Web services and websites should block all Utah IP addresses and redirect to page explaining that because they cannot tell who’s using a VPN, their only option is to block all of Utah.
Yes, I understand how dumb that is, but sometimes you have to fight stupid with stupider.
It’s actually quite trivial to detect most VPN providers. There’s publicly available IP lists
Many VPN providers regularly rotate their IP ranges.
Regardless, that wouldn’t reveal to a website where the traffic was originating from.
wouldn’t reveal to a website where the traffic is coming from
that’s… exactly the point here. If you’re connecting thru a VPN then the web site is supposed to ID you because you might be circumventing their local ID laws.
I was replying specifically to your comment…
“It’s actually quite trivial to detect most VPN providers. There’s publicly available IP lists…”
None of that has anything with what I’m suggesting, or why I suggested it.
I’ve explained the rationale in other comments, but this is an action of protest, not a technical response or workaround to the law.
If Utah passed the stupid law, you have to inconvenience Utah voters, and to do that, websites should block all Utah IP addresses. Making clear to their users that due to the new regulatory framework, they’re no longer doing business in Utah.
If that upsets people in Utah, they can reach out to their representatives to ask why they voted to ruin the internet in Utah.
you originally said
they cannot tell who’s using a VPN
I was replying to that specific statement only. Lists of IP ranges are updated regularly and publicly available. Web sites hosted in Utah will have to make use of them to ID check visitors to comply.
I agree with you that web sites hosted outside of Utah should just block Utah IP addresses with a “contact your representative” message."
Porn sites have been doing that for years now.
And that’s exactly what they want.
They don’t want every website to do it though.
I like the thought, but it won’t work. The big websites won’t be willing to lose money they don’t have to, and like ID laws that give them reasons to extract more data from users anyway.
Its easier to implement and less crazy than blocking VPNs. It also pushes back on other jurisdictions doing the same. I’d be amazed if this isn’t what happens.
They actually want to avoid the liability of storing someone’s id.
The government wants to make these things illegal, but they also want to track every person on the internet through their government ID, so they create the problem (age restriction and id checks) because they have the planned solution: digital id for every computer!
Do you have your computer license? Do you? You think the internet is a psy-op and Big Brother’s watching you? Just wait until a government admin message pops up on your screen because you visited the wrong website.
You’re getting fined for spreading misinformation or receiving a letter for libel due to some offhand tweet about some famous person. Don’t worry about receiving a notice in the mail, if you have a printer they’ll make it print your ticket for you immediately.
You don’t thing an extra 10,000 words in the EULA won’t absolve them of liability for ID theft?
Actually, the existing EULAs probably already do.
Indeed. ID laws are a wet dream of Meta and the like. Both because it gives them the unique ID the always wanted and because it is easier for them to comply than small upstarts.
Big websites will only have to do it for a little while though, a month perhaps. If suddenly Utah can’t reach youtube or Netflix… Constituents will complain, the citizens simply won’t have it, and then the legislators have a problem.
Your right, but I can imagine what it would be like, and that’s something.
I might not underestimate how much big tech companies hate this too. They are pretty famous about despising all regulation of their space. I wouldn’t put it past them to block a backwater like Utah.
They don’t want every website to do it
Are you sure?
Web services and websites should block all Utah IP addresses and redirect to page explaining that because they cannot tell who’s using a VPN, their only option is to block all of Utah.
But VPN users using a VPN outside of Utah will still get through.
What Utah (and likely other dumb states soon) are trying to do is to force age verification worldwide through a state law, forcing websites to verify the age of every user from anywhere, because any user who accesses the site from anywhere in the world might possibly be someone in Utah using a VPN.
I understand.
Which is why I’m suggesting they preemptively block everyone in Utah. Protesting needs to inconvenience people and good protests redirect that anger towards those in power.
“Utah’s new law us makes us legally liable for providing our services to residence in Utah using a VPN. As that is not technically possible, we have no choice but to cease operating in Utah, or allowing Utah residents to use our services.”
But whether or not that particular strategy would be an effective from a protest, is a moot point, as big tech is behind these types of age verification and use identification laws, and those are the only websites and services with a large enough user base to make a difference here.
Which is why I’m suggesting they preemptively block everyone in Utah.
Pornhub and other porn sites already do this.
