Why the right to opt-out, instead of requiring sale of data to be opt-in?
I’m not sure how this stuff happens on the backend, but if I sign up for something and there is an opt-out page buried somewhere, I assume they’ve already sold my data by the time I can get to the opt-out page. I still make a best effort, but once it’s sold, it’s really too late. There needs to be an option to never sell it in the first place.
This annoys me with Apple devices, iCloud and all it's related backups of..well everything are on by default and it doesn't ask at any point in the setup of the device.
You have to then go into settings -> icloud and disable the main one and then like 30 individual ones.
There should be a big toggle at the top that says "Disable All Cloud Backups" they can feel free to throw in a warning.
The phone backup is one toggle. The 30 individual ones are for syncing data for apps.
If you aren’t using iCloud for any of this, why use it at all? I believe you can still use an iPhone without an iCloud account, can’t you? Without any cloud sync, I’m not sure what the value is, just sign out.
I’m sure you’d lose the ability to download apps, but most of those are also using iCloud to sync data.
For what it’s worth, Apple seems fairly decent about not opting users in to new stuff. When they released Messages syncing via iCloud, I had to explicitly turn it on for my various devices. The same was true for several other things.
> If you aren’t using iCloud for any of this, why use it at all? I believe you can still use an iPhone without an iCloud account, can’t you?
Nope, You have to have an apple account tied to a physical phone number or you can't sign in on the device or use it at all and they opt you in to the 5GB free plan and yes, the 30 sliders is apps but that doesn't alter the fact that I want to be asked before they exfiltrate my data, technology should exist to serve the user and part of that (at least in my opinion) is respecting privacy.
Yes you can sign out and you can untoggle the boxes but that is rather my point, it's opt out not opt in.
I don't want default exfiltration of data from my devices to a faceless American corporation without that been my choice.
I daily my work MacBook without an Apple account or phone number. And no, it’s not in ABM, or any other MDE. App Store is unavailable because of the missing account, but it does not prevent me from using the device like you’re claiming.
An iPhone with no apps is pretty hard to use. A mac doesn't need the app store, but when I last set one up, I needed to install the devtools from the appstore to bootstrap macports or whatever, so that pushed me into an account.
I don't disagree. But defaults are important, and you are in a tiny minority with wanting to disable iCloud. 90% of people using Apple phones want or expect things to be magically backed up for them
Not saying they shouldn't have that, Apple feels it necessary to ask if I want Siri, if I want a Dark theme and if I want to give them payment details during device setup, I feel like "Do you also want us to back all your data up to a remote computer" could be on that list.
This is just... not true? I'm curious what you mean, because iCloud cannot be on by default since it requires you to set up an iCloud account. You're asked to sign into iCloud during device setup, which you can decline.
Do you mean that, after consenting to and signing into iCloud, all of iCloud's feature are enabled by default?
Google Sheets is slower/has enough usability issues it's not an option and OpenOffice is missing a few features too, not to mention neither really can do VBA at all, nor do they have PowerQuery. So Excel it is.
Is this stuff… like, good? I don’t know anything about the MS ecosystem. If you could start from scratch, would using something more like Python, pandas, that sort of stuff, be viable?
You're not going to get non technical coworkers like the finance department entering their data or reports in pandas. So it depends on how much labor you want to put in helping them do it, I guess?
"It was Bernie Greenberg, who discovered that it was [2]. He wrote a version of Emacs in Multics MacLisp, and he wrote his commands in MacLisp in a straightforward fashion. The editor itself was written entirely in Lisp. Multics Emacs proved to be a great success—programming new editing commands was so convenient that even the secretaries in his office started learning how to use it. They used a manual someone had written which showed how to extend Emacs, but didn't say it was a programming. So the secretaries, who believed they couldn't do programming, weren't scared off. They read the manual, discovered they could do useful things and they learned to program."
No, none of it is good, excel is basically a bad tool for almost any job. There almost always exist a better thing for everything people use excel for.
But excel has inertia, and it's the only programming non-programmers are able, or rather willing, to do. So we're basically stuck with it.
And yes, I consider crafting and maintaining excel workbooks programming, even if no VBA is involved.
> Bill sponsors Rep. Brad Paquette, R-Niles, and Sen. John Cherry, D-Flint, are now working with advocacy groups on potential replacement legislation, according to the MFEI.
It's an international coordinated effort to undermine every single citizen's privacy, an agenda being pushed for years, again and again in every country and state, by a coalition including Google, Facebook, Microsoft, etc., corporations that profit greatly from mandatory identity verification online. It's only a matter of time until they buy out enough politicians to push it through and force future generations to live under their panopticon. Same with digitization of money.
I hate privacy, even down to the idea itself. I will buy out politicians, and push relentlessly until every trace of privacy is eliminated from the world. I love being watched. The idea of a panopticon makes me feel amazing and I want to force it on everyone until the end of time.
I'm reading your comment as sarcasm, but I do have a non-sarcastic hot take on it.
If we have to live in a panopticon I think access to the data should be available to everyone. That eliminates the power imbalance and/or makes the idea of the thing distasteful to powerful people who might actually try to restore privacy and eliminate the panopticon.
I can see why people fall into the trap of calling for an equitable torment nexus: it is both cynical (it supposes everyone in power is corrupt and everyone at the top would oppose an equitable torment nexus) and also naive/optimistic (it supposes that we have any hope to actually impose an equitable torment nexus).
But I think the latter factor wins out, so we should just oppose obviously bad things in a non-clever fashion.
I don't see it as cynical. I'm just accepting the obvious reality.
