Can we just trade Utah to, I dunno, Mexico for three bucks and a half eaten burrito?
wait, i’m confused, do we have to pay them the three bucks and give them the burrito to get them to take it?
mexico rejects offer, counteroffers three pesos and half eaten burro
Looks like Utah is run by buncha pedos
How is this enforceable?
If they start looking into your stuff for any reason, and suspect that a user connected to your site through a VPN, you’re in.
It doesn’t have to be true to begin with. And it doesn’t have to be enforced at scale, only when needed.
Only if wanted, more like.
This will be be one of those that they use to tag onto your allegedly illegal activities. Probably a larger penalty but a secondary infraction that can be painful. They just need reason.
I think you can equate it to if you were pulled over for speeding, and they noticed a busted taillight which makes the fine larger. They can’t pull you over for a busted taillight alone but they can add those fees on and wow do they add up.
They can pull you over for a busted tail light.
Seems like it’s the first step in transferring control of the internet to the government.
Step 1 to China/Russia/Iran level internet?
They tried in Russia and electronic payment terminals, that use a VPN, stopped working.
The government? Whoever is the highest bidder for all the data being gathered. Probably Palantir, as ever.
every website will start blocking VPN IPs, more so than what some already do, which is exactly what these cunts want
So then something else will be found that yields a degree of anonymity, that is the game we all play. They sell us security which tastes like totalitarianism and we respond with compliance which smells like subversion.
Depends just how willing you are: demand domestic websites block any non residential IPs and report any attempted or even successful VPS connections, allow only registered businesses to operate VPNs, use government shipped mobile apps to detect people’s network configs/installed apps/private and public IPs, block any known VPN IP ranges, use DPI to block VPN protocols and detect unusual traffic, allow access only to a select list of domains and IP addresses, etc. There’s a myriad of ways to enforce this, but in the US they will need a few years to set up the hardware necessary to do it, that’s the one thing the US has going for it. Sleep on it, though? You will wake up to intranet in 10 years.
I think this is one if those laws where they get to selectively choose who to prosecute.
…everyone is always a criminal so those in charge can do whateverthefuck they want with little regard for actual laws.
I think this is one if those laws where they get to selectively choose who to prosecute.
Like every law.
Over the course of the last decade, each year has seen an average of 2,685 new laws - the equivalent of almost seven and a half a day or one every three-and-a-quarter hours
https://www.theguardian.com/politics/2007/jun/04/houseofcommons.uk
This was in 2007 in the UK. But I imagine it’s much the same in the US. Literally impossible for anybody to follow every law, but that doesn’t matter because as you say they’re selectively enforced
Were it me…
Wireguard is too obvious, so, Yggdrasil to an out of state or ideally country VPS, VPS to, you name it, tor, ygg, i2p, “the works”.
but, this makes the barrier to entry that much higher. Any public TOR relay is an instant breach of the law and provable if the target IP is identified as one, and most could very easily be. One would need to go private, on their own hardware.
It’s not, it’s an add-on for shifting liability after the fact. Basically, if a site gets dinged as being part of showing some youth something truly evil, like confirming the existence of LGTBQI+ people on earth, then if the youth used a VPN, somehow the site is to blame. And likely fines come into play.
It’s like if a person that’s 19 buys alcohol with a fake ID in Utah - the liability is still on the place that unknowingly sold the liquor. It’s probably based on the same lack of logic.
The EFF warned that the legal risk could push sites to either ban all known VPN IPs or mandate age verification for every visitor globally.
This is the goal.
In Hungary, we have a term “impossibilization”, used to describe laws that are not technically banning things, but making them near impossible to do. The christofascists of the US want to ban porn without actually banning porn, because that pesky constitution doesn’t allow it yet.
Could they not also just selectively ban all Utah-based IPs?
People in Utah could still access with a VPN, but never would, because that would be against the law.
