You’re going to see more of this heavy-handed response, especially from smaller sites or decentralized services.
As I’ve argued on past threads about these laws: the internet was neither built nor intended for children. Nobody can get online without some adult intervention (paying for an ISP), and that’s the only age check that’s ever needed.
For everything else, it’s up to parents or guardians to implement filters, content controls, and blocks.
There are significant factions who would prefer porn be eradicated in it's entirety and laws like this just use 'protecting children' as the more agreable face to their crusade. Ironically the same people who often crow about parental autonomy and how they should be in complete control of their children's education and lives.
For all the talk about free speech and freedoms, a significant portion of the US doesn’t actually want free speech. They want free speech only for things they agree with.
This isn't even really it. If you read the section of Project2025 about porn and these sorts of age laws, then barely talk about porn at all. They lead with "transgender ideology" and such. The goal isn't to keep porn away from kids. The goal is to keep anything that offends their desired hierarchy away from kids.
> For everything else, it’s up to parents or guardians to implement filters, content controls, and blocks.
First of, I'd like to be clear, I don't think laws like this are the right way to go.
But to be fair, even if you are tech literate, which most parents aren't, this is actually pretty difficult to do.
And there are really three approaches you can take to this. You can use an allowlist of sites, but that is very restrictive, and limits the ability to explore, research, and learn how to use the internet generally. You can use a blocklist, but then you will always miss something, and it is a game of whack a mole. Or you can use some kind of AI, but that will probably both block things you don't want blocked, and allow things you do want blocked, and will probably add significant latency.
One possible way this could be improved is if websites with adult or mature content, or potential dangers to children (such as allowing the child to communicate with strangers, or gambling) returned a header that marked the content as possibly not suitable for children with a tag of the reason, and maybe a minimum age. Then a browser or firewall could be configured to block access to anything with headers for undesired content. Although, I think that would be most effective if there were laws requiring the headers to be honest.
For my silly little semi-private sites I will likely shut off the clear-web daemons and stick with .onion hidden services. Some will leave and that is fine with me. It's just hobby stuff for me. I will still use RTA headers [1] in the event that some day law makers come to their senses. Curious what others here will do with their forums, chat servers, etc...
I know people whose kid got a hand me down android from a friend and connects through neighbors open WiFi, public open WiFi etc…
And from what I’ve heard it’s not that uncommon for kids to do something similar when parents take away their phones.
It’s easy to say that parents should just limit access and I think they should. I definitely plan to when my kids are old enough for this to be a problem.
But kids are under extreme peer pressure to be constantly online, and when a kid is willing to go to extreme lengths to get access, it can be nearly impossible to prevent it.
There’s also more to it than what parents should do. It’s about what parents are doing. If something is very hard to do most people won’t do it. As a society we all have to deal with the consequences of bad parenting.
We don’t know the consequences of kids having access to porn, but we have correlative studies that show they probably aren’t good.
I’m more concerned with social media than porn though. The correlation between social media use and the rise in teen suicide rates looks awfully suggestive.
Here's the thing: kids are always going to be under peer pressure, and time and time again we keep falling for the pitfall trap of harming adults under the guise of protecting kids.
When it was the drug scare of the 80s, entire research about the harms of DARE's educational methods were ignored in favor of turning an entire generation of children into police informants on their parents. When it was HIV and STDs in the 90s, we harmed kids by pushing "Abstinence-only" narratives that all but ensured more adults would come down with STDs and HIV as adults due to a lack of suitable education (nevermind the reality that children are often vehicles for new information back into the household, which could've educated their own parents as to the new dangers of STDs if they'd been properly educated). In the 2000s, it was attempts to regulate violent video games instead of literal firearms, which has directly contributed to the mass shooting epidemic in the USA. And now we're turning back to porn again, with the same flawed reasoning.
It's almost like the entire point is to harm adults, not protect children.
> I’m more concerned with social media than porn though. The correlation between social media use and the rise in teen suicide rates looks awfully suggestive.
This problem isn't specific to children. Addictive and often otherwise manipulative too feeds affect people of all ages. Instead of age checks, I'd much rather address this. A starting point for how to do this could be banning algorithmic feeds and having us go back to simple algorithms like independent forum websites with latest post first display order.
I mostly agree with you , except there are plenty of ways for non-adults to get access to the internet without adult intervention. ( libraries, friends, McDonald’s hotspots. )
> As I’ve argued on past threads about these laws: the internet was neither built nor intended for children. Nobody can get online without some adult intervention (paying for an ISP), and that’s the only age check that’s ever needed.
