Utah first state to hold websites liable for users who mask their location with VPNs — law goes into effect, designed to prevent bypassing age checks
1d 22h ago by lemmy.world/u/LuminousLuddite in technology from www.tomshardware.com
Senate Bill 73 holds websites liable for users who mask their location.
Web services and websites should block all Utah IP addresses and redirect to page explaining that because they cannot tell who's using a VPN, their only option is to block all of Utah.
Yes, I understand how dumb that is, but sometimes you have to fight stupid with stupider.
Porn sites have been doing that for years now.
And that's exactly what they want.
They don't want every website to do it though.
I like the thought, but it won't work. The big websites won't be willing to lose money they don't have to, and like ID laws that give them reasons to extract more data from users anyway.
Its easier to implement and less crazy than blocking VPNs. It also pushes back on other jurisdictions doing the same. I'd be amazed if this isn't what happens.
They actually want to avoid the liability of storing someone’s id.
The government wants to make these things illegal, but they also want to track every person on the internet through their government ID, so they create the problem (age restriction and id checks) because they have the planned solution: digital id for every computer!
Do you have your computer license? Do you? You think the internet is a psy-op and Big Brother’s watching you? Just wait until a government admin message pops up on your screen because you visited the wrong website.
You’re getting fined for spreading misinformation or receiving a letter for libel due to some offhand tweet about some famous person. Don’t worry about receiving a notice in the mail, if you have a printer they’ll make it print your ticket for you immediately.
You don’t thing an extra 10,000 words in the EULA won’t absolve them of liability for ID theft?
Actually, the existing EULAs probably already do.
Indeed. ID laws are a wet dream of Meta and the like. Both because it gives them the unique ID the always wanted and because it is easier for them to comply than small upstarts.
Your right, but I can imagine what it would be like, and that's something.
Big websites will only have to do it for a little while though, a month perhaps. If suddenly Utah can't reach youtube or Netflix... Constituents will complain, the citizens simply won't have it, and then the legislators have a problem.
I might not underestimate how much big tech companies hate this too. They are pretty famous about despising all regulation of their space. I wouldn’t put it past them to block a backwater like Utah.
They don’t want every website to do it
Are you sure?
Web services and websites should block all Utah IP addresses and redirect to page explaining that because they cannot tell who’s using a VPN, their only option is to block all of Utah.
But VPN users using a VPN outside of Utah will still get through.
What Utah (and likely other dumb states soon) are trying to do is to force age verification worldwide through a state law, forcing websites to verify the age of every user from anywhere, because any user who accesses the site from anywhere in the world might possibly be someone in Utah using a VPN.
I understand.
Which is why I'm suggesting they preemptively block everyone in Utah. Protesting needs to inconvenience people and good protests redirect that anger towards those in power.
"Utah's new law us makes us legally liable for providing our services to residence in Utah using a VPN. As that is not technically possible, we have no choice but to cease operating in Utah, or allowing Utah residents to use our services."
But whether or not that particular strategy would be an effective from a protest, is a moot point, as big tech is behind these types of age verification and use identification laws, and those are the only websites and services with a large enough user base to make a difference here.
Which is why I’m suggesting they preemptively block everyone in Utah.
Pornhub and other porn sites already do this.
They would still be liable for transmitting content to a Utah resident using a VPN to appear as though they were in neighboring Arizona.
That just means that people in Utah would need to use a VPN to access those sites.
Which is hilarious, and a predictable result when your legislature is mostly filled with people who could've retired decades ago...
Even worse, that would not necessarily help. If someone's accessing your website through a VPN that's not located in that state, you would not block it… then become liable.
Better block everything at this point -_-
The great firewall of Utah, all your pron must be inspected by government officials prior to delivery...
Web services and websites should block all Utah IP addresses
That won't work on a VPN, though. The VPN will say the user is coming from outside the state. That's the whole point of the VPN.
right, meaning everybody will need to get a VPN, defeating the purpose of the law
So you're saying we should blockade the blockade? /s
It's actually quite trivial to detect most VPN providers. There's publicly available IP lists
https://ipinfo.io/tools/vpn-providers-detected
Many VPN providers regularly rotate their IP ranges.
Regardless, that wouldn't reveal to a website where the traffic was originating from.
wouldn't reveal to a website where the traffic is coming from
that's... exactly the point here. If you're connecting thru a VPN then the web site is supposed to ID you because you might be circumventing their local ID laws.
I was replying specifically to your comment...
"It's actually quite trivial to detect most VPN providers. There's publicly available IP lists..."
None of that has anything with what I'm suggesting, or why I suggested it.
I've explained the rationale in other comments, but this is an action of protest, not a technical response or workaround to the law.
If Utah passed the stupid law, you have to inconvenience Utah voters, and to do that, websites should block all Utah IP addresses. Making clear to their users that due to the new regulatory framework, they're no longer doing business in Utah.
If that upsets people in Utah, they can reach out to their representatives to ask why they voted to ruin the internet in Utah.
you originally said
they cannot tell who's using a VPN
I was replying to that specific statement only. Lists of IP ranges are updated regularly and publicly available. Web sites hosted in Utah will have to make use of them to ID check visitors to comply.
I agree with you that web sites hosted outside of Utah should just block Utah IP addresses with a "contact your representative" message."
No, the better solution is for sites that age verification is pointless to block Utah. If you make a mobil app check the GPS or IP and disabl the app if they are in Utah. People should go on sites like Yelp in mass and put down votes on every establishment in Utah so that ths site becomes useless for anyone in Utah. Pretty much just destroy all tech and internet for all things Utah.
With a button saying "Actually, I'm using a VPN so it looks like I'm in Utah but I'm actually not." that gives you access
Yes, I understand how dumb that is
i don't think you do. residents of utah don't have to use vpn with endpoint in utah, so in order for your "gotcha" to work, they would have to block whole world. since most people will choose endpoint far from them, it would probably be enough to block anything but utah...
That's the point....
It would be protest against Utah's dumb law, with an even dumber response, that's designed specifically to inconvenience people in Utah.....
so you would bully the people being bullied by this law to protest the law that bullies them? well that would show them!
Unless you are willing to admit that Utah is a dictatorship, then yes "bullying" the people is very appropriate.
This is an issue with american thinking, the sanctity of normality. You think doing anything that effects the every person is somehow off limits, you think the daily life of the people is unassailable. Its the same nonsense over and over across everything and I think why americans always talk about how "nothing can be done" about any issue that comes up. The us of a is flying off a cliff in multiple ways but americans will put up with it as long as they don't notice a change in their daily life.
It is why you are all ok with war, right up until the gas price goes up.
It is why you are all ok with losing liberties, right up until it effects you personally.
It is why you are all ok with your media and entertainment pushing usa #1 bullshit that always ends up "back to normal", right up until you can't ignore reality.