I have no power to stop what's happening. I might as well make the best of it for myself and my family, and hope it becomes so bad that people who actually do have the power to stop it do something about it. Maybe it'll rise to the level that enough individual citizens will call out for change, but I continue to be amazed at what people will put up with in the name of convenience, continuation of their lifestyle, and, as it relates specifically to surveillance capitalism, shiny digital doodads and baubles that bring them temporary joy.
Capital being speech in the US, since I'm not a billionaire I have very little influence.
I have optimism and hope for people doing good things locally, but absolutely no hope large-scale problems will ever be fixed. I feel like the US political system experienced some phase change in the last 50 years, has "solidified", and is now completely unable to do anything meaningful at scale. The New Deal couldn't happen today. The interstate highway system couldn't happen today. The Affordable Care Act started off as a watered-down, weakened version of what it could have been (because anything more radical would never have passed), and the private interests have had 20 years to chip away at it, sculpting it into a driver of revenue. Heck, we can't even build mass public transit at the level of cities.
Private capital, meanwhile, soldiers on accomplishing its goals in spite of (or because of) our political gridlock.
The fact that you couldn't identify it as sarcasm/satire is indictive of not having an accurate understanding of your opponents position. If you want to defeat your opponents, understand their calculus.
If those wish to preserve privacy want to be effective, there needs to be a pragmatism in understanding differing opinions. Reducing opponents to caricatures and fighting those is a losers strategy. It will guarantee defeat.
Being able to accurately articulate a position one doesn't possess themselves is necessary to effectively countering it.
To execute your plan of buying out politicians, you would be following a blueprint already perfected by extraordinarily wealthy individuals and corporate interests. Through a system of dark money and untraceable nonprofit front groups, billionaires have successfully created what amounts to a permanent, private political machine that rivals official political parties. Following the Citizens United Supreme Court decision, the ultra-wealthy were given more or less free rein to spend as much as they want in support of their favored candidates. This ruling enabled a tiny elite to funnel limitless cash into outside organizations, essentially allowing them to buy elections and steer government policy without public accountability. As one major political donor noted, this massive spending is treated as an investment designed to yield a specific governing philosophy and tangible returns.
Your fascination with the panopticon actually echoes the early days of industrial capitalism. The original concept for the Panopticon was conceived by Samuel Bentham as a way to turn the Deptford docks into a "regular police state" to enforce strict wage labor. He envisioned building a giant central tower to guarantee the constant surveillance of workers, an idea that his brother Jeremy later famously adapted into the prison model you are familiar with today.
The infrastructure for your desired panopticon is already highly advanced through both corporate and state apparatuses. Privacy in the workplace is already profoundly insecure. Employers have wide legal latitude to monitor their workers, with surveys showing that up to two-thirds of companies actively record employee phone calls, voicemails, emails, review computer files, and use video surveillance.
The modern digital economy operates on a model of "surveillance capitalism," where companies offer seemingly "free" services in exchange for mining user engagement. This business model relies entirely on harvesting personal data from every click, post, and search to craft detailed profiles, a practice that fundamentally deemphasizes and eliminates user privacy for profit.
Government agencies have developed a staggering capacity to spy on everyday life. Police and intelligence fusion centers utilize facial recognition, "Stingray" cell phone surveillance equipment, and massive data-mining software to monitor citizens. This includes actively spying on telephone and electronic communications in direct collusion with major communications corporations. Furthermore, government contractors like Palantir provide federal agencies with software capable of tracking billions of data points, explicitly collecting information from Facebook, WhatsApp, Twitter, SMS texts, web surfing activity, and live telephone calls. Authorities can also readily deploy electronic devices, telephone tapping, and intercepted mail to completely bypass secrecy.
In short, the mechanisms to eliminate privacy—from the financial blueprints required to buy political compliance to the technological tools necessary for constant, panoptic observation—are already deeply embedded in modern political and economic systems.
That coordinated effort also includes the buying up of US media sources by billionaires and gigacorps to control the content of not just news sources and social forums, but every electronic window we have onto the world.
Remember, the panopticon observed people who were in a prison.
The effort significantly predates the recent changes in US media ownership. I would actually argue that the ownership change is mostly orthogonal to the ongoing trend of centralization and top-down manipulation of digital information sources.
A shift change of the prison guards more than a material change to the prison.
They likely don't even really care about the panopticon - they see a way to build a moat that even billion-dollar startups won't be able to easily cross.
> a coalition including Google, Facebook, Microsoft, etc., corporations that profit greatly from mandatory identity verification online.
This is not being pushed by private companies. There is no money in it. It is being pushed by governments, and those governments use those private companies as (willing) vehicles to do things that it is illegal for them to do directly. And it is not being pushed by the democratic portions of governments, which have been minimized and weakened to the point of invisibility. None of this makes it to the ballot, "both" sides support it.
Since the turn of the millennium, all powers have been pushed to the Executive, in every Western country. And the Executive wouldn't be the Executive if he/she weren't completely compromised. Governing with 20% of the support of the public is the norm now in Western governments and institutions. If more than 20% of people support you, you're a "populist dictator."
Age verification isn't free. If you sell age verification services then you can get obscenely rich off the government forcing people to use services like yours.
Sam Altman owns an identity verification company for example.
Well, we might as well be realistic - none of us have had any privacy for a very, very long time. It's just that our governments can't quite yet use it against us the way they'd like to without revealing the scope. The goal here is really just to add some additional plausibility when our privacy _is_ violated.
It's not called a uniparty for nothing. Vote red, vote blue, we're all gonna end up in the same place eventually, the only difference is the timeline (pretty interesting that the first states pushing this stuff are California, Colorado, Illinois, etc. -- not exactly who you imagine being concerned with "think of the children", is it?). All the bickering between the two parties is pro wrestling kayfabe at the end of the day.