> For everything else, it’s up to parents or guardians to implement filters, content controls, and blocks.
Well, they are implementing the block through political pressure, and it's working
> That’s why until legal challenges to this law are resolved, we’ve made the difficult decision to block access from Mississippi IP addresses. We know this is disappointing for our users in Mississippi, but we believe this is a necessary measure while the courts review the legal arguments.
I strongly agree with this. All these jurisdictions and politicians are passing laws that they don't understand the technical foundations for. Second order effects aren't being considered.
Sometimes (only sometimes, I promise) I wonder whether this kind of legislation is being dreamt up by a think tank tasked with planning how to implement some ulterior goal (e.g. massively increased surveillance to fight crime - it's far too easy to unsert something more nefarious here). The politicians then just follow the action plan and repeat talking points from party advisors.
Have you seen Congress? It’s like Denny’s on senior appreciation day.
They had to wheel McConnell in not long ago because he physically couldn’t walk.
And like I don’t mean to shit on the elderly (directly anyway) but I dunno just spitballing here, maybe we could get some folks in there who weren’t born yet when the civil rights act was passed???
> We think this law creates challenges that go beyond its child safety goals, and creates significant barriers that limit free speech and disproportionately harm smaller platforms and emerging technologies.
This is the only correct response to such onerous legislation. Every site affected by such over-reach has a moral duty to do the same. Not that I expect them to do so.
If you think this is bad, you should see the regulatory burden imposed on small manufacturers. This is nothing. The problem is that voters don’t seem to care about regulatory requirements.
The alternate solution is to shutter all US operations and move to another jurisdiction that doesn't require these regulations, in the same way 4chan is ignoring the UK's request.
Harder to implement than an IP ban for a state, though.
I can't find the comic I saw but I can't find that notes how we tell people and kids to not give out personal information on the internet because that's unsafe.
Now we demand they give all their information and depending on the situation smile for the camera ...
...And also lets make it so they can't encrypt their messages either. Big Brother needs to make sure they aren't sending nudes to people that shouldn't be seeing them.
Wait! Wait! Is this the same state that wanted welfare recipients to be tested for drugs and it was found that the drug use by legislators was ten times higher?
They're right to point out that laws like this are primarily motivated by government control of speech. On a recent Times article about the UK's Online Safety Act:
> Luckily, we don’t have to imagine the scene because the High Court judgment details the last government’s reaction when it discovered this potentially rather large flaw. First, we are told, the relevant secretary of state (Michelle Donelan) expressed “concern” that the legislation might whack sites such as Amazon instead of Pornhub. In response, officials explained that the regulation in question was “not primarily aimed at … the protection of children”, but was about regulating “services that have a significant influence over public discourse”, a phrase that rather gives away the political thinking behind the act. They suggested asking Ofcom to think again and the minister agreed.
All arguments about age checks themselves aside, why can BlueSky implement age checks in the UK, but not Mississippi? Seems to me like the only difference would be Mississippi requiring everyone to log in, whereas currently I assume UK requires a login just for age-restricted material. (Although I don't use BlueSky in the UK, so shrugs)
They could based on group but you can get around that. Maybe they are concerned that a user using a VPN from Mississippi would cause them to break the law.
Figured I’d ask the HN crowd- what’s the best way around these geofence blocks? Have you had success with a system that can work smoothly on mobile/desktop without any of the disastrous privacy and performance implications that VPN services are prone to?
Just use a lightweight, privacy focused VPN like Mullvad. You don’t have to keep it on when you need top network performance. Ultimately, a VPN of SOME kind is the only option.
I mean anything that circumvents geo-fencing at the IP level is going to be tunneling your traffic through an address that isn't blocked. Your options are all VPNs, the choice is only who's running it—you via a VPS or similar, friends/family/community, a service as you describe, or the public with Tor.
The friends/family option is probably the most broadly effective at circumventing the block since you'll have a residential address but at the cost of a lot of latency and bandwidth. The most performant option will be VPS services but lots of sites will block them as well out of an abundance of caution.
> The Supreme Court’s recent decision leaves us facing a hard reality: comply with Mississippi’s age assurance law—and make every Mississippi Bluesky user hand over sensitive personal information and undergo age checks to access the site—or risk massive fines.
Given that the opinion states that the law is "likely unconstitutional", isn't it too early to give up and block users?
We might need a centralized age verification system. A person verifies their age using an app. The app is on the phone of the user and confirms opening new account.