It is why you are all ok with a clearly broken and non democratic system, right up until nether party is able to guarantee your lifestyle.
It is why you are all ok with draconian "purity" laws being put into place, right up until sites you like to use realize that Utah is not worth the work to be there.
hey doc, here is one who forgot to take their pills!
This is an issue with american thinking
You think doing
it is why you are all ok with
it is why you are all ok with
it is why you are all ok with
it is why you are all ok with
it is why you are all ok with
you do know there are people in the world that are not americans, right?
“bullying” the people is very appropriate.
no, it is not. once you are done with this tantrum, i suggest to talk to a mental health professional and ask them for explanation.
no, it is not. once you are done with this tantrum, i suggest to talk to a mental health professional and ask them for explanation.
Yes, it is. You americans will get to see the results of your madness first hand over the next few years, there is no "tantrum" over it, just the explanation of the consequences you are all facing from thinking you are special.
"Nah bro ya crazy"
“The people being bullied” lol, they are called voters and they voted for the government that does this. Americans can fuck right off with their victim mentality. Go fix your shithole country instead
I think you're confused on the concept of protesting.
Or maybe you're just a fan of this law, or don't think it's a big deal.
Either way, I disagree.
Americans not understanding how to protest? Surely not.
yes, it would. their elected officials did this.
“You can’t punish the voters for the things the people they voted for did!”
How is this enforceable?
I think this is one if those laws where they get to selectively choose who to prosecute.
..everyone is always a criminal so those in charge can do whateverthefuck they want with little regard for actual laws.
I think this is one if those laws where they get to selectively choose who to prosecute.
Like every law.
Over the course of the last decade, each year has seen an average of 2,685 new laws - the equivalent of almost seven and a half a day or one every three-and-a-quarter hours
https://www.theguardian.com/politics/2007/jun/04/houseofcommons.uk
This was in 2007 in the UK. But I imagine it's much the same in the US. Literally impossible for anybody to follow every law, but that doesn't matter because as you say they're selectively enforced
Were it me...
Wireguard is too obvious, so, Yggdrasil to an out of state or ideally country VPS, VPS to, you name it, tor, ygg, i2p, "the works".
but, this makes the barrier to entry that much higher. Any public TOR relay is an instant breach of the law and provable if the target IP is identified as one, and most could very easily be. One would need to go private, on their own hardware.
The EFF warned that the legal risk could push sites to either ban all known VPN IPs or mandate age verification for every visitor globally.
This is the goal.
Could they not also just selectively ban all Utah-based IPs?
People in Utah could still access with a VPN, but never would, because that would be against the law.
Why is a company or person that doesn’t exist physically in Utah at all responsible for adhering to Utah’s laws? Should be their government’s responsibility to block sites, not the site’s responsibility to block Utah.
Jurisdiction follows impact, not geography. If a service 'does business with' Utah residents then Utah has legal standing to regulate that interaction.
Can’t they argue they “did business with” someone in whatever jurisdiction the VPN IP address is located? And then the Utah resident moved whatever digital goods or content from that location into Utah? So it’s the Utah resident who brought the contraband into Utah, not the website?
Can’t they argue they “did business with” someone in whatever jurisdiction the VPN IP address is located?
Yes, that's why VPNs work for evading geo-blocking.
This law creates a liability trap by explicitly saying that they cannot claim ignorance and are liable as as long as the State can prove that the user was physically located in the EU.
The only way to effectively comply with the law is to implement universal age verification of all users, regardless of location. This is the actual goal, the law in this article is specifically designed to remove the VPN dodge.
I don’t see how they are going to prove that though. The website is going to say they sent the packets to someone in Russia (or wherever the vpn is.) My point is, I don’t even see how they can selectively enforce this.
I don’t see how they are going to prove that though. The website is going to say they sent the packets to someone in Russia (or wherever the vpn is.)
They don't have to.
What the law does is remove the ability for the company to apply the defense 'I knew they were located in Russia'.
The State only has to prove two elements 1. The person was physically in Utah and 2. That they did business.
This law makes it so that there is no 'I didn't know' defense.
My point is, I don’t even see how they can selectively enforce this.
A State investigator makes an account, uses a VPN, and 'does business with' the site.
When they bring the case to court. The site is guilty because they can prove that the investigator was in Utah and that they did business with the site.
States love to do this, they remove the mens rea (guilty mind) element so that you're guilty regardless of your knowledge or intent.
If someone comes from Utah to my state and then I break one of Utah's laws against them, does that mean I'm subject to Utah's laws? They aren't doing business in Utah. People in Utah are doing business with them.
I don't have any way to prevent access to my site based on what laws you're subject to. Nor do I have any desire to learn 52 states worth of individual laws that may or may not apply to me. I didn't wire your computer up to the internet, you did that.
They aren’t doing business in Utah. People in Utah are doing business with them.
In the law, those are mutually exclusive. If either end of the transaction is in Utah, it is under Utah jurisdiction.
I don’t have any way to prevent access to my site based on what laws you’re subject to.
If you're hosting an online business you do have the ability to block users based on location.
Nor do I have any desire to learn 52 states worth of individual laws that may or may not apply to me. I didn’t wire your computer up to the internet, you did that.
I would advise not running an online business then, because the law around jurisdiction and the Internet is well settled.
Geofencing is not trivial, cheap, or even reliable. Are there any cases of sites being legally required to geofence or do they all do it to preemptively avoid legal issues? I've only ever seen the latter.
I'm not trying to argue what is or isn't the current state of law around this; I'm pointing out the absurdity of enforcing it this way and the strange way it's being used to backdoor state laws into federal ones. This is extremely stupid from a technical, and legislative standpoint.
I agree that it is absurd.
The goal here is to force sites to do age verification.
Creating absurd laws where the only possible way to not be held liable is to implement the age verification requirements regardless of the apparent source of the traffic is the tactic that they've chosen.
Then why won’t the US let other countries do digital services taxes.
They can’t have it both ways.
The same reason that sites like Anna's Archive and The Pirate Bay exist.
State and Federal laws don't apply to other countries without an explicit treaty or agreement where a country agrees to enforce those laws on behalf of the other.
Utah could issue fines for a foreign company but they would have no way to collect because the company doesn't own any assets in any location that would be required to follow a court order to seize their assets.
So, what you're saying is this law will encourage setting up shop somewhere without reciprocal agreements, which will encourage countries to lapse said agreements, weakening US soft power yet more.
Sounds like a win.
Shame so many of the world's governments have a hard on for de-anonymizing the internet though.
The EU is doing ID verification too, it's essentially bifurcating the Internet into the new 'We know exactly who you are' Internet and the old, possibly soon to be outlawed, wild wild west Internet that we're on today where you can remain pseudoanonymous.
Yup, and something of value (especially to free speech) is being lost. My hope is "The Net interprets censorship as damage and routes around it." - John Gilmore, still applies when enough governments go at it.