They would still be liable for transmitting content to a Utah resident using a VPN to appear as though they were in neighboring Arizona.
That just means that people in Utah would need to use a VPN to access those sites.
Which is hilarious, and a predictable result when your legislature is mostly filled with people who could’ve retired decades ago…
Even worse, that would not necessarily help. If someone’s accessing your website through a VPN that’s not located in that state, you would not block it… then become liable.
Better block everything at this point -_-
The great firewall of Utah, all your pron must be inspected by government officials prior to delivery…
Web services and websites should block all Utah IP addresses
That won’t work on a VPN, though. The VPN will say the user is coming from outside the state. That’s the whole point of the VPN.
right, meaning everybody will need to get a VPN, defeating the purpose of the law
So you’re saying we should blockade the blockade? /s
With a button saying “Actually, I’m using a VPN so it looks like I’m in Utah but I’m actually not.” that gives you access
No, the better solution is for sites that age verification is pointless to block Utah. If you make a mobil app check the GPS or IP and disabl the app if they are in Utah. People should go on sites like Yelp in mass and put down votes on every establishment in Utah so that ths site becomes useless for anyone in Utah. Pretty much just destroy all tech and internet for all things Utah.
Yes, I understand how dumb that is
i don’t think you do. residents of utah don’t have to use vpn with endpoint in utah, so in order for your “gotcha” to work, they would have to block whole world. since most people will choose endpoint far from them, it would probably be enough to block anything but utah…
That’s the point…
It would be protest against Utah’s dumb law, with an even dumber response, that’s designed specifically to inconvenience people in Utah…
so you would bully the people being bullied by this law to protest the law that bullies them? well that would show them!
Unless you are willing to admit that Utah is a dictatorship, then yes “bullying” the people is very appropriate.
This is an issue with american thinking, the sanctity of normality. You think doing anything that effects the every person is somehow off limits, you think the daily life of the people is unassailable. Its the same nonsense over and over across everything and I think why americans always talk about how “nothing can be done” about any issue that comes up. The us of a is flying off a cliff in multiple ways but americans will put up with it as long as they don’t notice a change in their daily life.
It is why you are all ok with war, right up until the gas price goes up.
It is why you are all ok with losing liberties, right up until it effects you personally.
It is why you are all ok with your media and entertainment pushing usa #1 bullshit that always ends up “back to normal”, right up until you can’t ignore reality.
It is why you are all ok with a clearly broken and non democratic system, right up until nether party is able to guarantee your lifestyle.
It is why you are all ok with draconian “purity” laws being put into place, right up until sites you like to use realize that Utah is not worth the work to be there.
hey doc, here is one who forgot to take their pills!
This is an issue with american thinking
You think doing
it is why you are all ok with
it is why you are all ok with
it is why you are all ok with
it is why you are all ok with
it is why you are all ok with
you do know there are people in the world that are not americans, right?
“bullying” the people is very appropriate.
no, it is not. once you are done with this tantrum, i suggest to talk to a mental health professional and ask them for explanation.
no, it is not. once you are done with this tantrum, i suggest to talk to a mental health professional and ask them for explanation.
Yes, it is. You americans will get to see the results of your madness first hand over the next few years, there is no “tantrum” over it, just the explanation of the consequences you are all facing from thinking you are special.
“Nah bro ya crazy”
“The people being bullied” lol, they are called voters and they voted for the government that does this. Americans can fuck right off with their victim mentality. Go fix your shithole country instead
Removed by mod
I think you’re confused on the concept of protesting.
Or maybe you’re just a fan of this law, or don’t think it’s a big deal.
Either way, I disagree.
Americans not understanding how to protest? Surely not.
yes, it would. their elected officials did this.
“You can’t punish the voters for the things the people they voted for did!”
deleted by creator
I bet you a dollar that all of them are technologically illiterate.
It’s not just that, it’s that they don’t care. People keep assuming it’s solely based on a lack of knowledge but the real point is establishing consequences to prevent the things that can’t fight it from existing to begin.
They’ll decline to go after the websites they as lawmakers use themselves, but will instead hit up independent things that can’t afford to fight back and will just close when contacted.
i mean, how are we defining tech illiteracy? they have heard of the twitter, okay?
I think politicians have special law right to avoid that consequences of their actions.
Citizens also have special action that leds them bypass laws.
