weight.
That said, like the saying of markets staying irrational longer than people can afford to, the realistic outcome is that bureaucracy will survive longer than a functioning society. Legislation will continue until morale improves.
This is where it goes wrong. It will be selectively applied. The worst.
It's just wrong and it breaks the internet. We had it so good for so little.
>Chronic over-legislation will crush from its own weight.
Ideally, yes. I think the reality however will be that most "perpetrators" will be ignored, and anything else will be easy wins and collateral damage to small site operators that these regulators to happen to notice.
i feel like it will just result in discriminatory policing
Its things like this that make me want the internet excluded from all legal systems as extra territorial. There should be no laws governing the internet. Almost uniformly they are stupid. The most success law enforcement gets out of capturing pedos is setting up honeytraps anyway.
"When catapults are outlawed, only outlaws will have catapults."
Welcome back to the 90s and the PGP, Clipper chip, warez, and DeCSS days.
At some point, they will have outlawed enough things that most people want, that most people will become outlaws.
I would argue privacy laws are good. But I do think laws that apply to the internet in the US should only come at a federal level. That would help with uniformity.
Check your local laws and make sure never to travel outside your current state.
States should come together with their neighboring states to start passing identical model legislation for this sort of stuff, if we don’t have unity across the country. It could be easy and voluntary for the states to do.
The US doesn’t have 50 different cultures with totally different values, but probably has like… 7.
Is there even such a thing as a "Mississippi IP?"
I.E. Are US ISPs, particularly big ones like Comcast, required to geolocate ISPs to the state where the person is actually in? What about mobile ones?
Where I live (not US), it is extremely common to get an IP that Maxmind geolocates to a region far from where you actually live.
You pretty much just plug the IP into a geolocating API and hope. There's nothing else to do. Any collateral damage is on the legislation, not any individual site or admin.
As you say, IP geolocation is unreliable. Unfortunately that's the only option. If it is technologically impossible to comply with the law, you just gotta do the best you can. If someone in MI gets a weird IP, there's absolutely nothing any third party can do. That's on the ISP for not allocating an appropriate IP or the legislators for being morons.
MI is Michigan.
GeoIP services are not 100% accurate, but that doesn't mean they're completely useless.
The law in question requires "commercially reasonable efforts"
I wonder what is a "commercially reasonable effort" for a non-commercial website to collect, accurately verify, and securely store everyone's identity, location, and age?
Personally I'd say none at all, unless the government itself provides it as a free service, takes on all the liability, and makes it simple to use.
It also defines personally identifiable information as including "pseudonymous information when the information is used by a controller or processor in conjunction with additional information that reasonably links the information to an identified or identifiable individual." But it doesn't specify what it means by 'controller' or 'processor' either.
If a hobbyist just sets up a forum site, with no payment processor and no identified or identifiable information required, it would seem reasonable that the law should not apply. But I'm not a lawyer.
Clearly, however, attempting to comply with the law just in case, by requiring ID, would however then make it applicable, since that is personally identifiable information.
I live in Vancouver, WA and my IP comes back to Portland, OR.
Required? Not sure, but probably not, but they do so to monetize your metadata and provide hints to websites so they show language- and country-localized "local" versions of websites before/instead-of/as-a-fallback-to requesting location permissions.
ISPs have no obligation, although the ubiquity of sites and apps relying on IP geolocation mean that ISPs are incentivized to provide correct info these days.
I run a geolocation service, and over the years we've seen more and more ISPs providing official geofeeds. The majority of medium-large ISPs in the US now provide a geofeed, for example. But there's still an ongoing problem in geofeeds being up-to-date, and users being assigned to a correct 'pool' etc.
Mobile IPs are similar but are still certainly the most difficult (relative lack of geofeeds or other accurate data across providers)
In case anyone is wondering what I was wondering:
https://en.wikipedia.org/wiki/Dreamwidth
Ah! Thank you. I was wondering why mjg59 needed to geo-block people on his blog. I had no idea dreamwidth was a platform and he was only a user of that platform. I don't think I've ever seen anyone else's content on that site. Now I feel dumb because I've been calling him "dreamwidth" in my head for years.