Utah can charge me with whatever the fuck they want. If I'm not in Utah or doing business with Utah and ignore them what are they doing to do about it?
If China decides my posts are a crime because one of their citizens might see it I am in no way obligated to go to China to defend myself or pay their fines.
Utah can charge me with whatever the fuck they want. If I’m not in Utah or doing business with Utah and ignore them what are they doing to do about it?
If you live in the US then the Full Faith and Credit Clause of the U.S. Constitution, which is enforced with under 28 U.S.C. § 1738, requires that all states recognize and enforce valid final judgements from sister states.
If Utah sues you for violating this law you could show up to court to contest the case or they would win a default judgement.
After the State had a judgement they could seek a writ of execution or writ of garnishment to seize your wages or put liens on your properties.
If you don't live in the US, and don't plan to ever work or own property in the US then you're functionally immune to such judgements.
So the US continues to encourage businesses to operate elsewhere. Tired of winning yet?
So the US continues to encourage businesses to operate elsewhere. Tired of winning yet?
That argument only works if there are significant markets where a country could choose to operate that wouldn't impose the same verification restrictions.
As of today a large amount of countries, representing around 4.5 billion people including the largest economies in the world are pushing for some sort of age verification requirement.
You could choose to operate outside of these countries but you would only find a small, and poor, market. The countries pushing for this kind of identity verification account for the majority of the world's GDP.
So, as it stands, unless you want to operate an e-commerce business serving Gabon and Congo, you would probably be forced to comply with a law similar to the one in Utah.
As of today a large amount of countries, representing around 4.5 billion people including the largest economies in the world are pushing for some sort of age verification requirement.
But that does not mean they are also pushing laws that hold the website responsible if someone connects through a VPN.
The fact that a VPN can violate these laws is a well-known issue and it is being attacked from various angles depending on the country.
They may not all be using a liability trap like Utah but it isn't as if the rest of the world are passing similar age verification laws and accepting that anybody who can download and install a VPN can ignore the law.
Why is a company or person that doesn’t exist physically in Utah at all responsible for adhering to Utah’s laws?
This line of thinking is dangerous as it allows companies to disregard any sane legislation as long as their servers are located in a "safe" place. A large portion of websites accessible from Canada are served from US servers, for example. American companies ignoring Canadian laws because they don't have Canadian-based servers would be a nightmare
If a company makes any money off users in a geographic area (which includes ad view revenue), they have to follow the rules there which is a GOOD thing - even if it's ridiculous in this case
Also endorsing governments selectively blocking websites is just bad for obvious reasons
Allowing individual states the ability to dictate laws for the entire country is even more dangerous, for the non-hypothetical reasons we are currently experiencing.
And what you're describing is exactly what happens with international websites. Its why you can go find tons of websites with open media piracy being hosted in Russia. Are parties in Russia now subject to US laws?
This would be easier than banning VPNs wholesale.
Could they not also just selectively ban all Utah-based IPs?
No. Because VPNs redirect traffic from the site to a third party to Utah, in order to disguise the location of the original request
In Hungary, we have a term "impossibilization", used to describe laws that are not technically banning things, but making them near impossible to do. The christofascists of the US want to ban porn without actually banning porn, because that pesky constitution doesn't allow it yet.
Likely.
site traffic gets cut by 30%
"How could this have happened?"
Seems like it’s the first step in transferring control of the internet to the government.
Step 1 to China/Russia/Iran level internet?
They tried in Russia and electronic payment terminals, that use a VPN, stopped working.
The government? Whoever is the highest bidder for all the data being gathered. Probably Palantir, as ever.
It's not, it's an add-on for shifting liability after the fact. Basically, if a site gets dinged as being part of showing some youth something truly evil, like confirming the existence of LGTBQI+ people on earth, then if the youth used a VPN, somehow the site is to blame. And likely fines come into play.
It's like if a person that's 19 buys alcohol with a fake ID in Utah - the liability is still on the place that unknowingly sold the liquor. It's probably based on the same lack of logic.
every website will start blocking VPN IPs, more so than what some already do, which is exactly what these cunts want
So then something else will be found that yields a degree of anonymity, that is the game we all play. They sell us security which tastes like totalitarianism and we respond with compliance which smells like subversion.
This will be be one of those that they use to tag onto your allegedly illegal activities. Probably a larger penalty but a secondary infraction that can be painful. They just need reason.
I think you can equate it to if you were pulled over for speeding, and they noticed a busted taillight which makes the fine larger. They can’t pull you over for a busted taillight alone but they can add those fees on and wow do they add up.
They can pull you over for a busted tail light.
They can pull you over for a tail light that isn't broken.
Source: happened to me a couple times. Small town cops hate out of state plates.
Depends just how willing you are: demand domestic websites block any non residential IPs and report any attempted or even successful VPS connections, allow only registered businesses to operate VPNs, use government shipped mobile apps to detect people's network configs/installed apps/private and public IPs, block any known VPN IP ranges, use DPI to block VPN protocols and detect unusual traffic, allow access only to a select list of domains and IP addresses, etc. There's a myriad of ways to enforce this, but in the US they will need a few years to set up the hardware necessary to do it, that's the one thing the US has going for it. Sleep on it, though? You will wake up to intranet in 10 years.
If they start looking into your stuff for any reason, and suspect that a user connected to your site through a VPN, you're in.
It doesn't have to be true to begin with. And it doesn't have to be enforced at scale, only when needed.
Only if wanted, more like.
It's not.
To date, the only countries that have made progress in blocking VPN traffic with some success are authoritarian regimes with ISP-level surveillance.
You know you're on to something when the only playbook you can find was written by the Chinese government.
The horseshoe theory of mass surveillance
I don't think it's has anything to do with a horseshoe when they are just becoming a dictatorship as well. It's just a line at that point.
Even the Chinese government struggles tracking people using VPN’s, Utah is in for a rude awakening.
I was under the impression that China sorted of allows it so that people travelling for business can still access everything they're used to
These aren't "age checks"...it's identity tracking.
Absolutely! Journalists really need to start describing these as what they are rather than the marketing term. It is much more accurate to call them "ID Checks" or something like that.
Remember when we told people "they'll make it illegal to use a VPN" and we got snarky replies like "it's not enforceable LOL".
The fuck it isn't. Traffic coming from a VPN? That's a paddlin', kiddo.
They're not even trying to masquerade it as… oh, yes, they're still trying to masquerade as a "think of the children!" measure. Those fuckers.
and we got snarky replies like "it's not enforceable LOL".
Not being enforceable hasn't stopped a lot of bad laws from being enacted.
My housing complex has a 10km/hr speed limit, it is completely unenforceable (police aren't going to put in a speed trap or monitor a road inside a housing complex). Doesn't stop people getting all upset because they're sure someone was going 15.
https://ur.io/
People can use this to look like local traffic.