It’s called anarchy to some, and full-on revolution to others.
These aren’t “age checks”…it’s identity tracking.
Absolutely! Journalists really need to start describing these as what they are rather than the marketing term. It is much more accurate to call them “ID Checks” or something like that.
I’m so weary of everything getting a little bit worse every day.
I’m sure we all used to be excited about the future of the internet but now it’s just shit.
I used to see technology as our only hope and now I dread the new hells we’re creating.
I’m glad I at least got to enjoy the golden age of the internet before enshittification started to infect everything.
I get the sentiment, and I’m right there with you about the erosion of our rights every day being very exhausting.
The trick is to never stop being mad about things like this, because complacency is how they win.
So how do they plan on figuring out if any given user behind a VPN is in Utah?
Age and identity verification. Unfortunately selling user data is profitable, so I think this will become more common.
So let’s cripple websites that have VPN users… Lmao. Dumbest fucking government ever.
Well while your isp can’t see what you do when you use a vpn. They can see you use a vpn.
So there is that. However you could use an isp that is not in utah
We can just add a few thousand tor nodes too. Not sure how they will ever enforce this.
Wait a second… how can they enforce this legislation when a VPN is masking the user’s location? How do they know a user using a VPN is from Utah?
Correct me if I’m wrong here, but aren’t the users they’re trying to regulate the exact subsection of users that they don’t have the ability to identify as being citizens of Utah?
Like if a user appears to be in Utah, then they’re probably not using a vpn. And if the user appears to be from out of state, then they could be using a vpn, but also Utah law doesn’t apply to those people because they’re not from Utah (as far as they know)… So essentially this law can’t actually apply to… anyone?
You are too generous. If a company registered in Utah has a user who is coming in via VPN, then that user could be from Utah and the company is not in compliance unless they enforce age verification and thus liable. Thus, everyone has to hand over their ID. No one cares if a NY resident or European or whatever gets caught in it too. That’s not a requirement to avoid.
Seems like it kills tech sector in Utah
It would if Utah wasn’t the first of many.
Albeit I haven’t checked 100% of my traffic but thank God nothing important is hosted in Utah.
I don’t know about this one, but these laws usually apply to any company doing commerce inside the jurisdiction. So any company with an office or other business presence there, not just hosting.
What the shell are que tall king a bout ? The gray 8 $alt lake is ϰ Utah.
This law is pointless
Nope. It’s a stepping stone to completely block the public from using VPNs.
I get that but laws with no enforcement mechanism are questionable at best
no, the law is a feeder to push through the courts to the US Supreme Court’s shadow docket so they can make an overbroad decision with precedent that forces the rest of the country to adopt a VPN band
What kind of music does VPN band play?
dwarfcore. the d is for dwarfcore
I think they check with the ISP or something.
Utah flexing those evil Mormon muscles huh? Well get bent Utah and get fucked Mormons.
You’ve added an extra ‘m’ to a couple words there.
Me: Ormon uscles? Huh? … Oh right 😅
The second m is silent.
😂 😂 😂 😂 😂 😂 I love yall
from now on i will joke-censor mormons as mor*ons
From my point of view, all I want is that Europe doesn’t follow the US into suiciding it’s own future in Tech by structurally dismounting the workings of the Internet for the purpose of autoritarian surveillance.
Mind you, given the seeming high amounts of corruption and kompromat for European politicians - especially EU ones - I fear that even here they might send us down the path of Technological Black Age to satisfy the short term desires of whatever large American Tech Companies that have them in their pockets or populist American or Israeli politicians holding kompromat on them.
Von der Leyen keeps pushing for Chat Control. Plus the age verification app they want to release. The EU is already following the US
Yeah, I noticed.
I have zero hope of the EU comission not being complete total crooks sacrificing Europe to serve corporate America.
My hope is on the EU Parliament and on national governments, not the unelected “jobs for the boys” naturally rotten part of the EU “management”.
Estonia has this system for a decade already btw and uses block chain to make it transparant and for integrity, and the verification app will be zero-knowledge proof, and is open-source. Literally the best two specs you want for privacy… The only thing I would want is a decentralized system where you can get verified by showing your ID to your local municipal services, not uploading it.