Details matter. The California law and the others that seem to be modeled after it involves no actual age verification and no presentation of any identifying documents to anyone. It just requires that devices include a system that lets parents when setting up a child's device specify an age range and requires that things that need to check age use the range the parent specified.
This is the general approach that privacy advocates have said should be taken. It is just what I'd expect from a liberal state that has a record of trying to protect privacy but wants to address the issue of how to keep children from sites that are not suitable.
People connect to the internet and do bad things (or have bad things happen to them)
They need to pay a service provider to have the capability to do bad things (or be exposed to bad things)
Why can't we just ask/compel the service provider to identify these people (or block the bad things).
For any politician the line of thinking will be something like that. It comes off as incredibly long hanging fruit that would have broad positive impact for the whole of society. Like the apple in the garden of eden, just walk over, take a bite, and you'll be a political hero without having to do much work at all.
> Why can't we just ask/compel the service provider to identify these people (or block the bad things).
Isn't that basically what's happening? Service providers, such as Discord recently for example, are asking for identification to prove users are of a certain age. If you punish service providers for providing services to minors then they will need to do age verification.
It has reached the level of moral panic, so it’s the current topic everywhere.
Even on Hacker News, threads about children and social media or short form video will draw a lot of comments supporting harsh age restrictions, including an alarming number of extremist comments in favor banning under-18s from using the internet or phones.
It’s not until the discussion turns to implantation details that the sentiment swings firm negative. The average comment in favor of age restrictions hasn’t thought through what it would mean, they only assume that some mechanism will exist that only impacts children and/or sites they don’t care about.
As soon as the implantation details come out and everyone realizes that you can’t restrict children without first verifying everyone’s age or that “social media” includes Discord and other services they use, the outrage starts.
We’re now entering the phases where everyone realizes that these calls to action have consequences for everyone because there is no easy solution that automatically only impacts children.
There is no shortage of reactionary "tech people". They likely didn't think a bit about how this would work. Just ban kids from social media to protect the kids! And then their line of thought stops there. At the same time you've got people on HN asking for better parental controls. And when state governments push for exactly that, parental controls that still preserve individual privacy, everyone loses their fucking minds. Your operating system reporting an age range that you define so apps and websites can filter content appropriately is not a privacy violation. It's literally what people have been asking for. But this community wants to protect children from the internet and "dangers of social media" and also refuses to build any mechanism that distinguishes children from adults that don't violate privacy.
> threads about children and social media or short form video will draw a lot of comments supporting harsh age restrictions
I think there should be age restrictions. I prefer to do it in a privacy-preserving way. But I’m also not happy about conditioning the former on the existence of the latter.
Outside of better parental controls and restricting accounts based on self declared age, there isn't a way to perform age verification anonymously or privately.
> isn't a way to perform age verification anonymously or privately
Totally, no. Better than having users upload IDs with no use restrictions on the social-media companies? Yes. The harms justify, in my opinion and the opinion of lots of Americans (and importantly, those able and willing to call their electeds), a little bit of privacy encroachment for using a totally-voluntary product.
Well hackernews wont like this but the answer is because it's enforcing the status quo. Verifying age for age-related materials and services. Some internet related services had a defacto exemption from following the laws because the enforcement logistics just werent there. A physical store that sells porn has to ID whereas online you dont, for example.
In addition there are more services, such as social media, becoming age-gated.
The enforcement hurts the sensibilities of people like us on hackernews but it's common sense to a lot of people. We live in very polarizing times, but as you've noted, it has bipartisan support. The easiest explanation is the hackernews-friendly take of lack of enforcement mechanisms is the more radical one.
Personally I think it's a bit sad but inevitable. The laws are just catching up. And there will absolutely be some good coming from it, such as holding companies liable for breaking the law.
They may or may not. Just like online services may or may not make a copy. That is besides the point - the point is they verify age because it's already illegal to distribute porn to minors.
No, the do not make a copy and that specifically is the point I am making. The guy looking at my id while standing in my porch is doing something ephemeral.
Facebook is theorized to be paying an advocacy group to launch these, so that they can externalize the legal problems of social networking onto age verification and piecemeal state laws; simultaneously lowering their damages costs in future lawsuits and also raising the drawbridge over the newly-difficult compliance moat against future competitors.
> What's with the bipartisan push for these bills all of a sudden?
There is popular fury against the big tech companies for harming our children. That makes it politically advantageous to put forward solutions. Electeds are responding to that incentive.
Tech privacy “advocates” are notoriously useless at civic engagement, so most of the time I assume the electeds had nobody to talk to other than parents’ groups, who are going to pick the simplest solution to put to pen: the companies have liability to age gate.
I think part of it is because many affluent parents have children with major mental health issues: anxiety, depression, bipolar, thoughts of self-harm, etc. and many of these parents blame social media. The affluent have way more sway over policymaking, and since social media seems easier to control that other vices, they're exerting their control.
Another example: in the California Assembly hearings for AB 1043 (their age verification bill), one mom offered testimony in support by saying it was social media that enticed her daughter into developing anorexia.
This wasn't even a debate two years ago. People were still complaining about Secure Boot and needing Microsoft's permission to install Linux, and about locked phone bootloaders. The fact that this "need" has been manufactured was the victory. Michigan holding back for a moment doesn't matter when they already took California, and Europe is actively hostile to privacy - advocating for it there is starting to verge on the criminal.
Now the claw is closing, and government and big tech are combining. We're either going to let this tiny inbred elite track, monitor and rule every portion of our lives, or we're not. There are no solutions through government, and there are no technical solutions.