This seems a bit sketchy to me. How am I getting paid for participating when it's completely free?
https://docs.ur.io/economic-model/economic-model
Their economic model comes from premium subscriptions. Its free to use with a data cap.
So what legally protects a provider from prison if users view illegal content via my network?
Reminds me of the guy who got his home raided and electronics seized for running a Tor exit node.
https://www.zdnet.com/article/austrian-man-raided-for-operating-tor-exit-node/
Seems risky and a huge legal hassle even if you don't end up in prison.
Exactly why the for project recommends doing exactly not that.
The problem for most users is: they actually want to look like traffic from somewhere else...
I meant to say residential traffic of whatever country they connect to instead of a data center.
it seems very unsafe
https://github.com/urnetwork
Their software is open source.
that doesn't mean it's safe though
looks sketchy af
agentic browser ew
corporate ew
real trustworthy privacy/security/anonymization/decentralization software is libre, open source, non-corporate, an unpaid not-for-profit free-time project that never makes use of any money, decentralized with no official host, and most importantly made by trans anarchist catgirls who use obscure operating systems
This is like holding a car manufacturer liable when a teenager drives to a liquor store and uses a fake ID.
Or holding the liquor store liable when a person with a real ID drives to the store in a stolen car
More holding the liquor store liable, which is what already happens.
Age verification is a red line. I will not comply
If I were a lawyer arguing against the law in court, my primary argument would be that this violates the interstate commerce section of the US Constitution.
looks at the scotus playbook
yeah that falls in between 'nuhh uh' and 'don't care'.
only problem is, it's gonna get upheld 6-3
The pedophile class has the audacity to dictate access to a utility under the guise of protecting the children
Get a list of every dumbass politician who voted this through, and access their campaign websites through a VPN from a computer in Utah. Boom.
Self owned.
Politicians will be exempt. That ain't that stupid.
They didn't write this law, the lobbyists did.
That is probably true. But the lobbyists have no power to actually make the law. And the politicians to do have the power to sell a law for enough money. But they are not as stupid as many here think. They will somehow be exempt from prosecution.
But spoofing a phone number and harassing me all day isn't worth solutioning. This Gov. is not representing us.
More ways to control our lives and track our movements.
"Party of small government".
Personally, I would stop using any site that did this. We all know nothing matters in this country but money. Companies stop making as much, they'll get legislation changed.
I'm so weary of everything getting a little bit worse every day.
I'm sure we all used to be excited about the future of the internet but now it's just shit.
I used to see technology as our only hope and now I dread the new hells we're creating.
I'm glad I at least got to enjoy the golden age of the internet before enshittification started to infect everything.
I get the sentiment, and I'm right there with you about the erosion of our rights every day being very exhausting.
The trick is to never stop being mad about things like this, because complacency is how they win.
The stupidity of these lawmakers is beyond wild. How the fuck is this real?
I have a similar idea, let's prosecute the police when they fail to catch criminals and punish them instead. A killer got away? Death penalty for the police officer in charge. That will make the killers think twice!
Or even better, let's prosecute politicians when their laws backfire and do more damage than good.
I bet you a dollar that all of them are technologically illiterate.
It's not just that, it's that they don't care. People keep assuming it's solely based on a lack of knowledge but the real point is establishing consequences to prevent the things that can't fight it from existing to begin.
They'll decline to go after the websites they as lawmakers use themselves, but will instead hit up independent things that can't afford to fight back and will just close when contacted.
i mean, how are we defining tech illiteracy? they have heard of the twitter, okay?
I think politicians have special law right to avoid that consequences of their actions.
Citizens also have special action that leds them bypass laws.
It's called anarchy to some, and full-on revolution to others.
Utah flexing those evil Mormon muscles huh? Well get bent Utah and get fucked Mormons.
You've added an extra 'm' to a couple words there.
Me: Ormon uscles? Huh? .... Oh right 😅
The second m is silent.
😂 😂 😂 😂 😂 😂 I love yall
from now on i will joke-censor mormons as mor*ons
It's literally going to be easier for websites to just block all Utah IPs and Geolocations.
I’m ok with blocking Utah from the internet. That’s a sacrifice I’m willing to make
But that doesn't fix this. If someone actually from Utah uses a non-Utah IP to access data in a manner not approved by Utah, they can be held liable. The only way to get around this is, aside from the law being struck down, is for companies out to operate outside the legal reach of the state of Utah, or to act as if everyone in the world lives in Utah. It's a really bad law.
If companies are blocking Utah they are already showing they have no interest in doing business in Utah so who cares if Utah charges them?
China can charge me because I said "Winnie the Pooh" in a post and a citizen might read it and might think I'm referencing dear leader, doesn't mean I have to give a fuck or do anything about it.
Like if a company does not operate in the United States at all and they break a law (however poorly written) from any given state, maybe they can choose to not care, but maybe they still have to because of any number of treaties with the United States. Or because of the outsized number of us internet users. Even Italy is causing people headaches with some of their absurd internet censorship laws. It's just a problem when governments try to pass excessively broad laws about internet services.
Websites need to block all Utah traffic. If their leaders are going to be shitheads, then no traffic for you until you elect new leaders.
Traffic coming from Utah? Believe it or not, jail.
You should see how they've gerrymandered their districts.
The gerrymandering works because there are still enough people voting for them. Those people need to be inconvenienced.
I say just block Utah. Cut the grid, blow the highways, and burst the pipes. Maybe burn and salt SLC, let's see well those profligates last against such odds before they act even the vaguely modern rather than riding Smith and Young's corpse cocks.
Shit just block Utah from porn and they will change their tune quick
Religion is delusional mass psychosis.
they will use this specifically to prosecute whoever they choose and will only enforce it for that reason
Ah Utah
The medieval backward heartland of the USA
Wait… this is specifically about websites?
Easy solution: stick your website behind a CDN. That way, people are using a VPN to contact a CDN, and only the CDN ever connects to your website.
And if Utah thinks two degrees of separation isn’t enough… well, it’s likely that every legislator in Utah is two degrees away from someone who will break this law, so they should obviously be the first to be subject to its penalties.
Oh those legislators are two degrees away from something being broken, and it ain't this dumbass law.
Easy solution: stick your website behind a CDN.
I would say the easy solution is to stop serving content to residents of the state
Well that’s the problem. If you’re on a VPN, the site doesn’t know where you’re coming from. So either all VPN services ban Utah, or all websites ban VPNs. It’s a very insidious ploy to ban any anonymity on the internet. It’s essentially letting Utah set the rules for the entire network. And it doesn’t really work anyway. I can create a VPS and set up tailscale or something similar and all my traffic goes through that server. No block of knowable VPN IPs that a website can block. So either Utah blocks all services like tailscale, which is not going to happen, or this is just pointless.