But the chat control has to go away asap fr
maybe a compromis for chat control would be a decentralized database of photo hashes that are scanned by the chat control app where only trusted organizations for childrens safety can add hashes to, supported by block chain so we have full transparency of who adds what… wdyt of this?This way there is no single point of control. Blockchain provides full transparency because every addition of a hash is recorded as a transaction that anyone can verify, showing who added it and when, and since the blockchain is immutable, hashes can’t be secretly altered or deleted. Digital signatures prove which trusted org added each hash.
Sounds like shit
😂😂 Care to explain why?
Oh, there are so many iffy things there.
For starters:
the verification app will be zero-knowledge proof
Next, how exactly is being in the blockchain something that helps guarantee anonymity in an age verification access control system? The whole point of the blockchain is to guaranteed non-deniability, the exact opposite. At best it stinks of “we’ve thrown a bunch of techno-fads into this proposal to make it appealing to ignorant techno-fans”.
Then, there are a TON of ways of de-anonimizing data if the thing isn’t perfectly done, especially when it gets crossed with other data. Is there a group of independent experts analysing each and every version of the protocol and the app to make sure it’s not just directly anonymous but also resilient to de-anonimization?
Next, even assuming the whole thing is perfect and has been checked and confirmed by independent experts, how do you guarantee that once the infrastructure is in place the whole age-gating software isn’t just made closed source and covertly of changed to turn it into a full-blown civil society surveillance system?
Also, who gets to chose which sites are locked behind age-gates and which are not. Is the list open? Can it be appealed? How easy it is the appeals process? Is there Court supervision of the whole process or is it some people in a closed room with no Judicial oversight choosing what gets put behind that lock and what doesn’t.
Beyond that, it’s the responsibility of parents to watch over and control what their children are doing, not everybody else. The whole focus should be on giving parents the tools for that (for example, with a standard protocol for sites to inform browsers and home firewalls that they’re serving adult content, thus allowing parents to block it internally without the information of who is watching what ever leaving their home network), not mandated government software supposedly controlling the access of the whole fucking civil society to arbitrary web-sites and who knows what else.
Last but not least, it’s literally the smallest impact and easiest to achieve option to have the websites push out standard markers for “adult content” to browsers and home firewalls so that parents can restrict their children’s access, not putting locks on every such site AND having age identification on any and all means of accessing those websites on every single piece of networked computing hardware that anybody in Estonia might use to access such websites.
The entire thing is far too heavy and affects way too many devices and too much software to be the “best solution” for the problem of protecting children from adult content, but it sure is the best solution for the objective of having government access control software in every single computing device used in Estonia.
I meant the blockchain for the chatcontrol app, not for the age verification app btw, and you make good points for sure.
Is there a group of independent experts analysing each and every version of the protocol and the app to make sure it’s not just directly anonymous but also resilient to de-anonimization?
I mean it’s open-source and we have privacy watch-dogs so yes? and maybe they will create a group for it, like Germany
Next, even assuming the whole thing is perfect and has been checked and confirmed by independent experts, how do you guarantee that once the infrastructure is in place the whole age-gating software isn’t just made closed source and covertly of changed to turn it into a full-blown civil society surveillance system?
For chat control app: blockchain where only recognized child safety organizations can add photo-hashes For age verification app: it’s zero knowledge proof, so you get a white card without any private data? so how can that turn into full blown surveillance system? The only thing I don’t like is uploading my ID online to the app, let me get verified by showing my ID to municipal services without uploading it, would be good ig
Also, who gets to chose which sites are locked behind age-gates and which are not. Is the list open? Can it be appealed? How easy it is the appeals process? Is there Court supervision of the whole process or is it some people in a closed room with no Judicial oversight choosing what gets put behind that lock and what doesn’t.
Child safety organizations? Independent organizations with clear criteria or something? But yeah good questions idk
Beyond that, it’s the responsibility of parents to watch over and control what their children are doing, not everybody else. The whole focus should be on giving parents the tools for that (for example, with a standard protocol for sites to inform browsers and home firewalls that they’re serving adult content, thus allowing parents to block it internally without the information of who is watching what ever leaving their home network), not mandated government software supposedly controlling the access of the whole fucking civil society to arbitrary web-sites and who knows what else.