And the law in question:
https://en.wikipedia.org/wiki/The_Walker_Montgomery_Protecti...
Thanks, I could not get by their really bad captha
Related thread,
https://news.ycombinator.com/item?id=44990886 ("Bluesky Goes Dark in Mississippi over Age Verification Law (wired.com)"—175 comments)
The USA has a F(ederal) CC. Not S(tate) CC.
I appreciate that not all modern post 1776 democracies are the same, but in Australia, whose constitution was informed hugely by the US constitution, Federal communications law takes supremacy over states, and states laws cannot constrain trade between the states. There are exceptions, but you'd be in court. "trade" includes communications.
So ultimately, isn't this heading to the FCC, and a state-vs-federal law consideration?
-Not that it means a good outcome. With the current supreme court, who knows?
> With the current supreme court, who knows?
In his concurring opinion, Justice Kavanaugh said it was likely unconstitutional (but apparently not obviously enough to enjoin it) [1]. So it's going into effect, then the lawsuit follows.
Similar laws in California, Arkansas and Ohio were all found unconstitutional, so I am hopeful. That said, these were all district court decisions, and all of them are being appealed. When they lose on appeal, they go to the Supreme Court for (hopefully) the final smack-down.
Interestingly, reading the summary MS HB1126 [2], this law is doing two things. It regulates companies and defines crimes.
States are allowed to set their own criminal codes. If Mississippi drops the mandate part and passes a new law that simply defines certain things as crimes with corresponding penalties, that law would probably be constitutional.
[1] https://www.supremecourt.gov/opinions/24pdf/25a97_5h25.pdf
[2] https://legiscan.com/MS/bill/HB1126/2024
In theory, the US constitution forbids states from interfering with interstate commerce too.
Clueless human, but what stops a company from ignoring these laws from certain states? How is this enforceable if a company doesn't have any infrastructure within that state?
> Clueless human, but what stops a company from ignoring these laws from certain states?
The threat of lawsuits.
> How is this enforceable if a company doesn't have any infrastructure within that state?
If you are intentionally doing business in a US state, and either you or your assets are within the reach of courts in the US, you can probably be sued under the state's laws, either in the state's courts or in federal courts, and there is a reasonable chance that if the law is valid at all, it will be applied to your provision of your service to people in that state. Likewise, you have a risk from criminal laws of the state if you are personally within reach of any US law enforcement, through intrastate extradition (which, while there is occasional high-profile resistance, is generally Constitutionally mandatory and can be compelled by the federal courts.)
That's why services taking reasonable steps to cut off customers accessing their service from the states whose laws they don't want to deal with is a common response.
Apparently, U.S. statutory and case law establish that a business has an "economic nexus" in a state can be made subject to that state's laws. An economic nexus doesn't require a physical presence, just sufficient economic activity. Sufficient economic activity is usually defined, by each state, according to revenue or volume of transactions. Another test for an economic nexus is something called purposeful availment, which is whether a business is targeting the residents of a jurisdiction. So it seems like, "Are you intentionally selling to Missouri residents?"
To enforce all this, states can sue companies and they can take steps to ensure companies can't do business in their state (so like maybe force ISPs to block Dreamwidth?).
Now I am curious as well. Are there…extradition treaties between states?
> How is this enforceable if a company doesn't have any infrastructure within that state?
It's a good question. Maybe something with interstate commerce laws?
If they're able to elevate some of your charges to the federal level you're fucked. IANAL though so I don't know if/how that would happen.
Surprising how quickly everyone is expected to comply with these laws - within a week you're supposed to block what could be a portion of your user base?
Most areas of governance usually give years of preparation ahead of anything actually being enforced. This is so short-sighted.
> This is so short-sighted.
Might as well be the slogan of the current era
>Surprising how quickly everyone is expected to comply with these laws - within a week you're supposed to block what could be a portion of your user base?