If two computers are connected to the same network, there will always be a way around these sort of restrictions.
There is no way to know someone is connecting to you via a VPN. They just blacklist known IP addresses, so there isn't really a way to implement this. Sure, you can blacklist well known VPN providers, but anyone can rent a PC in another location to VPN through.
Yeah this was exactly my point. And this only works if the IPs for the VPN are fairly static. I have no idea if they are. But given that I have heard discussions about doing this I assume that is the case. I mean I have done exactly this (using a VPS) to get around some of the restrictions I see.
Same here. Running WireGuard on a VPS in Seattle.
Paying $10 a month, but that's just because I also use that VPS for OwnCloud as well.
Sorta the same but using headscale. So yeah wireguard with extra steps.
Precisely:
Therefore, they can now criminalize any website they want, for not blocking some VPN contact, that they couldn't possibly have identified as VPN.
Perfect, isn't it?
I read, decades ago, that in Communist CCCP, there was a tradition of secret laws .. so people got disappeared, charged, convicted, & sentenced .. on laws they weren't permitted to know.
This is related.
Create laws that it isn't possible to comply with,
then set about obliterating all the "enemy" you want, because now you can convict anybody you want, & there's nothing anybody can do in defense.
This is one of the most-perfect machiavellianisms they've done, thus far.
( the one where the Washington DC bar-association got highjacked by the Republican party, so there won't be any more Democrat lawyers in there .. thereby limiting the pool of people who can practice law in Washington DC .. that was another.
The elegance of it I admire, the alignment & intent is evil, which I want .. removed .. from our world. : )
_ /\ _
all websites ban VPN
I don't think that's technically possible under the current structure of the internet.
Now, if they move to: you must sign in with a state assigned ID before you access anything anywhere... that technically could work.
Shhh! Don't give them freakin' ideas!!!!! :)
Oh, they don't need to be told this - it has been in the fascist state "papers please" handbook since long before WWII. Get very very worried when Fox News starts talking about "considering the possibility of..."
You can still request Geolocation and if the computer has a prior record w/o IP, you can get a location up the chain.
Geolocation sometimes mis-locates some netblocks.
I've seen complaints by people who can't get any website to respect their proper location ( or often language ) because of GeoIP that was haywired for their IP address-block.
_ /\ _
There's services that not only check for known VPN servers, but also for IPs in datacenter IP blocks. So using a VPS could in theory also be blocked.
Yeah, and you could also block all Albanians from shopping at your store by asking them as they come in: "Are you Albanian?" Yeah, you have a photo-catalog of known Albanians, and some general descriptions of what Albanians look like, but are you really going to actually, successfully block all Albanians? No. And the more you try, the more you're going to block non-Albanians just because they "look like they might be an Albanian..."
Apologies to Albanians, you're just an alphabetically early example - nothing about Albainia or Albainians in particular, the same could be said for Bulgarians, Croatians, Danish, Estonians, Finnish, Greeks, etc.
I set up a VPS as a VPN server just for me. There's sites have definitely done this. Reddit for one. I get cloudflare captchas a lot as well.
I also use that, and it's just all over the place.
I've had issues with my carrier, so I just used foreign SIM in roaming for a while. €11 for 40GB is not that bad.
And then I found I can't purchase a train ticket. For some reason, ZSSK (Slovakian passenger railway company) blocked IPs of Lifecell (Ukrainian MNO), but was fine with IP from RackNerd (Virginia).
Oh, and the university I am at blocks IPs from "3rd world countries", the result of which was that Asburn, Virginia is fine, but somehow New York is a 3rd world country.
Their instructions say to use any EU-based VPN.
OneDrive uploads would only work for me over Mullvad without crashing.
I also had Reddit block Czech T-Mobile IPs.
I travel a lot for work, and use a cell modem as my primary internet source. Even when I'm at home, I get cloudflare captchas and sites requiring 2fa all the time, since my IP changes constantly.
I'm in SC, but constantly get geolocated in GA, AL, and NC.
I put up a VPS with WireGuard on it just to allow me to always be in Seattle for banking and business sites that constantly require 2fa due to location changes.
You’re right they could. But I’m a systems architect who deals with university wide networks so I know what a cluster fuck that would be. It would be absolutely unmanageable. I’d wager there is no way in hell they are gonna do that.
I’m hopeful that an adult in the room is going to show how unworkable this is gonna be but who knows.
It would be absolutely unmanageable.
They probably know this, and are pushing it anyway - for the votes and the lobbyist backing. (most) voters don't know how ridiculous it is from the technical perspective, and the lobbyists are only looking for their own financial advantages which often come from chaos.
an adult in the room
They're all adults, just not adults who care what they break.
I hate how true this is….
if they are so concerned about children, how about doing something about the mormon church and the fucking horrible crimes that are committed against women and children in it?
This from the people who elected a notorious pedophile, "thinking" that he would find the real pedophiles.
So how do they plan on figuring out if any given user behind a VPN is in Utah?
Russia's VPN crackdown disrupts banks, marketplaces and government services
And so if I'm in Utah as a traveller I can't check my local news by vpn? Ok
"Designed to prevent bypassing age checks by people who don't understand the technology they are trying to regulate" more at 11.
Legislators should be required to understand technology or consult experts in the field before they enact legislation. This is a waste of tax payer dollars and I'm not even sure it's enforceable.
[...] or consult experts in the field before they enact legislation.
This is technically the justification for lobbying.
Lobbying would be great if money weren't involved and it didn't come down to who has the deeper pockets.
It makes perfect sense for both industry and advocacy groups to plead their case to the government and their representatives...that's kinda the point of a representative democracy. But as soon as money/gifts/favors are introduced, it's automatically an uneven playing field.
But as soon as money/gifts/favors are introduced, it's automatically an uneven playing field.
Even if you discount or prevent direct bribes/corruption, there is still an imbalance when a particular group (e.g. the petroleum industry) can afford to employ people as full-time lobbyists, who spend their time and attention on nothing else. It's much harder to write effective regulation against that, or enforce it.
The only useful response is to organize advocacy groups that can also afford to support full-time lobbyists (the ACLU, EFF, etc).
I've said it before and I'll say it again. Join a lobby. Start a lobby. It's not just tech Bros that can do this. Anyone can and should lobby for what they want. The difference between you and a tech bro millionaire is that they are organized.
Yes.
Alternatively, donate to and/or volunteer for groups like the American Civil Liberties Union and Electronic Frontiers Foundation (or equivalent groups in your country) which are already organized and employ lobbyists.
It seems like it's just a matter of time until the US has it's own red firewall.
Wait a second... how can they enforce this legislation when a VPN is masking the user's location? How do they know a user using a VPN is from Utah?
Correct me if I'm wrong here, but aren't the users they're trying to regulate the exact subsection of users that they don't have the ability to identify as being citizens of Utah?