Then you must make sure the parents aren’t tech-illiterate and invest in educating parents for parental controls etc but truth, good point… Child-safe should be the standard in new devices and browsers if those parents stay being tech illiterates.
easiest to achieve option to have the websites push out standard markers for “adult content” to browsers and home firewalls so that parents can restrict their children’s access
Yeah agreed that this is the best solution but how do you make sure those websites apply for such a marker? Use AI to scan them lol And its still the best solution, together with focussing on education parents as well as children and to educate parents on parental control and screen time, and let them sort it out locally, instead of enforcing age verification deffo agreed on that
"Next, even assuming the whole thing is perfect and has been checked and confirmed by independent experts, how do you guarantee that once the infrastructure is in place the whole age-gating software isn’t just made closed source and covertly of changed to turn it into a full-blown civil society surveillance system?"For chat control app: blockchain where only recognized child safety organizations can add photo-hashes For age verification app: it’s zero knowledge proof, so you get a white card without any private data? so how can that turn into full blown surveillance system? The only thing I don’t like is uploading my ID online to the app, let me get verified by showing my ID to municipal services without uploading it, would be good ig
Oh man, so much superficial stuff there.
For starters you did not answer my main question: How exactly does any of this stop the authorities from just making the app close source and changing it to do whatever the fuck they want?
Next “recognized child safety organizations” just moves the problem of “who choses what gets blocked” around. Who “recognizes” an organisation as genuinelly for child safety? Who authorizes them to add photo-hashes to the blockchain? What is the official process for all of that? Where is the Judicial oversight? Where is the fucking Judicial oversight? You know, the way by which for example an artist can get their tasteful drawing which is not adult but “had too much skin” for some moralistic type in one of those organisations taken of the blockchain.
Further: Who gives you the “white card without any private data”? How do you for sure it doesn’t have some kind of ID and it’s not in some database right linked with your personal info?
“Also, who gets to chose which sites are locked behind age-gates and which are not. Is the list open? Can it be appealed? How easy it is the appeals process? Is there Court supervision of the whole process or is it some people in a closed room with no Judicial oversight choosing what gets put behind that lock and what doesn’t.”
Child safety organizations? Independent organizations with clear criteria or something? But yeah good questions idk
Again, PROCESS. Who approves anybody to oversee this? What power do they those people have? What’s the process to reverse bad decisions?
Further, you can hardly reconstruct the picture for validation from the hashes in blockchain, so it’s not really public, now is it?! The hashes are public but the content represented by them is not, so de facto the list of what’s being blocked is not public, so how would the public know that it’s actually correct and not, say, some moralist blocking sex-education images?
I mean a very common trick by politicians in areas prone to Corruption, such as public contracts or public-private initiatives is to set some shit up with potential to abuse and then a toothless or captured “independent” overseer - it provides the appearence of honesty whilst in practice being the very opposite.
Further, your answer is again superficial. “Child safety organisations”? Meaningless without a detailed definition of what’s considered child safety, how they’re overseen to actually abide by such definition rather than say, being moralists or well-meaning but incompetent amateurs. If I was to proclaim to the Estonian Authorities that “I’m a ‘child safety organisation’” would they just let me put whatever I wanted on that blockchain? Dive beyond the surface with even the minimum analysis of the problem space and, as usual, the devil is in the details.
This isn’t just a technical problem, it’s a process problem and a regulatory problem - if this is not done properly whatever technical appearence of anynomity you have can be defeated by the process side of things (like having a record somewhere linking that “anonymous” white card with you or whatever state sanctioned app mandated to run in your devices being turned closed source and changed to covertly track you) and that applies not just on the user side but also the lists side of things (how the sites to block are chosen can be abused to block people from seeing things which are not adult but rather political) and the server side of things (as in, is there any software the sites have to run and what independent oversight is there for what it does).
Tech does not work in a vacuum and is not the whole system by itself - it exists in a human context, not least because it’s done by people (or at least in accordance to the specifications of people if you’re vibe coding it), it’s installed or distributed by people, it gets data that ultimatelly comes from people, and it’s use by people - there is literally no point in tech that does not in some way affect or is affected by people - and thus tech can be abused and subverted by the human/process side of things. This is why good hackers also use social hacking - because you can subvert tech via the human side.