Then you have accounts that are age verified and accounts that are not age verified. Age verified accounts have the privilege of seeing sensitive content. Unverified accounts don’t have that privilege.
Some might see this as gravitating to bad laws. I see this as an attempt to address a prohibition on doing business.
> Then you have accounts that are age verified and accounts that are not age verified.
Creating an immediate market for age-verified accounts.
18 year old want some spare cash? Create a few dozen age verified accounts on your phone and sell them off for $1-2 each.
The next step is then tying logins to devices, and devices to identities. Then by using a website you must volunteer your identity. Dream come true for ad serving.
That might be a circumvention. But law is not about rooting out all circumventions. It is about intent to creating a certain system. Similar to sales tax. Just because there are ways around it, doesn’t make the law meaningless.
It isn't centralized, but the emerging mDL/mID (ISO/IEC 18013-5) + Digital Credentials API (W3C) standards do enable sharing a “this device contains a secure credential for someone over 18 years of age” assertion, cryptographically signed by a government agency. Critically, this doesn't require sharing any other personal information.
As long as it can be done in the way that it remains accessible to both citizens and businesses and is highly enforceable, I'm in. The problem is that I'm not sure how it can actually be done...
A more appropriate route to that is to create incentives and grants for companies to be created that can accomplish this age verification infrastructure (ideally with its own privacy guarantees, etc), and make a declaration such as “in 5 years, you will be expected to validate and track the age group of all users on your platform. We have created grants to help create technology companies and a platform that will help to implement and privatize this service”.
That way you get both:
* companies that can provide the service (yay capitalism, middlemen and jobs!)
* compliance with the new laws that help to stratify users so that < 18 and > 18 users are identified and segregated.
Or do it like the EU is doing with the EU Digital Identity Wallet, which has been tested in pilot programs since 2023, and which is expected to start being deployed to the general public next year.
Briefly, your government would give you a signed digital copy of your government ID document. This copy would be cryptographically bound to secure hardware you own, typically your smartphone. I'll assume a smartphone for the rest of this.
When you want to reveal some fact from your ID to a site, such as "my ID says that my birthday is at least 18 years in the past", your device and the site use a zero knowledge proof (ZKP) protocol to prove to the site that this is true for the signed digital ID that is bound to your device. Nothing else from or about your digital ID is conveyed to the site.
Once this is out it should be pretty easy for sites to implement age checks for EU users.
The EU system is all open source and they've got a reference implementation on Github somewhere.
The main thing to ensure privacy with these kind of systems is making it so that the entity that issues the digital ID to your device is an entity that you don't mind proving your ID to with your physical government ID. Ideal would be for this to be handled by the same government agency that issues the physical ID.
Second best would be entities like banks that you already trust with your ID.
What a shameful era. These fools delegintize the state, delegitimize the legal system. Engaged in absolute foolery.
The suggestion I saw was that residents of these states need to comb through every government site they can and sue the government for anything that could be harmful to youth that they find. Theres really no practical limit no possible implementation that the state has allowed other than to age verify pretty much everything; return-to-sender-ing the paper bag of flaming dog shit seems like a semi necessary step here.
Assuming mobile platforms weigh in with an API sometime, it's notable that the only people allowed online by default would be minors who are using parental controls, because they would be able to prove (a) age and (b) parental consent on day 1.
The very notion of underage is necessarily arbitrary because there is no direct way to measure one's maturity and thus sensitivity to such materials. As long as the block is not perpetual and lifted after some reasonable cutoff, such blocks are thought to be reasonable in general (yeah some would complain, of course). In comparison the business you have described is the polar opposite, where people are perpetually blocked once they reach a certain age.
The only two things I can l'd think of, is driving and article 25 of the constitution. The latter which has been clearly violated to a large extent. There ought to be a licence to be able to run for office, just a multiple choice question. Are you an 1) Idiot? 2) Fascist? 3) Ted Cruz? 4) pedophilic zoophile? And turn just disqualify them.
So, does Mississippi's age verification also apply to Twitter, Truth Social, Rumble, etc.? Curious what these right-wing platforms are doing about age verification. Surely Mississippi's attorney general will go after those platforms too...
It does, but almost all the major platforms/companies are members of NetChoice, a trade organization that fights this sort of thing. This presser from Bluesky doesn't mention it, but the case is "NetChoice vs Mississippi", so that's how involved they are to this.
