This is what happens when you elect morons to legislate technology they dont understand.
Don’t give them that grace. They might not understand it, but the tech-bro lobbiest sure as shit explained it to them in simple terms no doubt.
I find it so interesting that they will dance all the way around VPN’s, yet do nothing to make them actually illegal.
You can’t make VPNs illegal. There is a lot of infrastructure dependent on VPNs.
You can easily make VPN’s effectively illegal. You could make them require age verification for example, or you could ban commercial VPN’s and only allow self-hosted ones. They could also do what Utah did and make it so that you effectively can’t access any websites with a VPN, because the site would be liable for any VPN users accessing the site.
The idea that the government can’t ban VPN’s is giving us a false sense of security. They can at the very least completely undermine them.
You can call VPNs illegal, but you can’t enforce it.
You could make them require age verification for example, or you could ban commercial VPN’s and only allow self-hosted ones.
Neither is enforceable. You can theoretically detect VPN traffic, but you can’t tell if it’s commercial or not. Even the detectable part will no longer be true if you make VPNs illegal, as providers will work towards “indetectability”. You can have a list of known IPs, but unless the entire world follows you in your ban, that is pointless.
They could also do what Utah did and make it so that you effectively can’t access any websites with a VPN
That law existing is more of a demonstration than an actual law, as it is also unenforceable. Sure, you can have a list of known IPs, but that’s definitely not reliable and easy to work around.
Most laws about the internet are unenforceable unless you simply turn it off. That’s why piracy is still an “issue” despite it costing rights owners a gigantic amount of money and therefore not lacking incentive to deal with. That’s why even China and Russia, who are trying to control their network as much as possible, are still unable to enforce their VPN restrictions properly. Even if the US turned fully fascist they wouldn’t be able to enforce a VPN ban.
Neither is enforceable.
They are enforceable. In the first case they can ban transactions to the VPN and ban the website from all ISP’s. In the second case they can just ban transactions to Mullvad and should Proton not comply with the ban to Proton too.
It’s not about banning people from using the VPN, it’s about scaring away the VPN providers.
There are hundreds of VPN providers. People looking to circumvent bans where VPNs are banned are not using mainstream providers. It’s only enforceable if the VPN company is in a country that will care to enforce your ban. Most of them are not.
I’m trying to find a rebuttal to that but I got nothing, and it finally makes sense to me why the government isn’t banning VPN’s.
Currently most major VPN’s respond to legal requests from the government. If the government chooses to ban VPN’s, then people will change to VPN’s that won’t respond to legal requests. That would leave the government with less power to police the internet, not more.
Exactly, that is why authoritarian countries trying to exert absolute control on their internet are still failing!
There is even a category of VPN providers who (directly) collect absolutely no information from you and accept all kind of payment methods, some not traceable or at the very least not blockable. So even if they do respond to government requests… They have nothing to give.
Controlling the internet is a very delicate task and that’s why laws are always tiptoeing around it. There is a sweet spot where you control just enough without inciting people to go pay shady services that you have zero control over
Land of the free etc
if they are so concerned about children, how about doing something about the mormon church and the fucking horrible crimes that are committed against women and children in it?
It seems like it’s just a matter of time until the US has it’s own red firewall.
But spoofing a phone number and harassing me all day isn’t worth solutioning. This Gov. is not representing us.
From my point of view, all I want is that Europe doesn’t follow the US into suiciding it’s own future in Tech by structurally dismounting the workings of the Internet for the purpose of autoritarian surveillance.
Mind you, given the seeming high amounts of corruption and kompromat for European politicians - especially EU ones - I fear that even here they might send us down the path of Technological Black Age to satisfy the short term desires of whatever large American Tech Companies that have them in their pockets or populist American or Israeli politicians holding kompromat on them.
Palantir is very active in Europe. They’ll do their darndest to make surveillance states happen.
Von der Leyen keeps pushing for Chat Control. Plus the age verification app they want to release. The EU is already following the US
Estonia has this system for a decade already btw and uses block chain to make it transparant and for integrity, and the verification app will be zero-knowledge proof, and is open-source. Literally the best two specs you want for privacy… The only thing I would want is a decentralized system where you can get verified by showing your ID to your local municipal services, not uploading it.
But the chat control has to go away asap fr
maybe a compromis for chat control would be a decentralized database of photo hashes that are scanned by the chat control app where only trusted organizations for childrens safety can add hashes to, supported by block chain so we have full transparency of who adds what… wdyt of this?This way there is no single point of control. Blockchain provides full transparency because every addition of a hash is recorded as a transaction that anyone can verify, showing who added it and when, and since the blockchain is immutable, hashes can’t be secretly altered or deleted. Digital signatures prove which trusted org added each hash.
Sounds like shit
😂😂 Care to explain why?
Oh, there are so many iffy things there.