So the bits that have to be protected for this to not just do what it’s claimed by people that it’s supposed to do (and to keep on doing it even when bad actors get a hold of it), extend all the way to the process side of things and into things like Judicial oversight (because any human process that’s not overseen by a powerful independent entity gets abused sooner or later). And, guess what, all of that if far heavier than a pie in the sky list of tech fads.
My core concern is that a technical infrastructure of mandatory government software in people’s devices (which is a requirement of this, otherwise there’s nothing there to stop children from acessing whatever the fuck has hashes in that blockchain), once in place can be abused, and as we’ve already seen in Europe, Democracies can and do turn into Fascism at any point and Fascists just love to have an infrastructure in place that can easilly be changed (just push an updated version down) to, say, eavesdrop on people or block everybody from accessing specific political content.
Thank you for your service, kind lemmy-goer
Palantir is very active in Europe. They’ll do their darndest to make surveillance states happen.
Too late, they’re all in on the derp, as well.
I mean how many times is Chat Control going to come up? It’s their own KOSA, some “protect the children” lie by a bunch of Epstein Class pedos who want to track and profile everything about everyone.
How is this enforceable?
I think this is one if those laws where they get to selectively choose who to prosecute.
…everyone is always a criminal so those in charge can do whateverthefuck they want with little regard for actual laws.
Were it me…
Wireguard is too obvious, so, Yggdrasil to an out of state or ideally country VPS, VPS to, you name it, tor, ygg, i2p, “the works”.
but, this makes the barrier to entry that much higher. Any public TOR relay is an instant breach of the law and provable if the target IP is identified as one, and most could very easily be. One would need to go private, on their own hardware.
I think this is one if those laws where they get to selectively choose who to prosecute.
Like every law.
Over the course of the last decade, each year has seen an average of 2,685 new laws - the equivalent of almost seven and a half a day or one every three-and-a-quarter hours
https://www.theguardian.com/politics/2007/jun/04/houseofcommons.uk
This was in 2007 in the UK. But I imagine it’s much the same in the US. Literally impossible for anybody to follow every law, but that doesn’t matter because as you say they’re selectively enforced
The EFF warned that the legal risk could push sites to either ban all known VPN IPs or mandate age verification for every visitor globally.
This is the goal.
deleted by creator
Could they not also just selectively ban all Utah-based IPs?
People in Utah could still access with a VPN, but never would, because that would be against the law.
Why is a company or person that doesn’t exist physically in Utah at all responsible for adhering to Utah’s laws? Should be their government’s responsibility to block sites, not the site’s responsibility to block Utah.
Jurisdiction follows impact, not geography. If a service ‘does business with’ Utah residents then Utah has legal standing to regulate that interaction.
If someone comes from Utah to my state and then I break one of Utah’s laws against them, does that mean I’m subject to Utah’s laws? They aren’t doing business in Utah. People in Utah are doing business with them.
I don’t have any way to prevent access to my site based on what laws you’re subject to. Nor do I have any desire to learn 52 states worth of individual laws that may or may not apply to me. I didn’t wire your computer up to the internet, you did that.
They aren’t doing business in Utah. People in Utah are doing business with them.
In the law, those are mutually exclusive. If either end of the transaction is in Utah, it is under Utah jurisdiction.
I don’t have any way to prevent access to my site based on what laws you’re subject to.
If you’re hosting an online business you do have the ability to block users based on location.
Nor do I have any desire to learn 52 states worth of individual laws that may or may not apply to me. I didn’t wire your computer up to the internet, you did that.
I would advise not running an online business then, because the law around jurisdiction and the Internet is well settled.
Geofencing is not trivial, cheap, or even reliable. Are there any cases of sites being legally required to geofence or do they all do it to preemptively avoid legal issues? I’ve only ever seen the latter.
I’m not trying to argue what is or isn’t the current state of law around this; I’m pointing out the absurdity of enforcing it this way and the strange way it’s being used to backdoor state laws into federal ones. This is extremely stupid from a technical, and legislative standpoint.
Can’t they argue they “did business with” someone in whatever jurisdiction the VPN IP address is located? And then the Utah resident moved whatever digital goods or content from that location into Utah? So it’s the Utah resident who brought the contraband into Utah, not the website?
Can’t they argue they “did business with” someone in whatever jurisdiction the VPN IP address is located?
Yes, that’s why VPNs work for evading geo-blocking.