>> "Mississippi’s new law and the UK’s Online Safety Act (OSA) are very different. Bluesky follows the OSA in the UK. There, Bluesky is still accessible for everyone, age checks are required only for accessing certain content and features, and Bluesky does not know and does not track which UK users are under 18. Mississippi’s law, by contrast, would block everyone from accessing the site—teens and adults—unless they hand over sensitive information, and once they do, the law in Mississippi requires Bluesky to keep track of which users are children."
Notice their stance is that they are not against these kind of checks but it costs too much to implement. Basically if it becomes cheap to implement Bsky will be happy to oblige.
> Unlike tech giants with vast resources, we’re a small team focused on building decentralized social technology that puts users in control. Age verification systems require substantial infrastructure and developer time investments, complex privacy protections, and ongoing compliance monitoring — costs that can easily overwhelm smaller providers.
> This decision applies only to the Bluesky app, which is one service built on the AT Protocol [...] We remain committed to building a protocol that enables openness and choice.
If someone else builds another app as a workaround, they aren't going to stop them. (Bluesky isn't decentralized enough in practice yet, but someday...)
I don’t know how this works: how can Mississippi compel Bluesky to pay these fines for breaking a state regulation if they’re not based in Mississippi?
Because if they have users in Mississippi they are doing “interstate commerce” and a federal court has the ability and jurisdiction to compel them to pay those fines.
Is there not some way to route Mississippi's Bluesky traffic through a third party (Cloudflare?, etc.?) that can provide age verification and parental consent as a service, so that it doesn't require every individual online service to implement it separately?
I genuinely believe that only such way (regarding "protecting children" from viewing "dangerous/unwanted content") is correct and maximally effective. All others mostly create a theater of security - in other words, they don't actually prevent direct access to "dangerous" content but merely create an illusion of doing so. This ranges from client-side-only checks (like Telegram in the UK) to "privacy-preserving" checks based on ZK or similar technologies, which are currently being promoted in the EU. The first can be bypassed simply by searching for workarounds; the second... well, one person could just verify thousands of others using their own documents, and that's it. Literally a security theater - I hate it, a lot.
And my opinion is that we shouldn't support such ways of doing this, meaning we shouldn't implement or comply with them, but rather protest against them. Either undermine their purpose or create a significant appearance of problems. In other words, either spread methods to bypass them, support such efforts in any way possible, or deny access to services (and so on) in jurisdictions where they're banned by inhumane laws. This is, in a way, a very common practice in the field of "copyright" and I sincerely hope it spreads to everyday matters.
It's deeply sad that nobody addresses the root problem - only its consequences, meaning they try to "hide unwanted content" instead of making it "non-unwanted." And it's even sadder that so few of those who could actually influence the implementation of such "protections" advocate this approach. Off the top of my head, I can only name Finland as one actively promoting educational programs and similar solutions to this problem.
You’re going to see more of this heavy-handed response, especially from smaller sites or decentralized services.
As I’ve argued on past threads about these laws: the internet was neither built nor intended for children. Nobody can get online without some adult intervention (paying for an ISP), and that’s the only age check that’s ever needed.
For everything else, it’s up to parents or guardians to implement filters, content controls, and blocks.
There are significant factions who would prefer porn be eradicated in it's entirety and laws like this just use 'protecting children' as the more agreable face to their crusade. Ironically the same people who often crow about parental autonomy and how they should be in complete control of their children's education and lives.
For all the talk about free speech and freedoms, a significant portion of the US doesn’t actually want free speech. They want free speech only for things they agree with.
13 replies →
This isn't even really it. If you read the section of Project2025 about porn and these sorts of age laws, then barely talk about porn at all. They lead with "transgender ideology" and such. The goal isn't to keep porn away from kids. The goal is to keep anything that offends their desired hierarchy away from kids.
8 replies →
To be fair, their concern tends to be a more consistent "Don't push these corrupting agents towards me or my society"
If the school curriculum aligned with their belief system, they won't be talking about a need for control
6 replies →
> crow about parental autonomy and how they should be in complete control of their children's education and lives.
Ah yes, those monsters
27 replies →
The hypocrisy is very clearly evident.
And there is nothing on Blue sky that is not appropriate for children over 13-with parental guidance.
They do need to keep the morons, and knuckle dragging lawyers off the platform simply because of their felonious actions and prison records.
7 replies →
> For everything else, it’s up to parents or guardians to implement filters, content controls, and blocks.
First of, I'd like to be clear, I don't think laws like this are the right way to go.
But to be fair, even if you are tech literate, which most parents aren't, this is actually pretty difficult to do.