But the law was signed over a year ago[1]? The recent development was that the injunction blocking the bill from being implemented got struck down. I'm not sure what you'd expected here, that the courts delay lifting the injunction because of the sites that didn't bother complying with the law, because they thought they'd prevail in court?
[1] https://legiscan.com/MS/bill/HB1126/2024
I don’t think it’s short sighted. They just don’t care.
An adult contracts with the ISP. The ISP provides unfiltered internet access to the adult. It is the adult who then chooses to provide access to adult, social, or otherwise-restricted websites to children. I don't see how this isn't obvious to any court.
Might it be sufficient to dynamically block anyone that has a registered home address in Mississippi for their payment method? Most ISP's span multiple states.
Google have additional information about IP addresses that updates dynamically based on cell phone, wifi and other magic usage so maybe ask them if they have some javascript that queries their site for more specific city/state details. Also call Pornhub and ask how they were blocking specific states to meet legal requirements.
If I were in Dreamwidth's shoes, I'd be very much concerned with minimizing legal exposure, not number of users excluded. At 10k/user*day, it's a reasonable choice to block as broadly as makes sense.
Tough for the neighbors, but nitpicking "resident" is not a good choice here.
For the Bluesky ban, I'm not in Mississippi, but whatever IP Geolocation service they're use thinks I my home internet is in Mississippi. It's doubtless that lots of people inside Mississippi but near borders aren't being blocked, because that's just not a thing that's really possible.
Definitely not because the law would apply e.g. to someone who lives in a different state, but loads the site while physically in Mississippi.
Unlikely. You wouldn't have a payment method address for any free/non-paid/gifted account.
If you're using a VPN while inside Missxi and access the site without age verification, would that cause the site to be in violation of the law?
IANAL but i don't think using a vpn matters...Because whether a user is using a vpn or otherwise or not, if the user is identified as from Mississippi, that would be the test for whether these guys would need to block or not. Like, if a user from Mississippi uses a vpn, and these guys don't know that and detect that this user's IP is from, say, Arkansas...how would they be held liable? Unless, i'm missing something, right?
I don’t see how, but the people trying to implement total control of speech, thought, and communication in America are a diabolical and crafty bunch that will likely try putting someone through the wringer for that one day.
The end game here is total control and awareness of who is saying what at any time, in order to allow those messages to be thwarted.
NAL, but yes, I believe that it would still be a violation of the law. That said, laws aren't applied by robots and it's likely they would be given leniency if they could show they actually tried to respect the law.
If they make an honest attempt to comply and a small number of people using VPNs slip through the cracks, if they're ever reported, they'll likely be given a slap on the wrist at most. If they ignore the law or do some obvious half assed attempt to comply and thousands of Mississippi users are still using their site and they get reported, it's far less likely that a judge will be lenient.
The site is legally required to apply "commercially reasonable measures" to prevent the kind of access that this law is against. Whether that includes blocking accessing it over VPNs is anyone's guess.
Seems to work without issue in states that require age verification for pornography sites. Would assume a site like pornhub has spent money on lawyers
I wonder if these state laws are at some point going to collide with Apple’s Private Relay service. It’s included with an iCloud subscription, and very easy to turn on, so I imagine Apple has way, way more users than a typical VPN provider. And they make no effort to ensure your exit node is in the same state as you are. A most it will keep the same “general location,” and there’s an option to let it use anything in the same country and time zone.
https://en.wikipedia.org/wiki/The_Walker_Montgomery_Protecti...
> However, it doesn't apply to news sources, online games or the content that is be made is by the service itself or is an application website.
What is an "application website"? I can't seem to find how they're defining that.
It’s unclear how that phrase got into the wiki; the bill text https://billstatus.ls.state.ms.us/documents/2024/html/HB/110... does not seem to mention that phrase.
The law mentions that it does not apply to job application websites.
https://law.justia.com/codes/mississippi/title-45/chapter-38...
That's probably what the wikipedia author meant to say
Yeah the Wikipedia explanation has faulty grammar. I couldn't figure it out either.
My understanding is that this is similar to the law the UK passed recently except instead of verifying age of users for "adult" content, every platform needs to verify (and log) age of all users for all content?