Right now you should be buying more computers than you need and datahoarding.
It is disrespectful that they can pretend with a straight face that they've suddenly discovered privacy concerns. The people who pay them started by priming them with the best arguments and lines that their "media" guys could come up with to dismiss those concerns and to paint the people bringing them up as Chinese terrorist pedophiles. They probably just figured out that they need to wait after the midterms, eliminate a few people and get a few others in, then they could get it passed attached to something else. While they're consciously planning, we're simply reacting and ascribing to ignorance and incompetence what is far better explained by malice.
The entire purpose of these laws is to destroy privacy. It isn't churches and puritans lobbying for them. There's no visible constituency lobbying for this, just a bunch of people who have been softened into going "well, if it helps..."
People need to ask themselves who's getting this stuff done? There are so many things that 70-80% of the electorate are loudly clamoring for that can't even get acknowledged by anyone in power or in the mainstream media, but this stuff gets passed?
Maybe I'm just a cynical bastard, but after reading the article I can't help but agree. They saw the light way too easily and the sponsors didn't push back at all. That's how it's supposed to work, yeah, but it's a far cry from anything I've experienced in my entire lifetime. Something's up.
"We recognise you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the EU which enforces the General Data Protection Regulation (GDPR) and therefore cannot grant you access at this time. For any issues, e-mail us at info@franklinnews.org or call us at (847) 497-5230."
This is extremely funny given it's an article about privacy concerns :)
I love seeing this, and love seeing regulations working exactly as wanted! What I see is basically "We're unable to serve this website without compromising your privacy, so instead of pretending or giving you a choice, we give you this message so you can turn around".
Right... as if can trust some random American or other non-European website that it really respects the law. What are you gonna do if it breaks the GDPR law? GDPR ruined the Internet.
> "We're unable to serve this website without compromising your privacy... "
More accurately, "we do not have the staff or funds to figure out what every single random law around the globe requires of us, and since foreign countries are not a realistic advertising market for a local Michigan newspaper, there's really no reason for us to try."
Well, you don't have to do any of that stuff if you either are upfront about selling user data and ask if it's OK, or if you just don't do that stuff at all.
Also not a "European law" by any measure or understanding, that's a international organization that does police cooperation across the continent (and further), it isn't even a law enforcement agency... Not exactly sure how you could confuse that with laws, but here we are.
That would be rather surprising to the large number of law schools that teach European Law as a core subject, such as the Panthéon-Sorbonne (Droit européen), Bologna U (Diritto Europeo), and Humboldt U (Europarecht).
But to know that you would have to study the laws of other countries or in this case EU which costs money and in this case is not an obviously beneficial investment.
Why not? That continent is not their target audience.
It probably wasn't worth the effort to block foreign countries just from random unnecessary compute cost to serve a site to them, but when those countries start being serious about penalties you could face for serving their residents? Now it's justifiable to block non-US countries.
I'm sure they (or whoever sells the product they use to publish) did get legal advice, of the "what is the cheapest way to ensure this isn't an issue for us" and the response was "block 'em all, let God VPN them out."
After all, using a VPN doesn't absolve companies of the GDPR.
No, it can also be saying "I simply have too many other things to do than worry about what the correct data retention or ban appeal or DSA statement of reasons requirement or DSA statement of reasons transparency DB API or UK Ofcom age verification requirements or..."
Sometimes if you're just one person and the EU isn't a core market and you are a small business or non-profit, it's easier to just say, ok you know what, no thanks to all this for now.
That's absurd. Are you, right now, compliant with all relevant laws and regulations in Turkmenistan? Do you have legal advice to back that up? Why not? Is it because you're a criminal?
No! Of course not! It's because you don't care about Turkmenistan, to the extent you've never even bothered to look up what is and is not legal there, let alone get legal advice about it. That's a perfectly fine answer. This random Michigan newspaper doesn't care about the EU. That's a perfectly fine answer too.
If your site is covered by GDPR and you do not have a physical presence in the EU you have to appoint someone in the EU to receive mail on your behalf, so people who want to make GDPR requests by mail can write to them. See Article 27.
There are services that will do this for you. Last I checked they were typically in the neighborhood of a couple hundred Euros a year.
Whether or not GDPR applies to a site not in the EU is somewhat subjective. It comes down to whether you envisaged serving people in the EU.
If your site does not need EU visitors it can make some sense to block them. That provides evidence that you did not envisage serving people in the EU, and then you don't have to figure out if you need to be hiring a service in the EU to receive GDPR mail.
>since foreign countries are not a realistic advertising market for a local Michigan newspaper
This may be true for in house ads, but there are ad networks that already are able to personalize ads and have ad inventory for such foreign countries.
What does GDPR get you that browser settings and an extension don't? I'm genuinely curious how random websites refusing to serve content / spamming cookie banners is a good thing?
The data download and removal side of GDPR seems useful for more "entrenched" use cases where you have an account and a long history on a service but... fly-by website visits should not be this heavily regulated. Blocking cookies and scripts is trivial.
I should not need extensions for a business to respect my privacy. It's as simple as that.
If you look at it through an equity angle, needing extensions relegates the negative effects to those that are already not "well off" — the technologically illiterate who don't know what to do or know someone who does.
So someone's refusal to make a couple clicks to install an extension necessitates: 1) millions of users having to click to get the annoying popup off their screen, 2) installing an extension to block those anyway, and 3) a more fractured internet where website operators outright refuse to serve content because of liability? I'd bet a very large sum of money that the technologically illiterate don't read anything on those popups and click "Accept all cookies"
How does someone's refusal to install an extension necessitate millions of users having to close the popup? I guess you mean someone as in "vast majority of population"?