Why is a company or person that doesn’t exist physically in Utah at all responsible for adhering to Utah’s laws? Should be their government’s responsibility to block sites, not the site’s responsibility to block Utah.
Why is a company or person that doesn’t exist physically in Utah at all responsible for adhering to Utah’s laws?
This line of thinking is dangerous as it allows companies to disregard any sane legislation as long as their servers are located in a “safe” place. A large portion of websites accessible from Canada are served from US servers, for example. American companies ignoring Canadian laws because they don’t have Canadian-based servers would be a nightmare
If a company makes any money off users in a geographic area (which includes ad view revenue), they have to follow the rules there which is a GOOD thing - even if it’s ridiculous in this case
Also endorsing governments selectively blocking websites is just bad for obvious reasons
Allowing individual states the ability to dictate laws for the entire country is even more dangerous, for the non-hypothetical reasons we are currently experiencing.
And what you’re describing is exactly what happens with international websites. Its why you can go find tons of websites with open media piracy being hosted in Russia. Are parties in Russia now subject to US laws?
Jurisdiction follows impact, not geography. If a service ‘does business with’ Utah residents then Utah has legal standing to regulate that interaction.
If someone comes from Utah to my state and then I break one of Utah’s laws against them, does that mean I’m subject to Utah’s laws? They aren’t doing business in Utah. People in Utah are doing business with them.
I don’t have any way to prevent access to my site based on what laws you’re subject to. Nor do I have any desire to learn 52 states worth of individual laws that may or may not apply to me. I didn’t wire your computer up to the internet, you did that.
They aren’t doing business in Utah. People in Utah are doing business with them.
In the law, those are mutually exclusive. If either end of the transaction is in Utah, it is under Utah jurisdiction.
I don’t have any way to prevent access to my site based on what laws you’re subject to.
If you’re hosting an online business you do have the ability to block users based on location.
Nor do I have any desire to learn 52 states worth of individual laws that may or may not apply to me. I didn’t wire your computer up to the internet, you did that.
I would advise not running an online business then, because the law around jurisdiction and the Internet is well settled.
Geofencing is not trivial, cheap, or even reliable. Are there any cases of sites being legally required to geofence or do they all do it to preemptively avoid legal issues? I’ve only ever seen the latter.
I’m not trying to argue what is or isn’t the current state of law around this; I’m pointing out the absurdity of enforcing it this way and the strange way it’s being used to backdoor state laws into federal ones. This is extremely stupid from a technical, and legislative standpoint.
Utah can charge me with whatever the fuck they want. If I’m not in Utah or doing business with Utah and ignore them what are they doing to do about it?
If China decides my posts are a crime because one of their citizens might see it I am in no way obligated to go to China to defend myself or pay their fines.
Utah can charge me with whatever the fuck they want. If I’m not in Utah or doing business with Utah and ignore them what are they doing to do about it?
If you live in the US then the Full Faith and Credit Clause of the U.S. Constitution, which is enforced with under 28 U.S.C. § 1738, requires that all states recognize and enforce valid final judgements from sister states.
If Utah sues you for violating this law you could show up to court to contest the case or they would win a default judgement.
After the State had a judgement they could seek a writ of execution or writ of garnishment to seize your wages or put liens on your properties.
If you don’t live in the US, and don’t plan to ever work or own property in the US then you’re functionally immune to such judgements.
So the US continues to encourage businesses to operate elsewhere. Tired of winning yet?
Can’t they argue they “did business with” someone in whatever jurisdiction the VPN IP address is located? And then the Utah resident moved whatever digital goods or content from that location into Utah? So it’s the Utah resident who brought the contraband into Utah, not the website?
Can’t they argue they “did business with” someone in whatever jurisdiction the VPN IP address is located?
Yes, that’s why VPNs work for evading geo-blocking.
This law creates a liability trap by explicitly saying that they cannot claim ignorance and are liable as as long as the State can prove that the user was physically located in the EU.