It can't possibly be that ridiculous.
When will people understand geoblocking won’t save you? If a Mississippi user is on a VPN and they access your website you must still comply.
If you have a competitor, you can hire a bunch of Mississippians to access their website by VPN, collect evidence of them doing so, and then report them to have the shit fined out of them. It will pierce their corporate veil and leave them personally bankrupted, ending their website.
If that actually works, that's terrifying. Do you know of examples of companies facing legal trouble despite geoblocking efforts?
Please make sure to use the correct HTTP code for the block:
451 - Blocked for legal reasons.
As an aside, it would be curious if deepening political polarization creates a trend of blocking IPs from specific states or regions for whatever reason... perhaps in such a scenario there would be interesting relations or comparisons between the digital and physical divides...
Bluesky is doing the same in case people here did nor know
https://www.wired.com/story/bluesky-goes-dark-in-mississippi...
Interesting, all I see is "403 Forbidden" when I open this website, and Im not even from the mentioned location's country! I guess might as well block everyone to avoid any possible future litigation.
> On a completely unrelated note while I have you all here, have I mentioned lately that I really like ProtonVPN's service, privacy practices, and pricing?
Did your lawyer review this? Because you just committed a felony.
> And because we're part of the organization suing Mississippi over it, and were explicitly named in the now-overturned preliminary injunction, we think the risk of the state deciding to engage in retaliatory prosecution while the full legal challenge continues to work its way through the courts is a lot higher than we're comfortable with
Since you can't really block all state IPs, but also since prosecution isn't bound by honesty, this retaliatory risk doesn't decrease much (though hard to assess precisely).
This is the inevitable result of inconsistent privacy laws across jurisdictions. Instead of one clear federal standard, we get a patchwork of conflicting requirements. Small companies can't afford legal teams to navigate 50 different state privacy laws. So they just block entire states rather than risk compliance violations. This helps no one - not consumers who lose access to services, not businesses who lose customers, not states that wanted to protect their residents.
Same with UK's OSA: don't most governments already have the tools to block domains based on operator compliance with laws? What's wrong with that approach that leads to this kind of universal jurisdiction approach?
I leave my home computer network open to the public and now suddenly I'm liable to some random jurisdiction around the world because someone in that location decides to call my computer?
China's GFW seems benign in comparison
One thing that's interesting about these regional laws is that they all necessarily use geolocation, but the regional laws are jurisdiction-based. Geolocation is inaccurate in many circumstances and also just insufficient in some circumstances (VPN, near a state border, proxied requests, embedded content, etc.)
How is this vaguely sufficient to meet the legal requirements of the law? They know geo-blocking is insufficient.
IANAL, but there’s a question of reasonable burden. Not sure if that applies here, but it’s not unreasonable to say you simply don’t want to do business in a state where the regulations are cost prohibitive. Given they make a reasonable effort to not provide a service to MI, it’s not really on them to police people trying to circumvent a state’s local laws.
Pornhub and BlueSky have done similar in response to this legislation in Texas. Wikipedia and a few other sites blocked the UK to avoid being burdened by their Safety act. Pretty much every streaming platform implements regional geo blocking for licensing reasons.
I’ll be curious to see how things shake out in the long run given the current political climate.
IANAL, but if the actual legislation did not either recommend or dictate which method would be either good or even considered valid for purposes of enactment of the law, would it then be subject to interpretation?
Also, for the enforcement agency who is/will be tasked with checking things out here...do they know whether geo-blocking is valid method or not? Its a silly law, don't get me wrong...but if its enforcement validation mechanisms are not up to snuff, i wonder how things will play out - both here in dreamwidth's case and other folks in a similar boat?
Is it insufficient? The law says they need to take commercially reasonable efforts to verify people's age in Mississippi. Geoblocking is a pretty commercially reasonable effort to identify who lives in Mississippi, and they don't provide service to those people.
> How is this vaguely sufficient to meet the legal requirements of the law?
It may not be, if the law can be applied to them.