This law creates a liability trap by explicitly saying that they cannot claim ignorance and are liable as as long as the State can prove that the user was physically located in the EU.
The only way to effectively comply with the law is to implement universal age verification of all users, regardless of location. This is the actual goal, the law in this article is specifically designed to remove the VPN dodge.
I don’t see how they are going to prove that though. The website is going to say they sent the packets to someone in Russia (or wherever the vpn is.) My point is, I don’t even see how they can selectively enforce this.
Then why won’t the US let other countries do digital services taxes.
They can’t have it both ways.
The same reason that sites like Anna’s Archive and The Pirate Bay exist.
State and Federal laws don’t apply to other countries without an explicit treaty or agreement where a country agrees to enforce those laws on behalf of the other.
Utah could issue fines for a foreign company but they would have no way to collect because the company doesn’t own any assets in any location that would be required to follow a court order to seize their assets.
So, what you’re saying is this law will encourage setting up shop somewhere without reciprocal agreements, which will encourage countries to lapse said agreements, weakening US soft power yet more.
Sounds like a win.
Shame so many of the world’s governments have a hard on for de-anonymizing the internet though.
Utah can charge me with whatever the fuck they want. If I’m not in Utah or doing business with Utah and ignore them what are they doing to do about it?
If China decides my posts are a crime because one of their citizens might see it I am in no way obligated to go to China to defend myself or pay their fines.
Utah can charge me with whatever the fuck they want. If I’m not in Utah or doing business with Utah and ignore them what are they doing to do about it?
If you live in the US then the Full Faith and Credit Clause of the U.S. Constitution, which is enforced with under 28 U.S.C. § 1738, requires that all states recognize and enforce valid final judgements from sister states.
If Utah sues you for violating this law you could show up to court to contest the case or they would win a default judgement.
After the State had a judgement they could seek a writ of execution or writ of garnishment to seize your wages or put liens on your properties.
If you don’t live in the US, and don’t plan to ever work or own property in the US then you’re functionally immune to such judgements.
So the US continues to encourage businesses to operate elsewhere. Tired of winning yet?
Why is a company or person that doesn’t exist physically in Utah at all responsible for adhering to Utah’s laws?
This line of thinking is dangerous as it allows companies to disregard any sane legislation as long as their servers are located in a “safe” place. A large portion of websites accessible from Canada are served from US servers, for example. American companies ignoring Canadian laws because they don’t have Canadian-based servers would be a nightmare
If a company makes any money off users in a geographic area (which includes ad view revenue), they have to follow the rules there which is a GOOD thing - even if it’s ridiculous in this case
Also endorsing governments selectively blocking websites is just bad for obvious reasons
Allowing individual states the ability to dictate laws for the entire country is even more dangerous, for the non-hypothetical reasons we are currently experiencing.
And what you’re describing is exactly what happens with international websites. Its why you can go find tons of websites with open media piracy being hosted in Russia. Are parties in Russia now subject to US laws?
This would be easier than banning VPNs wholesale.
Could they not also just selectively ban all Utah-based IPs?
No. Because VPNs redirect traffic from the site to a third party to Utah, in order to disguise the location of the original request
In Hungary, we have a term “impossibilization”, used to describe laws that are not technically banning things, but making them near impossible to do. The christofascists of the US want to ban porn without actually banning porn, because that pesky constitution doesn’t allow it yet.
Likely.
site traffic gets cut by 30%
“How could this have happened?”
Seems like it’s the first step in transferring control of the internet to the government.
Step 1 to China/Russia/Iran level internet?
They tried in Russia and electronic payment terminals, that use a VPN, stopped working.
The government? Whoever is the highest bidder for all the data being gathered. Probably Palantir, as ever.
It’s not, it’s an add-on for shifting liability after the fact. Basically, if a site gets dinged as being part of showing some youth something truly evil, like confirming the existence of LGTBQI+ people on earth, then if the youth used a VPN, somehow the site is to blame. And likely fines come into play.
It’s like if a person that’s 19 buys alcohol with a fake ID in Utah - the liability is still on the place that unknowingly sold the liquor. It’s probably based on the same lack of logic.
every website will start blocking VPN IPs, more so than what some already do, which is exactly what these cunts want
So then something else will be found that yields a degree of anonymity, that is the game we all play. They sell us security which tastes like totalitarianism and we respond with compliance which smells like subversion.