For starters:
the verification app will be zero-knowledge proof
Next, how exactly is being in the blockchain something that helps guarantee anonymity in an age verification access control system? The whole point of the blockchain is to guaranteed non-deniability, the exact opposite. At best it stinks of “we’ve thrown a bunch of techno-fads into this proposal to make it appealing to ignorant techno-fans”.
Then, there are a TON of ways of de-anonimizing data if the thing isn’t perfectly done, especially when it gets crossed with other data. Is there a group of independent experts analysing each and every version of the protocol and the app to make sure it’s not just directly anonymous but also resilient to de-anonimization?
Next, even assuming the whole thing is perfect and has been checked and confirmed by independent experts, how do you guarantee that once the infrastructure is in place the whole age-gating software isn’t just made closed source and covertly of changed to turn it into a full-blown civil society surveillance system?
Also, who gets to chose which sites are locked behind age-gates and which are not. Is the list open? Can it be appealed? How easy it is the appeals process? Is there Court supervision of the whole process or is it some people in a closed room with no Judicial oversight choosing what gets put behind that lock and what doesn’t.
Beyond that, it’s the responsibility of parents to watch over and control what their children are doing, not everybody else. The whole focus should be on giving parents the tools for that (for example, with a standard protocol for sites to inform browsers and home firewalls that they’re serving adult content, thus allowing parents to block it internally without the information of who is watching what ever leaving their home network), not mandated government software supposedly controlling the access of the whole fucking civil society to arbitrary web-sites and who knows what else.
Last but not least, it’s literally the smallest impact and easiest to achieve option to have the websites push out standard markers for “adult content” to browsers and home firewalls so that parents can restrict their children’s access, not putting locks on every such site AND having age identification on any and all means of accessing those websites on every single piece of networked computing hardware that anybody in Estonia might use to access such websites.
The entire thing is far too heavy and affects way too many devices and too much software to be the “best solution” for the problem of protecting children from adult content, but it sure is the best solution for the objective of having government access control software in every single computing device used in Estonia.
I meant the blockchain for the chatcontrol app, not for the age verification app btw, and you make good points for sure.
Is there a group of independent experts analysing each and every version of the protocol and the app to make sure it’s not just directly anonymous but also resilient to de-anonimization?
I mean it’s open-source and we have privacy watch-dogs so yes? and maybe they will create a group for it, like Germany
Next, even assuming the whole thing is perfect and has been checked and confirmed by independent experts, how do you guarantee that once the infrastructure is in place the whole age-gating software isn’t just made closed source and covertly of changed to turn it into a full-blown civil society surveillance system?
For chat control app: blockchain where only recognized child safety organizations can add photo-hashes For age verification app: it’s zero knowledge proof, so you get a white card without any private data? so how can that turn into full blown surveillance system? The only thing I don’t like is uploading my ID online to the app, let me get verified by showing my ID to municipal services without uploading it, would be good ig
Also, who gets to chose which sites are locked behind age-gates and which are not. Is the list open? Can it be appealed? How easy it is the appeals process? Is there Court supervision of the whole process or is it some people in a closed room with no Judicial oversight choosing what gets put behind that lock and what doesn’t.
Child safety organizations? Independent organizations with clear criteria or something? But yeah good questions idk
Beyond that, it’s the responsibility of parents to watch over and control what their children are doing, not everybody else. The whole focus should be on giving parents the tools for that (for example, with a standard protocol for sites to inform browsers and home firewalls that they’re serving adult content, thus allowing parents to block it internally without the information of who is watching what ever leaving their home network), not mandated government software supposedly controlling the access of the whole fucking civil society to arbitrary web-sites and who knows what else.
Then you must make sure the parents aren’t tech-illiterate and invest in educating parents for parental controls etc but truth, good point… Child-safe should be the standard in new devices and browsers if those parents stay being tech illiterates.
easiest to achieve option to have the websites push out standard markers for “adult content” to browsers and home firewalls so that parents can restrict their children’s access
Yeah agreed that this is the best solution but how do you make sure those websites apply for such a marker? Use AI to scan them lol And its still the best solution, together with focussing on education parents as well as children and to educate parents on parental control and screen time, and let them sort it out locally, instead of enforcing age verification deffo agreed on that
"Next, even assuming the whole thing is perfect and has been checked and confirmed by independent experts, how do you guarantee that once the infrastructure is in place the whole age-gating software isn’t just made closed source and covertly of changed to turn it into a full-blown civil society surveillance system?"For chat control app: blockchain where only recognized child safety organizations can add photo-hashes For age verification app: it’s zero knowledge proof, so you get a white card without any private data? so how can that turn into full blown surveillance system? The only thing I don’t like is uploading my ID online to the app, let me get verified by showing my ID to municipal services without uploading it, would be good ig
Oh man, so much superficial stuff there.