OTOH, may be sufficient to make it illegal to apply the law to them in the first place. US states do not have unlimited jurisdiction to regulate conduct occurring outside of their borders, but they do have more ability to regulate conduct of entities intentionally doing business within their borders.
The law requires them to take commercially reasonable measures. Geo-blocking is industry standard/best practice.
While I realize I'm not entitled to read this website, I'd like to report it seems to be geoblocking me in Viet Nam. I get a 403 Forbidden.
I was totally ready to consider blocking US IP ranges too, if there was a good reason. I run a small business and 0% of my customers are overseas.
It would be of great benefit to the internet if servers couldn't geolocate clients.
Stupid question - can’t these websites use a service like id.me and not store anything?
It’s not a stupid question, and I have the same one.
If hosting companies make this an easy block/choice it just becomes the CA cancer warning where everyone does it. Then everyone in Mississippi and locales that adopt this have to use a VPN.
How can any website determine the location of a user that uses a VM inside an Azure/AWS/GCP data enter? My VM inside Azure WestUS2 geolocates somewhere in WA state…
it is just a new better Internet era - everybody to use VPN. Thanks to the conservatives for facilitating such a progress.
For example, these days in Russia awareness and usage of VPN is well beyond any normal country. With Facebook and IG for example blocked for Meta being officially branded an "extremist organization" (by the way Taliban was taken off that list recently, so what do you guys in Menlo Park are cooking what is worse than Taliban? May be some freedom of speech? :) people in Russia of all strata is still using it, now through VPN, many from mobile devices. The thing of note from USSR/Russia here is that habitual violation of unreasonable laws breeds wide disrespect for the system of law as a whole, and it i very hard to reverse the flow.
True, but the next thing, will VPNs be forced to age verify eventually ?
It is possible some US States and maybe the UK will end up like China.
Is someone maintaining a list of what territories have which restrictions so I don't accidentally commit an international crime?
>Unfortunately, the penalties for failing to comply with the Mississippi law are incredibly steep: fines of $10,000 per user from Mississippi who we don't have identity documents verifying age for, per incident -- which means every time someone from Mississippi loaded Dreamwidth, we'd potentially owe Mississippi $10,000. Even a single $10,000 fine would be rough for us, but the per-user, per-incident nature of the actual fine structure is an existential threat.
Reminds me of Silicon Valley. PiperChat has grossly violated COPPA as there was no parental consent form on the app leading to a 21 billion dollar fine: https://www.youtube.com/watch?v=N3zU7sV4bJE
I guess the uk isn’t the only place with lawmakers that have no grasp on technical matters but yolo it anyway
Far from it. Australia is trying to age-block social media at the moment (we'll see what happens in december), the EU is likely to move on this stuff before long, lots of US states are doing it... it seems like it's the way of the future, one way or another.
Honestly this sort of thing seems to be popping up everywhere now. Almost feels like a co-ordinated effort.
https://archive.is/XuUkc
Eventually we're going to end up with freedom loving states and puritanical nanny states.
No, we're going to end up with a lot puritanical nanny states policing different things, depending on their flavor of authoritarianism.
I see the larger objective as total control over all speech, thought, and information in more circuitous and pernicious ways than something in one of the poster-boys of “tyranny”.
This is just the start and the trial balloons. The enemy within is a bit nervous about this attack on the most fundamental freedom that the Constitution is protecting, free speech, but they’re also very confident in themselves.
Since some idiotic courts have ruled a website’s Terms of Service to be legally binding, why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
I’m not being glib. Honestly, why can’t I? There’s precedent for saying that’s unauthorized access, so the feds (not the state; “Interstate Commerce Clause” and all that) should prosecute the visitor for violating my ToS.
For the same reason a bars don't just ask people to sign a document saying they're 21 in lieu of an ID.
The laws are written in a way where the responsibility for enforcement falls on the operator of the business. In both cases, the business doesn't actually have to verify anything if they don't want to, but if it's found that they're allowing violations to happen, they will be held legally responsible.
You can't contract away something that the law requires of you.