> I'm genuinely curious how random websites refusing to serve content / spamming cookie banners is a good thing?
They refuse to allow visitors to visit their website without taking, processing and selling their data and letting those visitors know that this is happening. That they outright block me instead of doing those anyways, clearly is a good thing and in my benefit.
But that's the thing, making them outright say "we don't care about respecting stupid laws in your country" (which for us means "we need to continue to be able to sell user data without notifying we do this") is not an "issue", that's the whole benefit of it in the first place.
Anyways, it sounds like a win-win here, they get to not care, and we get to be rejected with clear reasons why, so again, benefits all around.
A US based non-profit news organization isn’t going to spend money to pay lawyers to ensure they meet a regulatory burden that doesn’t affect their core demographic.
> A US based non-profit news organization isn’t going to spend money to pay lawyers to ensure they meet a regulatory burden that doesn’t affect their core demographic.
I like being covered by gdpr.
Though I really cannot see any country's gdpr peops taking anyone in the US to court.
A very simple "Fuck you" (along the lines of The Pirate Bay) would end any legal conversations.
It would be different if the news organisation had an office in the EU.
Anyway, i have a vpn, so....
The UK is not part of the US (yet?) nor the EU, but they're currently fining US companies - it doesn't surprise me at all that many take the easy answer of "ban them by IP".
If it's illegal in the United States to ask someone's age before distributing porn to them online because of the first amendment, why can physical porn stores ask for id? Is that also unconstitutional?
> It is not illegal to ask a user's age in the US online.
Note that this is not what I said. You overgeneralized it - I will assume without bad intention. The question is if it's illegal to require porn companies to verify the age of their users.
> Can you let us know what your source is?
The Free Speech Coalition and Kagan, Sotomayor, and Jackson of the Supreme Court, to start. That was their minority opinion in the suit filed against Texas for requiring online porn companies to verify the age of users. The plaintiff argued it was a violation of the first amendment - it is a common argument.
The argument against the legality of these laws has always been highly suspect. There is a common sentiment that these laws are not good - but when pressed to explain why they aren't legal you get crazy arguments like this, that it violates the first amendment.
You should try to engage with the substance of the post.
The claim made by some is that its illegal to require porn companies to do age verification due to the first amendment. It's really the only legal theory I've seen that supports the claim that the Texas law and others are unconstitutional. The rest just amounts to "it's bad so they should rule against Texas and others."
If his comment was based on some different understanding lets state it so we can clarify, but I think I already have. Of course its not illegal to ask someone's age on the internet. Is that truly what you believed I was saying?
I was just trying to explain the confusion of the original response, I'm not interested in the topic. They originally said "it's illegal for a company to verify someone's age", but their follow up post was "it's illegal for the government to force companies to verify age"
> If it's illegal in the United States to ask someone's age before distributing porn to them online because of the first amendment, why can physical porn stores ask for id? Is that also unconstitutional?
The laws typically don't require them to check ID but instead punish them for selling to minors. You then have several major differences from the online case:
In a physical store where they're neither de facto nor de jure required to check your ID when you're clearly an adult, many of them then don't. There is no feasible way to do the same thing on the internet so instead it effectively becomes requirement to ID everyone, which is different.
In a physical store the clerk can already see your face and hear your voice. It's already hard to be anonymous while interacting in person. A law that compromises anonymity in a context where it was already compromised is different than a law that compromises it in a context where it wasn't.
In a physical store, someone who checks your ID is a human being. They're probably not even going to remember you, are just a store clerk even if they do, and you can see if they try to photocopy your ID or similar and refuse to allow it. Or, you may have a human relationship with that person and trust them not to share your identity with their employer or anyone else. For an online service it's a computer operated by a corporation, and then there is no way for you to tell they're not storing the information, which they have a perverse incentive to do so they can tie all of your future and past interactions with them to your ID. This results in a much stronger chilling effect.
Moreover, a lot of these laws predate the sort of databases that now exist. If someone started making surveillance cameras that could undetectably read the barcode from your government ID if you took it out anywhere in the store and then record it in a database to associate with your activity, your typical defense from that would be to not take it out while you're in the store. At which point a government mandate to show them your ID would have different implications than it did in 1975, which could affect its constitutionality.
> In a physical store they're neither de facto nor de jure required to check your ID when you're clearly an adult, and many of them don't. There is no feasible way to do the same thing on the internet so instead it effectively becomes requirement to ID everyone, which is different.
1) Not true. The burden is on the seller to verify age. Sure, they can try to do it visually but if they fail they are still liable.
2) Even if true, nothing changes in a legal sense if they lose the ability to informally verify age because thats not a legal right of the consumer. It's just an incidental feature of buying in store which some people value. There may be a difference there, but its not a legal one.
3) Texas law didn't mandate age verification by ID specifically.
> Sure, they can try to do it visually but if they fail they are still liable.
That doesn't really have anything to do with the issue that there are practical ways of doing it in person without demanding ID but not online.
Also, those laws tend to have Problems if they actually try to enforce them that way. If the police get a 17 year old a convincing fake ID that says they're 21 or contrive some other circumstance where the seller would reasonably believe they were an adult and then try to prosecute someone for selling to a minor, judges start thinking things like maybe due process doesn't allow the government to get away with that.
> Even if true, nothing changes in a legal sense if they lose the ability to informally verify age because thats not a legal right of the consumer.
"Acquiring information anonymously" is a legal right of the consumer. Laws with chilling effects are a violation of the First Amendment.
> Texas law didn't mandate age verification by ID specifically.
But you're asking why it's different than doing it in person. It's different because the available mechanisms of ascertaining age are different.