Like if a user appears to be in Utah, then they're probably not using a vpn. And if the user appears to be from out of state, then they could be using a vpn, but also Utah law doesn't apply to those people because they're not from Utah (as far as they know)... So essentially this law can't actually apply to... anyone?
You are too generous. If a company registered in Utah has a user who is coming in via VPN, then that user could be from Utah and the company is not in compliance unless they enforce age verification and thus liable. Thus, everyone has to hand over their ID. No one cares if a NY resident or European or whatever gets caught in it too. That's not a requirement to avoid.
Seems like it kills tech sector in Utah
It would if Utah wasn't the first of many.
Albeit I haven't checked 100% of my traffic but thank God nothing important is hosted in Utah.
I don't know about this one, but these laws usually apply to any company doing commerce inside the jurisdiction. So any company with an office or other business presence there, not just hosting.
What the shell are que tall king a bout ? The gray 8 $alt lake is ϰ Utah.
This law is pointless
Nope. It's a stepping stone to completely block the public from using VPNs.
I get that but laws with no enforcement mechanism are questionable at best
no, the law is a feeder to push through the courts to the US Supreme Court's shadow docket so they can make an overbroad decision with precedent that forces the rest of the country to adopt a VPN band
What kind of music does VPN band play?
dwarfcore. the d is for dwarfcore
I think they check with the ISP or something.
lol Mormons have the NSA servers in Utah.
Have they thought about passing a law that checks to see if the people making the law have an IQ above 50?
This is the dumbest, most waste of time bullshit particularly when the rest of the country is imploding. Maybe they should focus on things that matter.
Problematic now that Firefox has a free VPN with 50gb / mo.
utah must have a porn problem, because they have pretty high traffic to PH, or its affiliates.
Its the Mormon State
Of course, it's full of religious morons.
why would that be a problem
Someone explain TOR to them
It's a strict liability law.
If the state chooses to prosecute the site then all they need to do is prove 1. That the user was actually in Utah and 2. That they did business with the site.
It doesn't matter if the user's IP shows that they are on the Moon. The law doesn't take into account their knowledge or intent, only what actually happened.
It's like manslaugher or statutory rape laws. What the person intended or knew doesn't matter, only what actually happened.
This really makes me wonder if they are planning IPv6 blocks specifically for lunar or extraterrestrial use...or if NASA and other agencies would just use their own ranges on the moon.
Who would be in charge? Like here, ARIN/RIPE/APNIC handle their own global regions. Would there be another agency in charge of the whole moon? Or would the existing agencies just have jurisdiction over the lunar regions colonized by their member states?
You're in luck. The IETF published a document on the topic just last year:
https://www.ietf.org/archive/id/draft-many-tiptop-ip-architecture-01.html
☺️
Tor exit nodes are public and even easier to block than VPNs.
Vpn->tor-> publiwhaza?
Irrelevant. The end goal is they can say "you connected to a site without going through our checkpoint, you're liable". Then the fun begins.
The teshnikully… discussions are useless against this. Heck, given how some networks operate, I would not be surprised if some people would fall into this without even knowing.
Just wait for the "mandatory government issued World ID" required to access internet websites...
TOR is a great way to put yourself on a short list of "people who might be up to something." It's almost a guarantee that many, if not most, TOR nodes are run by or otherwise 100% monitored by various and sundry intelligence agencies around the world.
The recent banning of pornhub access through much of the U.S. Southeast may actually have been an attempt to flood these agencies with zero value traffic to analyze.
From my point of view, all I want is that Europe doesn't follow the US into suiciding it's own future in Tech by structurally dismounting the workings of the Internet for the purpose of autoritarian surveillance.
Mind you, given the seeming high amounts of corruption and kompromat for European politicians - especially EU ones - I fear that even here they might send us down the path of Technological Black Age to satisfy the short term desires of whatever large American Tech Companies that have them in their pockets or populist American or Israeli politicians holding kompromat on them.
Von der Leyen keeps pushing for Chat Control. Plus the age verification app they want to release. The EU is already following the US
Yeah, I noticed.
I have zero hope of the EU comission not being complete total crooks sacrificing Europe to serve corporate America.
My hope is on the EU Parliament and on national governments, not the unelected "jobs for the boys" naturally rotten part of the EU "management".
Estonia has this system for a decade already btw and uses block chain to make it transparant and for integrity, and the verification app will be zero-knowledge proof, and is open-source. Literally the best two specs you want for privacy... The only thing I would want is a decentralized system where you can get verified by showing your ID to your local municipal services, not uploading it.
But the chat control has to go away asap fr
maybe a compromis for chat control would be a decentralized database of photo hashes that are scanned by the chat control app where only trusted organizations for childrens safety can add hashes to, supported by block chain so we have full transparency of who adds what... wdyt of this?
This way there is no single point of control. Blockchain provides full transparency because every addition of a hash is recorded as a transaction that anyone can verify, showing who added it and when, and since the blockchain is immutable, hashes can't be secretly altered or deleted. Digital signatures prove which trusted org added each hash.
Sounds like shit
😂😂 Care to explain why?
Oh, there are so many iffy things there.
For starters:
the verification app will be zero-knowledge proof
Next, how exactly is being in the blockchain something that helps guarantee anonymity in an age verification access control system? The whole point of the blockchain is to guaranteed non-deniability, the exact opposite. At best it stinks of "we've thrown a bunch of techno-fads into this proposal to make it appealing to ignorant techno-fans".
Then, there are a TON of ways of de-anonimizing data if the thing isn't perfectly done, especially when it gets crossed with other data. Is there a group of independent experts analysing each and every version of the protocol and the app to make sure it's not just directly anonymous but also resilient to de-anonimization?
Next, even assuming the whole thing is perfect and has been checked and confirmed by independent experts, how do you guarantee that once the infrastructure is in place the whole age-gating software isn't just made closed source and covertly of changed to turn it into a full-blown civil society surveillance system?
Also, who gets to chose which sites are locked behind age-gates and which are not. Is the list open? Can it be appealed? How easy it is the appeals process? Is there Court supervision of the whole process or is it some people in a closed room with no Judicial oversight choosing what gets put behind that lock and what doesn't.
Beyond that, it's the responsibility of parents to watch over and control what their children are doing, not everybody else. The whole focus should be on giving parents the tools for that (for example, with a standard protocol for sites to inform browsers and home firewalls that they're serving adult content, thus allowing parents to block it internally without the information of who is watching what ever leaving their home network), not mandated government software supposedly controlling the access of the whole fucking civil society to arbitrary web-sites and who knows what else.
Last but not least, it's literally the smallest impact and easiest to achieve option to have the websites push out standard markers for "adult content" to browsers and home firewalls so that parents can restrict their children's access, not putting locks on every such site AND having age identification on any and all means of accessing those websites on every single piece of networked computing hardware that anybody in Estonia might use to access such websites.