And there are really three approaches you can take to this. You can use an allowlist of sites, but that is very restrictive, and limits the ability to explore, research, and learn how to use the internet generally. You can use a blocklist, but then you will always miss something, and it is a game of whack a mole. Or you can use some kind of AI, but that will probably both block things you don't want blocked, and allow things you do want blocked, and will probably add significant latency.
One possible way this could be improved is if websites with adult or mature content, or potential dangers to children (such as allowing the child to communicate with strangers, or gambling) returned a header that marked the content as possibly not suitable for children with a tag of the reason, and maybe a minimum age. Then a browser or firewall could be configured to block access to anything with headers for undesired content. Although, I think that would be most effective if there were laws requiring the headers to be honest.
> even if you are tech literate, which most parents aren't
18 years ago was 2007! If "most parents" of underage children don't understand the internet, where the hell have they been?
1 reply →
For my silly little semi-private sites I will likely shut off the clear-web daemons and stick with .onion hidden services. Some will leave and that is fine with me. It's just hobby stuff for me. I will still use RTA headers [1] in the event that some day law makers come to their senses. Curious what others here will do with their forums, chat servers, etc...
[1] - https://www.rtalabel.org/index.php?content=howtofaq#single
I know people whose kid got a hand me down android from a friend and connects through neighbors open WiFi, public open WiFi etc…
And from what I’ve heard it’s not that uncommon for kids to do something similar when parents take away their phones.
It’s easy to say that parents should just limit access and I think they should. I definitely plan to when my kids are old enough for this to be a problem.
But kids are under extreme peer pressure to be constantly online, and when a kid is willing to go to extreme lengths to get access, it can be nearly impossible to prevent it.
There’s also more to it than what parents should do. It’s about what parents are doing. If something is very hard to do most people won’t do it. As a society we all have to deal with the consequences of bad parenting.
We don’t know the consequences of kids having access to porn, but we have correlative studies that show they probably aren’t good.
I’m more concerned with social media than porn though. The correlation between social media use and the rise in teen suicide rates looks awfully suggestive.
> But kids are under extreme peer pressure
Here's the thing: kids are always going to be under peer pressure, and time and time again we keep falling for the pitfall trap of harming adults under the guise of protecting kids.
When it was the drug scare of the 80s, entire research about the harms of DARE's educational methods were ignored in favor of turning an entire generation of children into police informants on their parents. When it was HIV and STDs in the 90s, we harmed kids by pushing "Abstinence-only" narratives that all but ensured more adults would come down with STDs and HIV as adults due to a lack of suitable education (nevermind the reality that children are often vehicles for new information back into the household, which could've educated their own parents as to the new dangers of STDs if they'd been properly educated). In the 2000s, it was attempts to regulate violent video games instead of literal firearms, which has directly contributed to the mass shooting epidemic in the USA. And now we're turning back to porn again, with the same flawed reasoning.
It's almost like the entire point is to harm adults, not protect children.
1 reply →
> I’m more concerned with social media than porn though. The correlation between social media use and the rise in teen suicide rates looks awfully suggestive.
This problem isn't specific to children. Addictive and often otherwise manipulative too feeds affect people of all ages. Instead of age checks, I'd much rather address this. A starting point for how to do this could be banning algorithmic feeds and having us go back to simple algorithms like independent forum websites with latest post first display order.
1 reply →
So you are saying that we should buy stock in VPN companies that serve Missashity?
"As a society we all have to deal with the consequences of bad parenting."
Then why isn't that significantly regulated?
2 replies →
I mostly agree with you , except there are plenty of ways for non-adults to get access to the internet without adult intervention. ( libraries, friends, McDonald’s hotspots. )
> As I’ve argued on past threads about these laws: the internet was neither built nor intended for children. Nobody can get online without some adult intervention (paying for an ISP), and that’s the only age check that’s ever needed.
> For everything else, it’s up to parents or guardians to implement filters, content controls, and blocks.
Well, they are implementing the block through political pressure, and it's working
> That’s why until legal challenges to this law are resolved, we’ve made the difficult decision to block access from Mississippi IP addresses. We know this is disappointing for our users in Mississippi, but we believe this is a necessary measure while the courts review the legal arguments.
I strongly agree with this. All these jurisdictions and politicians are passing laws that they don't understand the technical foundations for. Second order effects aren't being considered.
Sometimes (only sometimes, I promise) I wonder whether this kind of legislation is being dreamt up by a think tank tasked with planning how to implement some ulterior goal (e.g. massively increased surveillance to fight crime - it's far too easy to unsert something more nefarious here). The politicians then just follow the action plan and repeat talking points from party advisors.