> The right to opt out of its sale, and
Why the right to opt-out, instead of requiring sale of data to be opt-in?
I’m not sure how this stuff happens on the backend, but if I sign up for something and there is an opt-out page buried somewhere, I assume they’ve already sold my data by the time I can get to the opt-out page. I still make a best effort, but once it’s sold, it’s really too late. There needs to be an option to never sell it in the first place.
This annoys me with Apple devices, iCloud and all it's related backups of..well everything are on by default and it doesn't ask at any point in the setup of the device.
You have to then go into settings -> icloud and disable the main one and then like 30 individual ones.
There should be a big toggle at the top that says "Disable All Cloud Backups" they can feel free to throw in a warning.
The phone backup is one toggle. The 30 individual ones are for syncing data for apps.
If you aren’t using iCloud for any of this, why use it at all? I believe you can still use an iPhone without an iCloud account, can’t you? Without any cloud sync, I’m not sure what the value is, just sign out.
I’m sure you’d lose the ability to download apps, but most of those are also using iCloud to sync data.
For what it’s worth, Apple seems fairly decent about not opting users in to new stuff. When they released Messages syncing via iCloud, I had to explicitly turn it on for my various devices. The same was true for several other things.
> If you aren’t using iCloud for any of this, why use it at all? I believe you can still use an iPhone without an iCloud account, can’t you?
Nope, You have to have an apple account tied to a physical phone number or you can't sign in on the device or use it at all and they opt you in to the 5GB free plan and yes, the 30 sliders is apps but that doesn't alter the fact that I want to be asked before they exfiltrate my data, technology should exist to serve the user and part of that (at least in my opinion) is respecting privacy.
Yes you can sign out and you can untoggle the boxes but that is rather my point, it's opt out not opt in.
I don't want default exfiltration of data from my devices to a faceless American corporation without that been my choice.
I daily my work MacBook without an Apple account or phone number. And no, it’s not in ABM, or any other MDE. App Store is unavailable because of the missing account, but it does not prevent me from using the device like you’re claiming.
An iPhone with no apps is pretty hard to use. A mac doesn't need the app store, but when I last set one up, I needed to install the devtools from the appstore to bootstrap macports or whatever, so that pushed me into an account.
I don't disagree. But defaults are important, and you are in a tiny minority with wanting to disable iCloud. 90% of people using Apple phones want or expect things to be magically backed up for them
Not saying they shouldn't have that, Apple feels it necessary to ask if I want Siri, if I want a Dark theme and if I want to give them payment details during device setup, I feel like "Do you also want us to back all your data up to a remote computer" could be on that list.
This is just... not true? I'm curious what you mean, because iCloud cannot be on by default since it requires you to set up an iCloud account. You're asked to sign into iCloud during device setup, which you can decline.
Do you mean that, after consenting to and signing into iCloud, all of iCloud's feature are enabled by default?
Microsoft likes to do the "opt out for the next 30 days", including uploading all my spreadsheets to Copilot to be training data.
"Can we do X, Y, Z?" Yes? Or maybe later?
It's so annoying. No means no, not "pester me later"!
Consent used to be "Yes" or "No" now it's "Yes" or "I'll give in later"
There's a reason the tech industry is said to be rapey. Such fundamental misunderstandings of consent likely do not ultimately stop at the digital.
Woman in tech (rare here, I know) and I can confirm, they don't stop at digital
That would be enough to get me to spend those 30 days migrating all my spreadsheets to a new format.
Google Sheets is slower/has enough usability issues it's not an option and OpenOffice is missing a few features too, not to mention neither really can do VBA at all, nor do they have PowerQuery. So Excel it is.
Is this stuff… like, good? I don’t know anything about the MS ecosystem. If you could start from scratch, would using something more like Python, pandas, that sort of stuff, be viable?
You're not going to get non technical coworkers like the finance department entering their data or reports in pandas. So it depends on how much labor you want to put in helping them do it, I guess?
I thought I read something similar in Levy's book "Hackers" but the following is from https://www.gnu.org/gnu/rms-lisp.en.html
"It was Bernie Greenberg, who discovered that it was [2]. He wrote a version of Emacs in Multics MacLisp, and he wrote his commands in MacLisp in a straightforward fashion. The editor itself was written entirely in Lisp. Multics Emacs proved to be a great success—programming new editing commands was so convenient that even the secretaries in his office started learning how to use it. They used a manual someone had written which showed how to extend Emacs, but didn't say it was a programming. So the secretaries, who believed they couldn't do programming, weren't scared off. They read the manual, discovered they could do useful things and they learned to program."
No, none of it is good, excel is basically a bad tool for almost any job. There almost always exist a better thing for everything people use excel for.
But excel has inertia, and it's the only programming non-programmers are able, or rather willing, to do. So we're basically stuck with it.
And yes, I consider crafting and maintaining excel workbooks programming, even if no VBA is involved.
Excel works, the VBA macros with random business rules work, people with business knowledge know how to use it, the workflows are set up.
If we were starting from nothing it wouldn't be built, but the value of what already exists is massive.
I have a client who migrated from Sheets to Excel. Google has all the same issues Microsoft does too when it comes to privacy.
Sure, if you never have to collaborate on them with anyone else.
Pulled?
> Bill sponsors Rep. Brad Paquette, R-Niles, and Sen. John Cherry, D-Flint, are now working with advocacy groups on potential replacement legislation, according to the MFEI.
https://archive.is/hI3wJ
What's with the bipartisan push for these bills all of a sudden?