The only way to effectively comply with the law is to implement universal age verification of all users, regardless of location. This is the actual goal, the law in this article is specifically designed to remove the VPN dodge.
I don’t see how they are going to prove that though. The website is going to say they sent the packets to someone in Russia (or wherever the vpn is.) My point is, I don’t even see how they can selectively enforce this.
Then why won’t the US let other countries do digital services taxes.
They can’t have it both ways.
The same reason that sites like Anna’s Archive and The Pirate Bay exist.
State and Federal laws don’t apply to other countries without an explicit treaty or agreement where a country agrees to enforce those laws on behalf of the other.
Utah could issue fines for a foreign company but they would have no way to collect because the company doesn’t own any assets in any location that would be required to follow a court order to seize their assets.
So, what you’re saying is this law will encourage setting up shop somewhere without reciprocal agreements, which will encourage countries to lapse said agreements, weakening US soft power yet more.
Sounds like a win.
Shame so many of the world’s governments have a hard on for de-anonymizing the internet though.
Could they not also just selectively ban all Utah-based IPs?
No. Because VPNs redirect traffic from the site to a third party to Utah, in order to disguise the location of the original request
This would be easier that banning VPNs wholesale.
Likely.
site traffic gets cut by 30%
“How could this have happened?”
It’s not.
Every website would be better served to come up with a way to block all IP ranges that come out of Utah ISPs. Better to just block the whole state than try to play this game.
Put Utah websites under a VPN…mic drop
I’m assuming these are porn sites? If the site isn’t hosted in the US they have no obligation to comply. The hell are they going to do.
Land of the free etc
It seems like it’s just a matter of time until the US has it’s own red firewall.
So how do they plan on figuring out if any given user behind a VPN user is in Utah?
Age and identity verification. Unfortunately selling user data is profitable, so I think this will become more common.
So let’s cripple websites that have VPN users… Lmao. Dumbest fucking government ever.
Well while your isp can’t see what you do when you use a vpn. They can see you use a vpn.
So there is that. However you could use an isp that is not in utah
They can see you use a vpn.
How? Deep package inspection?
There are known IP ranges for some VPN services. Plus even if they don’t have that, they can see that all your traffic is going to one IP address and can guess/assume it’s a VPN.
they can see that all your traffic is going to one IP address and can guess/assume it’s a VPN
Umm… What?
Like with phone carriers, ISPs can see the numbers (IPs) you are connecting to. If you use a VPN, you’re always connecting to the same IP, which is unusual from a regular user perspective and would tend to indicate VPN usage.
If you use a VPN, you’re always connecting to the same IP
No, you’re not. A VPN provider can have hundreds of thousands of IP:s.
which is unusual
OK, but not unheard of. And even a dynamic IP might remain the same for months, if not years, depending on the operator.
would tend to indicate VPN usage
No, it wouldn’t.
Congrats on technically understanding how a VPN can work while completely misunderstanding how most public ones work in practice!
That works from the ISP end, but this legislation makes websites themselves accountable. Even if it was about ISPs, as you said they can’t see what you’re doing to stop it and there’s too many use cases for VPNs to just block the protocols outright.
Problematic now that Firefox has a free VPN with 50gb / mo.
if they are so concerned about children, how about doing something about the mormon church and the fucking horrible crimes that are committed against women and children in it?
lol Mormons have the NSA servers in Utah.
Wait, how long until literally any software business realizes what this is, and hard lobbies against it?
You basically must conduct all your business unencrypted in the state of Utah if this is to be understood.
they will use this specifically to prosecute whoever they choose and will only enforce it for that reason
Utah flexing those evil Mormon muscles huh? Well get bent Utah and get fucked Mormons.
You’ve added an extra ‘m’ to a couple words there.
Me: Ormon uscles? Huh? … Oh right 😅
The second m is silent.
😂 😂 😂 😂 😂 😂 I love yall
from now on i will joke-censor mormons as mor*ons