Like the German Socialist Democratic Party did in Germany in 1933? How well did that go?
1 reply →
[flagged]
3 replies →
How can we be sure they don't understand at this point? They'd really have to be morons, how can they even take care of themselves?
Have you seen Congress? It’s like Denny’s on senior appreciation day.
They had to wheel McConnell in not long ago because he physically couldn’t walk.
And like I don’t mean to shit on the elderly (directly anyway) but I dunno just spitballing here, maybe we could get some folks in there who weren’t born yet when the civil rights act was passed???
2 replies →
Have you listened to any legislative debates on technical issues? “A series of tubes” was the high point of political understanding of the internet.
1 reply →
> We think this law creates challenges that go beyond its child safety goals, and creates significant barriers that limit free speech and disproportionately harm smaller platforms and emerging technologies.
This is the only correct response to such onerous legislation. Every site affected by such over-reach has a moral duty to do the same. Not that I expect them to do so.
If you think this is bad, you should see the regulatory burden imposed on small manufacturers. This is nothing. The problem is that voters don’t seem to care about regulatory requirements.
The alternate solution is to shutter all US operations and move to another jurisdiction that doesn't require these regulations, in the same way 4chan is ignoring the UK's request.
Harder to implement than an IP ban for a state, though.
I can't find the comic I saw but I can't find that notes how we tell people and kids to not give out personal information on the internet because that's unsafe.
Now we demand they give all their information and depending on the situation smile for the camera ...
...And also lets make it so they can't encrypt their messages either. Big Brother needs to make sure they aren't sending nudes to people that shouldn't be seeing them.
Wait! Wait! Is this the same state that wanted welfare recipients to be tested for drugs and it was found that the drug use by legislators was ten times higher?
They're right to point out that laws like this are primarily motivated by government control of speech. On a recent Times article about the UK's Online Safety Act:
> Luckily, we don’t have to imagine the scene because the High Court judgment details the last government’s reaction when it discovered this potentially rather large flaw. First, we are told, the relevant secretary of state (Michelle Donelan) expressed “concern” that the legislation might whack sites such as Amazon instead of Pornhub. In response, officials explained that the regulation in question was “not primarily aimed at … the protection of children”, but was about regulating “services that have a significant influence over public discourse”, a phrase that rather gives away the political thinking behind the act. They suggested asking Ofcom to think again and the minister agreed.
https://www.thetimes.com/comment/columnists/article/online-s...
All arguments about age checks themselves aside, why can BlueSky implement age checks in the UK, but not Mississippi? Seems to me like the only difference would be Mississippi requiring everyone to log in, whereas currently I assume UK requires a login just for age-restricted material. (Although I don't use BlueSky in the UK, so shrugs)
Their wording had me imagining technological schemes that blind BlueSky from knowing but reading again I think what's going on is:
Mississippi: They track "underage" and "adult" UK: They track "unknown [treated as underage]" and "adult"
I'd prefer all businesses impacted by the draconian Brit legislation block the Brits geo completely.
The UK only requires verification for specific content. Not the entire site. Also, the identification and tracking requirements are very different.
Yes, they explained that the UK's regulations are less aggressive so it's possible to comply with them
They could based on group but you can get around that. Maybe they are concerned that a user using a VPN from Mississippi would cause them to break the law.
Figured I’d ask the HN crowd- what’s the best way around these geofence blocks? Have you had success with a system that can work smoothly on mobile/desktop without any of the disastrous privacy and performance implications that VPN services are prone to?
Just use a lightweight, privacy focused VPN like Mullvad. You don’t have to keep it on when you need top network performance. Ultimately, a VPN of SOME kind is the only option.
I mean anything that circumvents geo-fencing at the IP level is going to be tunneling your traffic through an address that isn't blocked. Your options are all VPNs, the choice is only who's running it—you via a VPS or similar, friends/family/community, a service as you describe, or the public with Tor.
The friends/family option is probably the most broadly effective at circumventing the block since you'll have a residential address but at the cost of a lot of latency and bandwidth. The most performant option will be VPS services but lots of sites will block them as well out of an abundance of caution.
> The Supreme Court’s recent decision leaves us facing a hard reality: comply with Mississippi’s age assurance law—and make every Mississippi Bluesky user hand over sensitive personal information and undergo age checks to access the site—or risk massive fines.
Given that the opinion states that the law is "likely unconstitutional", isn't it too early to give up and block users?