It's an international coordinated effort to undermine every single citizen's privacy, an agenda being pushed for years, again and again in every country and state, by a coalition including Google, Facebook, Microsoft, etc., corporations that profit greatly from mandatory identity verification online. It's only a matter of time until they buy out enough politicians to push it through and force future generations to live under their panopticon. Same with digitization of money.
I hate privacy, even down to the idea itself. I will buy out politicians, and push relentlessly until every trace of privacy is eliminated from the world. I love being watched. The idea of a panopticon makes me feel amazing and I want to force it on everyone until the end of time.
I'm reading your comment as sarcasm, but I do have a non-sarcastic hot take on it.
If we have to live in a panopticon I think access to the data should be available to everyone. That eliminates the power imbalance and/or makes the idea of the thing distasteful to powerful people who might actually try to restore privacy and eliminate the panopticon.
Power is then moved to whomever owns the most computer power and perhaps education
That's what it is now. Computing power is just a proxy for capital.
> If we have to live in a panopticon...
So that's where we are now? "If we have to live in the torture nexus, let's at least make it equitable"
I can see why people fall into the trap of calling for an equitable torment nexus: it is both cynical (it supposes everyone in power is corrupt and everyone at the top would oppose an equitable torment nexus) and also naive/optimistic (it supposes that we have any hope to actually impose an equitable torment nexus).
But I think the latter factor wins out, so we should just oppose obviously bad things in a non-clever fashion.
I don't see it as cynical. I'm just accepting the obvious reality.
I have no power to stop what's happening. I might as well make the best of it for myself and my family, and hope it becomes so bad that people who actually do have the power to stop it do something about it. Maybe it'll rise to the level that enough individual citizens will call out for change, but I continue to be amazed at what people will put up with in the name of convenience, continuation of their lifestyle, and, as it relates specifically to surveillance capitalism, shiny digital doodads and baubles that bring them temporary joy.
Capital being speech in the US, since I'm not a billionaire I have very little influence.
I have optimism and hope for people doing good things locally, but absolutely no hope large-scale problems will ever be fixed. I feel like the US political system experienced some phase change in the last 50 years, has "solidified", and is now completely unable to do anything meaningful at scale. The New Deal couldn't happen today. The interstate highway system couldn't happen today. The Affordable Care Act started off as a watered-down, weakened version of what it could have been (because anything more radical would never have passed), and the private interests have had 20 years to chip away at it, sculpting it into a driver of revenue. Heck, we can't even build mass public transit at the level of cities.
Private capital, meanwhile, soldiers on accomplishing its goals in spite of (or because of) our political gridlock.
I'd love to feel differently.
That's called cynicism
The fact that you couldn't identify it as sarcasm/satire is indictive of not having an accurate understanding of your opponents position. If you want to defeat your opponents, understand their calculus.
I surely have no idea what you're talking about. I wasn't even responding to you. Hmmmmm yes. Calculus. Defeating opponents. Indubitably.
If those wish to preserve privacy want to be effective, there needs to be a pragmatism in understanding differing opinions. Reducing opponents to caricatures and fighting those is a losers strategy. It will guarantee defeat.
Being able to accurately articulate a position one doesn't possess themselves is necessary to effectively countering it.
Good news!
To execute your plan of buying out politicians, you would be following a blueprint already perfected by extraordinarily wealthy individuals and corporate interests. Through a system of dark money and untraceable nonprofit front groups, billionaires have successfully created what amounts to a permanent, private political machine that rivals official political parties. Following the Citizens United Supreme Court decision, the ultra-wealthy were given more or less free rein to spend as much as they want in support of their favored candidates. This ruling enabled a tiny elite to funnel limitless cash into outside organizations, essentially allowing them to buy elections and steer government policy without public accountability. As one major political donor noted, this massive spending is treated as an investment designed to yield a specific governing philosophy and tangible returns.
Your fascination with the panopticon actually echoes the early days of industrial capitalism. The original concept for the Panopticon was conceived by Samuel Bentham as a way to turn the Deptford docks into a "regular police state" to enforce strict wage labor. He envisioned building a giant central tower to guarantee the constant surveillance of workers, an idea that his brother Jeremy later famously adapted into the prison model you are familiar with today.
The infrastructure for your desired panopticon is already highly advanced through both corporate and state apparatuses. Privacy in the workplace is already profoundly insecure. Employers have wide legal latitude to monitor their workers, with surveys showing that up to two-thirds of companies actively record employee phone calls, voicemails, emails, review computer files, and use video surveillance.
The modern digital economy operates on a model of "surveillance capitalism," where companies offer seemingly "free" services in exchange for mining user engagement. This business model relies entirely on harvesting personal data from every click, post, and search to craft detailed profiles, a practice that fundamentally deemphasizes and eliminates user privacy for profit.
Government agencies have developed a staggering capacity to spy on everyday life. Police and intelligence fusion centers utilize facial recognition, "Stingray" cell phone surveillance equipment, and massive data-mining software to monitor citizens. This includes actively spying on telephone and electronic communications in direct collusion with major communications corporations. Furthermore, government contractors like Palantir provide federal agencies with software capable of tracking billions of data points, explicitly collecting information from Facebook, WhatsApp, Twitter, SMS texts, web surfing activity, and live telephone calls. Authorities can also readily deploy electronic devices, telephone tapping, and intercepted mail to completely bypass secrecy.
In short, the mechanisms to eliminate privacy—from the financial blueprints required to buy political compliance to the technological tools necessary for constant, panoptic observation—are already deeply embedded in modern political and economic systems.
You're welcome!
That coordinated effort also includes the buying up of US media sources by billionaires and gigacorps to control the content of not just news sources and social forums, but every electronic window we have onto the world.
Remember, the panopticon observed people who were in a prison.