This will be be one of those that they use to tag onto your allegedly illegal activities. Probably a larger penalty but a secondary infraction that can be painful. They just need reason.
I think you can equate it to if you were pulled over for speeding, and they noticed a busted taillight which makes the fine larger. They can’t pull you over for a busted taillight alone but they can add those fees on and wow do they add up.
They can pull you over for a busted tail light.
They can pull you over for a tail light that isn’t broken.
Source: happened to me a couple times. Small town cops hate out of state plates.
Depends just how willing you are: demand domestic websites block any non residential IPs and report any attempted or even successful VPS connections, allow only registered businesses to operate VPNs, use government shipped mobile apps to detect people’s network configs/installed apps/private and public IPs, block any known VPN IP ranges, use DPI to block VPN protocols and detect unusual traffic, allow access only to a select list of domains and IP addresses, etc. There’s a myriad of ways to enforce this, but in the US they will need a few years to set up the hardware necessary to do it, that’s the one thing the US has going for it. Sleep on it, though? You will wake up to intranet in 10 years.
If they start looking into your stuff for any reason, and suspect that a user connected to your site through a VPN, you’re in.
It doesn’t have to be true to begin with. And it doesn’t have to be enforced at scale, only when needed.
Only if wanted, more like.
It’s not.
To date, the only countries that have made progress in blocking VPN traffic with some success are authoritarian regimes with ISP-level surveillance.
You know you’re on to something when the only playbook you can find was written by the Chinese government.
The horseshoe theory of mass surveillance
I don’t think it’s has anything to do with a horseshoe when they are just becoming a dictatorship as well. It’s just a line at that point.
Even the Chinese government struggles tracking people using VPN’s, Utah is in for a rude awakening.
I was under the impression that China sorted of allows it so that people travelling for business can still access everything they’re used to
Remember when we told people “they’ll make it illegal to use a VPN” and we got snarky replies like “it’s not enforceable LOL”.
The fuck it isn’t. Traffic coming from a VPN? That’s a paddlin’, kiddo.
They’re not even trying to masquerade it as… oh, yes, they’re still trying to masquerade as a “think of the children!” measure. Those fuckers.
and we got snarky replies like “it’s not enforceable LOL”.
Not being enforceable hasn’t stopped a lot of bad laws from being enacted.
My housing complex has a 10km/hr speed limit, it is completely unenforceable (police aren’t going to put in a speed trap or monitor a road inside a housing complex). Doesn’t stop people getting all upset because they’re sure someone was going 15.
People can use this to look like local traffic.
This seems a bit sketchy to me. How am I getting paid for participating when it’s completely free?
https://docs.ur.io/economic-model/economic-model
Their economic model comes from premium subscriptions. Its free to use with a data cap.
deleted by creator
So what legally protects a provider from prison if users view illegal content via my network?
deleted by creator
Reminds me of the guy who got his home raided and electronics seized for running a Tor exit node.
https://www.zdnet.com/article/austrian-man-raided-for-operating-tor-exit-node/
Seems risky and a huge legal hassle even if you don’t end up in prison.
Exactly why the for project recommends doing exactly not that.
The problem for most users is: they actually want to look like traffic from somewhere else…
I meant to say residential traffic of whatever country they connect to instead of a data center.
it seems very unsafe
Their software is open source.
that doesn’t mean it’s safe though
looks sketchy af
agentic browser ew
corporate ew
real trustworthy privacy/security/anonymization/decentralization software is libre, open source, non-corporate, an unpaid not-for-profit free-time project that never makes use of any money, decentralized with no official host, and most importantly made by trans anarchist catgirls who use obscure operating systems
This is like holding a car manufacturer liable when a teenager drives to a liquor store and uses a fake ID.
Or holding the liquor store liable when a person with a real ID drives to the store in a stolen car
More holding the liquor store liable, which is what already happens.
Age verification is a red line. I will not comply
If I were a lawyer arguing against the law in court, my primary argument would be that this violates the interstate commerce section of the US Constitution.
looks at the scotus playbook
yeah that falls in between ‘nuhh uh’ and ‘don’t care’.
only problem is, it’s gonna get upheld 6-3
But spoofing a phone number and harassing me all day isn’t worth solutioning. This Gov. is not representing us.
