24 comments

[ 11.1 ms ] story [ 42.0 ms ] thread
Answer to the obvious question:

>> "Mississippi’s new law and the UK’s Online Safety Act (OSA) are very different. Bluesky follows the OSA in the UK. There, Bluesky is still accessible for everyone, age checks are required only for accessing certain content and features, and Bluesky does not know and does not track which UK users are under 18. Mississippi’s law, by contrast, would block everyone from accessing the site—teens and adults—unless they hand over sensitive information, and once they do, the law in Mississippi requires Bluesky to keep track of which users are children."

I can't find the comic I saw but I can't find that notes how we tell people and kids to not give out personal information on the internet because that's unsafe.

Now we demand they give all their information and depending on the situation smile for the camera ...

...And also lets make it so they can't encrypt their messages either. Big Brother needs to make sure they aren't sending nudes to people that shouldn't be seeing them.
> That’s why until legal challenges to this law are resolved, we’ve made the difficult decision to block access from Mississippi IP addresses. We know this is disappointing for our users in Mississippi, but we believe this is a necessary measure while the courts review the legal arguments.

I strongly agree with this. All these jurisdictions and politicians are passing laws that they don't understand the technical foundations for. Second order effects aren't being considered.

> We think this law creates challenges that go beyond its child safety goals, and creates significant barriers that limit free speech and disproportionately harm smaller platforms and emerging technologies.

This is the only correct response to such onerous legislation. Every site affected by such over-reach has a moral duty to do the same. Not that I expect them to do so.

I am curious how many other "social" sites took this stand.

I think what bluesky did is the only way to fight these laws that all it will do is be a boon to people who obtain and sell PI.

For people in Mississippi, you can always get a VPN. You should avoid Free VPNs, but that is your decision.

So, does Mississippi's age verification also apply to Twitter, Truth Social, Rumble, etc.? Curious what these right-wing platforms are doing about age verification. Surely Mississippi's attorney general will go after those platforms too...
You’re going to see more of this heavy-handed response, especially from smaller sites or decentralized services.

As I’ve argued on past threads about these laws: the internet was neither built nor intended for children. Nobody can get online without some adult intervention (paying for an ISP), and that’s the only age check that’s ever needed.

For everything else, it’s up to parents or guardians to implement filters, content controls, and blocks.

Is there not some way to route Mississippi's Bluesky traffic through a third party (Cloudflare?, etc.?) that can provide age verification and parental consent as a service, so that it doesn't require every individual online service to implement it separately?
All arguments about age checks themselves aside, why can BlueSky implement age checks in the UK, but not Mississippi? Seems to me like the only difference would be Mississippi requiring everyone to log in, whereas currently I assume UK requires a login just for age-restricted material. (Although I don't use BlueSky in the UK, so shrugs)
Way to blow it, Mississippi
Assuming mobile platforms weigh in with an API sometime, it's notable that the only people allowed online by default would be minors who are using parental controls, because they would be able to prove (a) age and (b) parental consent on day 1.
I wonder if a business could be successfully sued for denying service to people OVER a certain age.

It's interesting that age seems to be a protected class if you're above a certain age and not below.

Reminder

Republicans, for many years now, have run on "stop big government regulations" without being specific.

We might need a centralized age verification system. A person verifies their age using an app. The app is on the phone of the user and confirms opening new account.

Then you have accounts that are age verified and accounts that are not age verified. Age verified accounts have the privilege of seeing sensitive content. Unverified accounts don’t have that privilege.

Some might see this as gravitating to bad laws. I see this as an attempt to address a prohibition on doing business.

Figured I’d ask the HN crowd- what’s the best way around these geofence blocks? Have you had success with a system that can work smoothly on mobile/desktop without any of the disastrous privacy and performance implications that VPN services are prone to?
I don’t know how this works: how can Mississippi compel Bluesky to pay these fines for breaking a state regulation if they’re not based in Mississippi?
Notice their stance is that they are not against these kind of checks but it costs too much to implement. Basically if it becomes cheap to implement Bsky will be happy to oblige.

> Unlike tech giants with vast resources, we’re a small team focused on building decentralized social technology that puts users in control. Age verification systems require substantial infrastructure and developer time investments, complex privacy protections, and ongoing compliance monitoring — costs that can easily overwhelm smaller providers.

They're right to point out that laws like this are primarily motivated by government control of speech. On a recent Times article about the UK's Online Safety Act:

> Luckily, we don’t have to imagine the scene because the High Court judgment details the last government’s reaction when it discovered this potentially rather large flaw. First, we are told, the relevant secretary of state (Michelle Donelan) expressed “concern” that the legislation might whack sites such as Amazon instead of Pornhub. In response, officials explained that the regulation in question was “not primarily aimed at … the protection of children”, but was about regulating “services that have a significant influence over public discourse”, a phrase that rather gives away the political thinking behind the act. They suggested asking Ofcom to think again and the minister agreed.

https://www.thetimes.com/comment/columnists/article/online-s...

Wyoming and South Dakota seem even worse, having passed laws requiring age verification for sites with anything potentially harmful to minors. https://www.eff.org/deeplinks/2025/08/book-bans-internet-ban...

What a shameful era. These fools delegintize the state, delegitimize the legal system. Engaged in absolute foolery.

The suggestion I saw was that residents of these states need to comb through every government site they can and sue the government for anything that could be harmful to youth that they find. Theres really no practical limit no possible implementation that the state has allowed other than to age verify pretty much everything; return-to-sender-ing the paper bag of flaming dog shit seems like a semi necessary step here.

I genuinely believe that only such way (regarding "protecting children" from viewing "dangerous/unwanted content") is correct and maximally effective. All others mostly create a theater of security - in other words, they don't actually prevent direct access to "dangerous" content but merely create an illusion of doing so. This ranges from client-side-only checks (like Telegram in the UK) to "privacy-preserving" checks based on ZK or similar technologies, which are currently being promoted in the EU. The first can be bypassed simply by searching for workarounds; the second... well, one person could just verify thousands of others using their own documents, and that's it. Literally a security theater - I hate it, a lot.

And my opinion is that we shouldn't support such ways of doing this, meaning we shouldn't implement or comply with them, but rather protest against them. Either undermine their purpose or create a significant appearance of problems. In other words, either spread methods to bypass them, support such efforts in any way possible, or deny access to services (and so on) in jurisdictions where they're banned by inhumane laws. This is, in a way, a very common practice in the field of "copyright" and I sincerely hope it spreads to everyday matters.

It's deeply sad that nobody addresses the root problem - only its consequences, meaning they try to "hide unwanted content" instead of making it "non-unwanted." And it's even sadder that so few of those who could actually influence the implementation of such "protections" advocate this approach. Off the top of my head, I can only name Finland as one actively promoting educational programs and similar solutions to this problem.

> The Supreme Court’s recent decision leaves us facing a hard reality: comply with Mississippi’s age assurance law—and make every Mississippi Bluesky user hand over sensitive personal information and undergo age checks to access the site—or risk massive fines.

Given that the opinion states that the law is "likely unconstitutional", isn't it too early to give up and block users?

VPN providers are going to be making out like bandits with all the new legislation coming out.
Do they plan to also block the UK and Australia?