The entire thing is far too heavy and affects way too many devices and too much software to be the "best solution" for the problem of protecting children from adult content, but it sure is the best solution for the objective of having government access control software in every single computing device used in Estonia.
Thank you for your service, kind lemmy-goer
I meant the blockchain for the chatcontrol app, not for the age verification app btw, and you make good points for sure.
Is there a group of independent experts analysing each and every version of the protocol and the app to make sure it’s not just directly anonymous but also resilient to de-anonimization?
I mean it's open-source and we have privacy watch-dogs so yes? and maybe they will create a group for it, like Germany
Next, even assuming the whole thing is perfect and has been checked and confirmed by independent experts, how do you guarantee that once the infrastructure is in place the whole age-gating software isn’t just made closed source and covertly of changed to turn it into a full-blown civil society surveillance system?
For chat control app: blockchain where only recognized child safety organizations can add photo-hashes For age verification app: it's zero knowledge proof, so you get a white card without any private data? so how can that turn into full blown surveillance system? The only thing I don't like is uploading my ID online to the app, let me get verified by showing my ID to municipal services without uploading it, would be good ig
Also, who gets to chose which sites are locked behind age-gates and which are not. Is the list open? Can it be appealed? How easy it is the appeals process? Is there Court supervision of the whole process or is it some people in a closed room with no Judicial oversight choosing what gets put behind that lock and what doesn’t.
Child safety organizations? Independent organizations with clear criteria or something? But yeah good questions idk
Beyond that, it’s the responsibility of parents to watch over and control what their children are doing, not everybody else. The whole focus should be on giving parents the tools for that (for example, with a standard protocol for sites to inform browsers and home firewalls that they’re serving adult content, thus allowing parents to block it internally without the information of who is watching what ever leaving their home network), not mandated government software supposedly controlling the access of the whole fucking civil society to arbitrary web-sites and who knows what else.
Then you must make sure the parents aren't tech-illiterate and invest in educating parents for parental controls etc but truth, good point... Child-safe should be the standard in new devices and browsers if those parents stay being tech illiterates.
easiest to achieve option to have the websites push out standard markers for “adult content” to browsers and home firewalls so that parents can restrict their children’s access
Yeah agreed that this is the best solution but how do you make sure those websites apply for such a marker? Use AI to scan them lol And its still the best solution, together with focussing on education parents as well as children and to educate parents on parental control and screen time, and let them sort it out locally, instead of enforcing age verification deffo agreed on that
"Next, even assuming the whole thing is perfect and has been checked and confirmed by independent experts, how do you guarantee that once the infrastructure is in place the whole age-gating software isn’t just made closed source and covertly of changed to turn it into a full-blown civil society surveillance system?"For chat control app: blockchain where only recognized child safety organizations can add photo-hashes For age verification app: it’s zero knowledge proof, so you get a white card without any private data? so how can that turn into full blown surveillance system? The only thing I don’t like is uploading my ID online to the app, let me get verified by showing my ID to municipal services without uploading it, would be good ig
Oh man, so much superficial stuff there.
For starters you did not answer my main question: How exactly does any of this stop the authorities from just making the app close source and changing it to do whatever the fuck they want?
Next "recognized child safety organizations" just moves the problem of "who choses what gets blocked" around. Who "recognizes" an organisation as genuinelly for child safety? Who authorizes them to add photo-hashes to the blockchain? What is the official process for all of that? Where is the Judicial oversight? Where is the fucking Judicial oversight? You know, the way by which for example an artist can get their tasteful drawing which is not adult but "had too much skin" for some moralistic type in one of those organisations taken of the blockchain.
Further: Who gives you the "white card without any private data"? How do you for sure it doesn't have some kind of ID and it's not in some database right linked with your personal info?
"Also, who gets to chose which sites are locked behind age-gates and which are not. Is the list open? Can it be appealed? How easy it is the appeals process? Is there Court supervision of the whole process or is it some people in a closed room with no Judicial oversight choosing what gets put behind that lock and what doesn’t."
Child safety organizations? Independent organizations with clear criteria or something? But yeah good questions idk
Again, PROCESS. Who approves anybody to oversee this? What power do they those people have? What's the process to reverse bad decisions?
Further, you can hardly reconstruct the picture for validation from the hashes in blockchain, so it's not really public, now is it?! The hashes are public but the content represented by them is not, so de facto the list of what's being blocked is not public, so how would the public know that it's actually correct and not, say, some moralist blocking sex-education images?
I mean a very common trick by politicians in areas prone to Corruption, such as public contracts or public-private initiatives is to set some shit up with potential to abuse and then a toothless or captured "independent" overseer - it provides the appearence of honesty whilst in practice being the very opposite.
Further, your answer is again superficial. "Child safety organisations"? Meaningless without a detailed definition of what's considered child safety, how they're overseen to actually abide by such definition rather than say, being moralists or well-meaning but incompetent amateurs. If I was to proclaim to the Estonian Authorities that "I'm a 'child safety organisation'" would they just let me put whatever I wanted on that blockchain? Dive beyond the surface with even the minimum analysis of the problem space and, as usual, the devil is in the details.
This isn't just a technical problem, it's a process problem and a regulatory problem - if this is not done properly whatever technical appearence of anynomity you have can be defeated by the process side of things (like having a record somewhere linking that "anonymous" white card with you or whatever state sanctioned app mandated to run in your devices being turned closed source and changed to covertly track you) and that applies not just on the user side but also the lists side of things (how the sites to block are chosen can be abused to block people from seeing things which are not adult but rather political) and the server side of things (as in, is there any software the sites have to run and what independent oversight is there for what it does).
Tech does not work in a vacuum and is not the whole system by itself - it exists in a human context, not least because it's done by people (or at least in accordance to the specifications of people if you're vibe coding it), it's installed or distributed by people, it gets data that ultimatelly comes from people, and it's use by people - there is literally no point in tech that does not in some way affect or is affected by people - and thus tech can be abused and subverted by the human/process side of things. This is why good hackers also use social hacking - because you can subvert tech via the human side.
So the bits that have to be protected for this to not just do what it's claimed by people that it's supposed to do (and to keep on doing it even when bad actors get a hold of it), extend all the way to the process side of things and into things like Judicial oversight (because any human process that's not overseen by a powerful independent entity gets abused sooner or later). And, guess what, all of that if far heavier than a pie in the sky list of tech fads.
My core concern is that a technical infrastructure of mandatory government software in people's devices (which is a requirement of this, otherwise there's nothing there to stop children from acessing whatever the fuck has hashes in that blockchain), once in place can be abused, and as we've already seen in Europe, Democracies can and do turn into Fascism at any point and Fascists just love to have an infrastructure in place that can easilly be changed (just push an updated version down) to, say, eavesdrop on people or block everybody from accessing specific political content.