> Since some idiotic courts have ruled a website’s Terms of Service to be legally binding, why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
That would allow you, perhaps, to sue people from MS that used your site for violating the ToS (though, "some idiotic courts have ruled" does not mean "the courts which actually create binding precedent over those that would adjudicate your case have ruled...", so, be careful even there.) But that doesn't actually mean that, if someone from MS used your site and you took no further steps to prevent it you would not be liable to the extent that you did not comply with the age verification law.
> There’s precedent for saying that’s unauthorized access, so the feds (not the state; “Interstate Commerce Clause” and all that) should prosecute the visitor for violating my ToS.
Most things in interstate commerce, except where the feds have specifically excluded the states, are both federal and state jurisdiction, but neither the feds nor the state are obligated, even if applicable law exists which allows them to, to prosecute anyone for violating your ToS. You can (civilly) attempt to do so if you are bothered by it.
> why can’t I just say no one from Mississippi is allowed to access my site and be done with it?
So, I'm genuinely curious about this. Does the US not require any kind of territorial nexus in order for a jurisdiction's laws to apply to an individual? Can Texas criminalise abortions in New York, by New Yorkers, for New Yorkers? This seems very unlikely to me.
Under private international law, very generally speaking, you tend to require a nexus of some kind (otherwise, we'd all be breaking Uzbekistani laws constantly). I assume there must exist some kind of nexus requirement in US federal constitutional law too.
Assuming you have no presence, staff, offices, or users in a state, and you expressly ban that state in your T&C, why would that state's laws apply to you at all? You're not providing any services from or to that state, and in as far they can open your landing page, that's sort of like saying they can call your phone number. And in the absence of that state's laws applying at all, would not any requirements about geoblocking etc that may exist in those laws be moot?
(Usual risk calculus would seem to apply re over-zealous state prosecutors, etc.)
sounds similar to how many remote job applications skirt around posting the actual salary range by not allowing residents of NY, etc. to apply
This is happening in Australia, and it's awful legislation.
403. Are Singapore IPs being geoblocked as well?
Not arguing for or against this law, but at some point if your site reaches a certain size that it is having a distortion effect on democracy or society in someway I'm going to want transparency and regulation.
You can't have it both ways. Tech oligarchy is just another road to fascism city.
Project 2025 at work
Now they also have their own paramilitary, better funded than most national armies. I'm afraid people have a very naive view of what life looked like for an average German resident in the late 1930s. Just because tanks aren't running down Main St, Normalville, USA doesn't mean we aren't treading in seriously dangerous waters just now. We are pushing past points of no return every day this continues.
[dead]
[flagged]
> Stop crying about it
Please don't comment like this on HN. We need everyone to avoid ideological flamebait and unkind swipes. Please take a moment to read the guidelines and make an effort to observe them in future.
https://news.ycombinator.com/newsguidelines.html
Glad we didn't have you at the Constitutional Convention.
Also "operate in or leave" doesn't make a lick of sense on THE INTERNET
No, be loud about bad laws.
Well, we can blame the voters of Mississippi for their ass-backware representatives, who they evidently like, for these ignorant laws.
Cut the ignoramuses from the US internet until they can learn to be decent people. Serves them right, and well, legally.
i don't maybe read a few history books about the south before you write off an entire state. or just look at some data: https://ballotpedia.org/Mississippi_gubernatorial_election,_...
very incurious/very unhacker
Why geoblock Mississippi but scramble to comply with California right to delete. Political favorites? Easier to implement? Something else?
Maybe already had the implementation ready because of EU regulations?
'Why would you comply with the forth largest economy in the world, but not the second poorest state in the country?'
Sometimes, often even, Dreamwidth can do the right thing like this. I fully support them in this fight and hope they win. But let's not pretend banning huge IP ranges for years at a time is new to them.
Dreamwidth has been at the forefront of banning large swaths of the internet. They started doing it years before anyone else. Before the for-profit corporate spidering of HTTP/S content even began causing issues. This is well trod territory and entirely familiar for them and their upstream network provider they like to blame their inability to fix it on.
For those of us unfamiliar with dreamwidth: huh??