Not for a small team without the desire or resources to fight it all the way to the supreme court.
VPN providers are going to be making out like bandits with all the new legislation coming out.
We might need a centralized age verification system. A person verifies their age using an app. The app is on the phone of the user and confirms opening new account.
Then you have accounts that are age verified and accounts that are not age verified. Age verified accounts have the privilege of seeing sensitive content. Unverified accounts don’t have that privilege.
Some might see this as gravitating to bad laws. I see this as an attempt to address a prohibition on doing business.
> Then you have accounts that are age verified and accounts that are not age verified.
Creating an immediate market for age-verified accounts.
18 year old want some spare cash? Create a few dozen age verified accounts on your phone and sell them off for $1-2 each.
The next step is then tying logins to devices, and devices to identities. Then by using a website you must volunteer your identity. Dream come true for ad serving.
That might be a circumvention. But law is not about rooting out all circumventions. It is about intent to creating a certain system. Similar to sales tax. Just because there are ways around it, doesn’t make the law meaningless.
It isn't centralized, but the emerging mDL/mID (ISO/IEC 18013-5) + Digital Credentials API (W3C) standards do enable sharing a “this device contains a secure credential for someone over 18 years of age” assertion, cryptographically signed by a government agency. Critically, this doesn't require sharing any other personal information.
> Some might see this as gravitating to bad laws. I see this as an attempt to address a prohibition on doing business.
There is no contradiction, the way you address it is by giving up and gravitating to bad laws
As long as it can be done in the way that it remains accessible to both citizens and businesses and is highly enforceable, I'm in. The problem is that I'm not sure how it can actually be done...
Google and Apple are already building this.
A more appropriate route to that is to create incentives and grants for companies to be created that can accomplish this age verification infrastructure (ideally with its own privacy guarantees, etc), and make a declaration such as “in 5 years, you will be expected to validate and track the age group of all users on your platform. We have created grants to help create technology companies and a platform that will help to implement and privatize this service”.
That way you get both:
Or do it like the EU is doing with the EU Digital Identity Wallet, which has been tested in pilot programs since 2023, and which is expected to start being deployed to the general public next year.
Briefly, your government would give you a signed digital copy of your government ID document. This copy would be cryptographically bound to secure hardware you own, typically your smartphone. I'll assume a smartphone for the rest of this.
When you want to reveal some fact from your ID to a site, such as "my ID says that my birthday is at least 18 years in the past", your device and the site use a zero knowledge proof (ZKP) protocol to prove to the site that this is true for the signed digital ID that is bound to your device. Nothing else from or about your digital ID is conveyed to the site.
Once this is out it should be pretty easy for sites to implement age checks for EU users.
The EU system is all open source and they've got a reference implementation on Github somewhere.
Google has also recently released in open source library at https://github.com/google/longfellow-zk for building such systems.
The main thing to ensure privacy with these kind of systems is making it so that the entity that issues the digital ID to your device is an entity that you don't mind proving your ID to with your physical government ID. Ideal would be for this to be handled by the same government agency that issues the physical ID.
Second best would be entities like banks that you already trust with your ID.
Yeah, that should have been part of the bill.
Wyoming and South Dakota seem even worse, having passed laws requiring age verification for sites with anything potentially harmful to minors. https://www.eff.org/deeplinks/2025/08/book-bans-internet-ban...
What a shameful era. These fools delegintize the state, delegitimize the legal system. Engaged in absolute foolery.
The suggestion I saw was that residents of these states need to comb through every government site they can and sue the government for anything that could be harmful to youth that they find. Theres really no practical limit no possible implementation that the state has allowed other than to age verify pretty much everything; return-to-sender-ing the paper bag of flaming dog shit seems like a semi necessary step here.
Assuming mobile platforms weigh in with an API sometime, it's notable that the only people allowed online by default would be minors who are using parental controls, because they would be able to prove (a) age and (b) parental consent on day 1.
I wonder if a business could be successfully sued for denying service to people OVER a certain age.
It's interesting that age seems to be a protected class if you're above a certain age and not below.
The very notion of underage is necessarily arbitrary because there is no direct way to measure one's maturity and thus sensitivity to such materials. As long as the block is not perpetual and lifted after some reasonable cutoff, such blocks are thought to be reasonable in general (yeah some would complain, of course). In comparison the business you have described is the polar opposite, where people are perpetually blocked once they reach a certain age.