For starters you did not answer my main question: How exactly does any of this stop the authorities from just making the app close source and changing it to do whatever the fuck they want?
Next “recognized child safety organizations” just moves the problem of “who choses what gets blocked” around. Who “recognizes” an organisation as genuinelly for child safety? Who authorizes them to add photo-hashes to the blockchain? What is the official process for all of that? Where is the Judicial oversight? Where is the fucking Judicial oversight? You know, the way by which for example an artist can get their tasteful drawing which is not adult but “had too much skin” for some moralistic type in one of those organisations taken of the blockchain.
Further: Who gives you the “white card without any private data”? How do you for sure it doesn’t have some kind of ID and it’s not in some database right linked with your personal info?
“Also, who gets to chose which sites are locked behind age-gates and which are not. Is the list open? Can it be appealed? How easy it is the appeals process? Is there Court supervision of the whole process or is it some people in a closed room with no Judicial oversight choosing what gets put behind that lock and what doesn’t.”
Child safety organizations? Independent organizations with clear criteria or something? But yeah good questions idk
Again, PROCESS. Who approves anybody to oversee this? What power do they those people have? What’s the process to reverse bad decisions?
Further, you can hardly reconstruct the picture for validation from the hashes in blockchain, so it’s not really public, now is it?! The hashes are public but the content represented by them is not, so de facto the list of what’s being blocked is not public, so how would the public know that it’s actually correct and not, say, some moralist blocking sex-education images?
I mean a very common trick by politicians in areas prone to Corruption, such as public contracts or public-private initiatives is to set some shit up with potential to abuse and then a toothless or captured “independent” overseer - it provides the appearence of honesty whilst in practice being the very opposite.
Further, your answer is again superficial. “Child safety organisations”? Meaningless without a detailed definition of what’s considered child safety, how they’re overseen to actually abide by such definition rather than say, being moralists or well-meaning but incompetent amateurs. If I was to proclaim to the Estonian Authorities that “I’m a ‘child safety organisation’” would they just let me put whatever I wanted on that blockchain? Dive beyond the surface with even the minimum analysis of the problem space and, as usual, the devil is in the details.
This isn’t just a technical problem, it’s a process problem and a regulatory problem - if this is not done properly whatever technical appearence of anynomity you have can be defeated by the process side of things (like having a record somewhere linking that “anonymous” white card with you or whatever state sanctioned app mandated to run in your devices being turned closed source and changed to covertly track you) and that applies not just on the user side but also the lists side of things (how the sites to block are chosen can be abused to block people from seeing things which are not adult but rather political) and the server side of things (as in, is there any software the sites have to run and what independent oversight is there for what it does).
Tech does not work in a vacuum and is not the whole system by itself - it exists in a human context, not least because it’s done by people (or at least in accordance to the specifications of people if you’re vibe coding it), it’s installed or distributed by people, it gets data that ultimatelly comes from people, and it’s use by people - there is literally no point in tech that does not in some way affect or is affected by people - and thus tech can be abused and subverted by the human/process side of things. This is why good hackers also use social hacking - because you can subvert tech via the human side.
So the bits that have to be protected for this to not just do what it’s claimed by people that it’s supposed to do (and to keep on doing it even when bad actors get a hold of it), extend all the way to the process side of things and into things like Judicial oversight (because any human process that’s not overseen by a powerful independent entity gets abused sooner or later). And, guess what, all of that if far heavier than a pie in the sky list of tech fads.
My core concern is that a technical infrastructure of mandatory government software in people’s devices (which is a requirement of this, otherwise there’s nothing there to stop children from acessing whatever the fuck has hashes in that blockchain), once in place can be abused, and as we’ve already seen in Europe, Democracies can and do turn into Fascism at any point and Fascists just love to have an infrastructure in place that can easilly be changed (just push an updated version down) to, say, eavesdrop on people or block everybody from accessing specific political content.
This is just another dog and pony show. If the company doesn’t have any offices or assets in utah, then they don’t have to care. Utah can censor it’s own internet if it doesn’t like it.
This law simply has no legs to stand on.Can states not sue companies that accept payment from citizens within their state?
I’m not 100% sure. But in general, interstate commerce is the federal governments domain.
And if the company has no assets in the state, what could a state court do if the company didn’t pay? The state court has no jurisdiction outside the state. Now if I was an exec for that company, I wouldn’t take any trips there just to be safe…No matter who I might be I wouldn’t go to any part of the US
That’s a good call right now.
Web services and websites should block all Utah IP addresses and redirect to page explaining that because they cannot tell who’s using a VPN, their only option is to block all of Utah.
Yes, I understand how dumb that is, but sometimes you have to fight stupid with stupider.
Porn sites have been doing that for years now.
And that’s exactly what they want.
How is this enforceable?
The EFF warned that the legal risk could push sites to either ban all known VPN IPs or mandate age verification for every visitor globally.
This is the goal.