Palantir is very active in Europe. They'll do their darndest to make surveillance states happen.
Too late, they're all in on the derp, as well.
I mean how many times is Chat Control going to come up? It's their own KOSA, some "protect the children" lie by a bunch of Epstein Class pedos who want to track and profile everything about everyone.
Good thing my firm doesn’t have an office in UT; we’re all on a VPN to work from home.
Generally speaking, most VPNs used for business are a split tunnel, and aren't forwarding all of your traffic, just the traffic relevant to your company resources that would otherwise be inaccessible unless you were on-site. So your internet traffic and regular browsing are still sent as if you had no VPN connection at all.
I don't think that's actually true. Most route traffic through malware/protection software which would be bypassed by split vpns.
There are also a number of attacks that target this sort of VPN setup so it's my understanding it's generally not a good idea.
Routing is something you can control client-side. Well at least you can configure that all traffic should be routed over the VPN. If your company provides an exit to the internet over VPN is another issue, but I suppose most do.
They can do that, but in my experience they do not, if only because it would be a vector for external attackers (who could control that machine via those connections routed directly to the Internet) to get into the company's intranet without actually having to go through the company's firewalls.
This is what strong endpoint security is for. EDR software is also common. Routing everyone's internet traffic is pretty strenuous.
Not on the company provided computers we used on my last job guess they would just be illegal
They mostly aren’t split tunnel.
This is what happens when you elect morons to legislate technology they dont understand.
Looks like Utah is run by buncha pedos
Every website would be better served to come up with a way to block all IP ranges that come out of Utah ISPs. Better to just block the whole state than try to play this game.
Can we just trade Utah to, I dunno, Mexico for three bucks and a half eaten burrito?
This is just another dog and pony show. If the company doesn't have any offices or assets in utah, then they don't have to care. Utah can censor it's own internet if it doesn't like it.
This law simply has no legs to stand on.
The point is it will spread. Unless you can convince people to jump to i2p en masse it not going to end well.
I have to wonder how a webtorrent based setup on Yggdrasil would perform…
But why would it spread? Utah can pass this because they don't have a large presense of tech companies with deep pockets to oppose it. But any state that does is going to be up against those tech companies. And we know money usually wins. The whole biting the hand that feeds you thing and all.
And how has big tech been fighting this exactly?
It’ll be federal soon though.
No chance. Why do you think all the tech billionaires were at the inauguration. Plus, trump is very pro business. So are Republicans in general.
Yeah, I was wondering how on earth this would work. If my organization doesn’t operate or host in Utah and they file suit against me why wouldn’t I tell them to pound sand?
Cause they don't expect it to work. They want to campaign on passing for the midterms before it is proven not to work.
Can states not sue companies that accept payment from citizens within their state?
I'm not 100% sure. But in general, interstate commerce is the federal governments domain.
And if the company has no assets in the state, what could a state court do if the company didn't pay? The state court has no jurisdiction outside the state. Now if I was an exec for that company, I wouldn't take any trips there just to be safe...
No matter who I might be I wouldn't go to any part of the US
That's a good call right now.
IT'S FOR THE KIDS, YOU COMMIE!
Inb4 Republicans pass a law to make offeting your offspring to powerful pedophiles mandatory
"Real men let trump rape their kids"
Some maga probably.
The acceleration of the popularization of darknets continues, it's going to be a tough decade, but at the end of it, we'll all be more private and secure. Learn about Tor, I2P, and anonymous internet alternatives!
Revenge of the Mormons.
How else are they supposed to find under age girls to marry
Family reunion
💀💀💀💀🤣🤣🤣🤣
Land of the free etc
I’m shaking in my boots, Utah. I’m skared!!! Prove that I’m surfing PORN. Maybe I just want to protect my privacy and stop my ISP from selling my online activities. But also, porn. I know Europe has a few countries imposing this, but damn am I glad to not be in the USA anymore. I’d likely be shot and killed leading a revolution. At least people would have a martyr…
Mullvad has quantum resistance and DIATA. Only when VPNs are outlawed will this be an issue.
Mullvad also has 5 anti-censorship technologies in their app which will help if ISPs in Utah start blocking VPNs. Customers can also request a list of server IPs if servers are being blocked.
I've heard Mullvad works even in China, Utah doesn't stand a chance.
Maybe I just want to protect my privacy and stop my ISP from selling my online activities.
so you will pass the option to sell your online activities onto your commercial vpn provider? how is that better? maybe you don't understand what vpn is and why you are using it? someone told you "this makes everything safe and private, so pay us to use it" and you are paying them without really understanding why...
Shhh, the smart people are talking. Listen and learn
Username checks out.
smart people are talking
so listen to them, maybe you will learn something
You know nothing about Mullvad. The only thing better is Tor.
good for you for having your favorite commercial provider of a service. it is still useful to understand how the service works, so you don't think it does something which it does not.
If conservatives really wanted to protect children, most of the GOPs leadership would be in prison.
Wait, how long until literally any software business realizes what this is, and hard lobbies against it?
You basically must conduct all your business unencrypted in the state of Utah if this is to be understood.
When you trade the kids for money, favors, even inside the church, you're still a G-d damned PIMP. Fuck them. This is about protecting pimps, not kids.
I would bet my shoes Facebook or someone lobbied for this.
It’s easy to blame Mormons, but I think that bloc was more of a mark.
I'm sure enterprising Mormon kids will think up a way around it, like soaking for the internet.
I find it so interesting that they will dance all the way around VPN's, yet do nothing to make them actually illegal.
All adult businesses moving out of Utah. A lot of other businesses too.
Was this all about getting rid of vpns...
Confused... How are websites related to VPNs in this story?
They're not.
I'm guessing it's just that websites are an easier target, legally speaking, than VPNs.
The EFF warned that the legal risk could push sites to either ban all known VPN IPs or mandate age verification for every visitor globally.
The Mormon Government of Putin representatives working for your freedom. The UTah Oblast is becoming a miniature version of CCP run China.
Maybe we should just start blocking Utah like folks block North Korea. Utahans clearly want only Facebook and MySpace, and it’s rude of us to second-guess.
How can you tell if a connection is from a vpn? Do you need a list of all the vpn end points for all providers around the world?
I think that's their starting point - joke's on them, anybody anywhere can setup new vpn services at almost no cost...
There are lists of VPN and tor IPs that can be used for blocking. That will work for commercial VPN services, but not self hosted VPNs.
Yeah indexes of VPN provider IP ranges (and VPS providers and such) already exist. If you want to get around that you need to find a residential ISP SOCKS proxy provider.
I'm assuming these are porn sites? If the site isn't hosted in the US they have no obligation to comply. The hell are they going to do.
Put Utah websites under a VPN...mic drop
oh no....anyways i'm just going to carry on, y'all get so uppity about anything, lifes too short to give a fuck about age verification