The only two things I can l'd think of, is driving and article 25 of the constitution. The latter which has been clearly violated to a large extent. There ought to be a licence to be able to run for office, just a multiple choice question. Are you an 1) Idiot? 2) Fascist? 3) Ted Cruz? 4) pedophilic zoophile? And turn just disqualify them.
Way to blow it, Mississippi
I am curious how many other "social" sites took this stand.
I think what bluesky did is the only way to fight these laws that all it will do is be a boon to people who obtain and sell PI.
For people in Mississippi, you can always get a VPN. You should avoid Free VPNs, but that is your decision.
They're not fighting anything, they've given up a part of their business just to be safe.
Reminder
Republicans, for many years now, have run on "stop big government regulations" without being specific.
[flagged]
[flagged]
So, does Mississippi's age verification also apply to Twitter, Truth Social, Rumble, etc.? Curious what these right-wing platforms are doing about age verification. Surely Mississippi's attorney general will go after those platforms too...
It does, but almost all the major platforms/companies are members of NetChoice, a trade organization that fights this sort of thing. This presser from Bluesky doesn't mention it, but the case is "NetChoice vs Mississippi", so that's how involved they are to this.
Here's their write up on the Mississippi case: https://netchoice.org/netchoice-v-fitch-mississippi/
And obligatory Wikipedia: https://en.wikipedia.org/wiki/NetChoice
Truth Social, X and Rumble are all backed by the very people who wrote the law, so will not be sued. Get Out Of Jail Free cards.
Answer to the obvious question:
>> "Mississippi’s new law and the UK’s Online Safety Act (OSA) are very different. Bluesky follows the OSA in the UK. There, Bluesky is still accessible for everyone, age checks are required only for accessing certain content and features, and Bluesky does not know and does not track which UK users are under 18. Mississippi’s law, by contrast, would block everyone from accessing the site—teens and adults—unless they hand over sensitive information, and once they do, the law in Mississippi requires Bluesky to keep track of which users are children."
Notice their stance is that they are not against these kind of checks but it costs too much to implement. Basically if it becomes cheap to implement Bsky will be happy to oblige.
> Unlike tech giants with vast resources, we’re a small team focused on building decentralized social technology that puts users in control. Age verification systems require substantial infrastructure and developer time investments, complex privacy protections, and ongoing compliance monitoring — costs that can easily overwhelm smaller providers.
There's an important hint in the blog post:
> This decision applies only to the Bluesky app, which is one service built on the AT Protocol [...] We remain committed to building a protocol that enables openness and choice.
If someone else builds another app as a workaround, they aren't going to stop them. (Bluesky isn't decentralized enough in practice yet, but someday...)
I don’t know how this works: how can Mississippi compel Bluesky to pay these fines for breaking a state regulation if they’re not based in Mississippi?
Because if they have users in Mississippi they are doing “interstate commerce” and a federal court has the ability and jurisdiction to compel them to pay those fines.
Are users, who are not transacting with the platform, doing commerce? What if the platform were hosted in, say, Europe?
1 reply →
Is there not some way to route Mississippi's Bluesky traffic through a third party (Cloudflare?, etc.?) that can provide age verification and parental consent as a service, so that it doesn't require every individual online service to implement it separately?
I don’t think that service exists yet. These laws are very new.
just... why? why contribute to this nonsense?
I genuinely believe that only such way (regarding "protecting children" from viewing "dangerous/unwanted content") is correct and maximally effective. All others mostly create a theater of security - in other words, they don't actually prevent direct access to "dangerous" content but merely create an illusion of doing so. This ranges from client-side-only checks (like Telegram in the UK) to "privacy-preserving" checks based on ZK or similar technologies, which are currently being promoted in the EU. The first can be bypassed simply by searching for workarounds; the second... well, one person could just verify thousands of others using their own documents, and that's it. Literally a security theater - I hate it, a lot.
And my opinion is that we shouldn't support such ways of doing this, meaning we shouldn't implement or comply with them, but rather protest against them. Either undermine their purpose or create a significant appearance of problems. In other words, either spread methods to bypass them, support such efforts in any way possible, or deny access to services (and so on) in jurisdictions where they're banned by inhumane laws. This is, in a way, a very common practice in the field of "copyright" and I sincerely hope it spreads to everyday matters.
It's deeply sad that nobody addresses the root problem - only its consequences, meaning they try to "hide unwanted content" instead of making it "non-unwanted." And it's even sadder that so few of those who could actually influence the implementation of such "protections" advocate this approach. Off the top of my head, I can only name Finland as one actively promoting educational programs and similar solutions to this problem.