The effort significantly predates the recent changes in US media ownership. I would actually argue that the ownership change is mostly orthogonal to the ongoing trend of centralization and top-down manipulation of digital information sources.
A shift change of the prison guards more than a material change to the prison.
They likely don't even really care about the panopticon - they see a way to build a moat that even billion-dollar startups won't be able to easily cross.
Regulatory capture is real.
> a coalition including Google, Facebook, Microsoft, etc., corporations that profit greatly from mandatory identity verification online.
This is not being pushed by private companies. There is no money in it. It is being pushed by governments, and those governments use those private companies as (willing) vehicles to do things that it is illegal for them to do directly. And it is not being pushed by the democratic portions of governments, which have been minimized and weakened to the point of invisibility. None of this makes it to the ballot, "both" sides support it.
Since the turn of the millennium, all powers have been pushed to the Executive, in every Western country. And the Executive wouldn't be the Executive if he/she weren't completely compromised. Governing with 20% of the support of the public is the norm now in Western governments and institutions. If more than 20% of people support you, you're a "populist dictator."
Age verification isn't free. If you sell age verification services then you can get obscenely rich off the government forcing people to use services like yours.
Sam Altman owns an identity verification company for example.
"There is no money in tying online activities to a real identity" is a hot take.
> undermine every single citizen's privacy
Well, we might as well be realistic - none of us have had any privacy for a very, very long time. It's just that our governments can't quite yet use it against us the way they'd like to without revealing the scope. The goal here is really just to add some additional plausibility when our privacy _is_ violated.
Sun On Privacy : Get Over It (1999) https://web.archive.org/web/20171008211256/https://www.wired...
It's Meta: https://www.reddit.com/r/linux/comments/1rshc1f/i_traced_2_b...
It's not called a uniparty for nothing. Vote red, vote blue, we're all gonna end up in the same place eventually, the only difference is the timeline (pretty interesting that the first states pushing this stuff are California, Colorado, Illinois, etc. -- not exactly who you imagine being concerned with "think of the children", is it?). All the bickering between the two parties is pro wrestling kayfabe at the end of the day.
Details matter. The California law and the others that seem to be modeled after it involves no actual age verification and no presentation of any identifying documents to anyone. It just requires that devices include a system that lets parents when setting up a child's device specify an age range and requires that things that need to check age use the range the parent specified.
This is the general approach that privacy advocates have said should be taken. It is just what I'd expect from a liberal state that has a record of trying to protect privacy but wants to address the issue of how to keep children from sites that are not suitable.
People connect to the internet and do bad things (or have bad things happen to them)
They need to pay a service provider to have the capability to do bad things (or be exposed to bad things)
Why can't we just ask/compel the service provider to identify these people (or block the bad things).
For any politician the line of thinking will be something like that. It comes off as incredibly long hanging fruit that would have broad positive impact for the whole of society. Like the apple in the garden of eden, just walk over, take a bite, and you'll be a political hero without having to do much work at all.
> Why can't we just ask/compel the service provider to identify these people (or block the bad things).
Isn't that basically what's happening? Service providers, such as Discord recently for example, are asking for identification to prove users are of a certain age. If you punish service providers for providing services to minors then they will need to do age verification.
It has reached the level of moral panic, so it’s the current topic everywhere.
Even on Hacker News, threads about children and social media or short form video will draw a lot of comments supporting harsh age restrictions, including an alarming number of extremist comments in favor banning under-18s from using the internet or phones.
It’s not until the discussion turns to implantation details that the sentiment swings firm negative. The average comment in favor of age restrictions hasn’t thought through what it would mean, they only assume that some mechanism will exist that only impacts children and/or sites they don’t care about.
As soon as the implantation details come out and everyone realizes that you can’t restrict children without first verifying everyone’s age or that “social media” includes Discord and other services they use, the outrage starts.
We’re now entering the phases where everyone realizes that these calls to action have consequences for everyone because there is no easy solution that automatically only impacts children.
> the discussion turns to implantation details
Do not try and derail this thread with facts about vaccines!
Thank you for saying this. I've been similarly baffled.
The call to ban children from social media seemed like it was coming loudest from tech people - like HN users.
How did they think this was going to work?
There is no shortage of reactionary "tech people". They likely didn't think a bit about how this would work. Just ban kids from social media to protect the kids! And then their line of thought stops there. At the same time you've got people on HN asking for better parental controls. And when state governments push for exactly that, parental controls that still preserve individual privacy, everyone loses their fucking minds. Your operating system reporting an age range that you define so apps and websites can filter content appropriately is not a privacy violation. It's literally what people have been asking for. But this community wants to protect children from the internet and "dangers of social media" and also refuses to build any mechanism that distinguishes children from adults that don't violate privacy.
> threads about children and social media or short form video will draw a lot of comments supporting harsh age restrictions
I think there should be age restrictions. I prefer to do it in a privacy-preserving way. But I’m also not happy about conditioning the former on the existence of the latter.
Outside of better parental controls and restricting accounts based on self declared age, there isn't a way to perform age verification anonymously or privately.
> isn't a way to perform age verification anonymously or privately
Totally, no. Better than having users upload IDs with no use restrictions on the social-media companies? Yes. The harms justify, in my opinion and the opinion of lots of Americans (and importantly, those able and willing to call their electeds), a little bit of privacy encroachment for using a totally-voluntary product.
One component is to stop building tools that exploit impressionable minds.
They exploit all minds. But adults can make that choice responsibly. Kids cannot. We age gate alcohol and cigarettes. Social media is no different.
Well hackernews wont like this but the answer is because it's enforcing the status quo. Verifying age for age-related materials and services. Some internet related services had a defacto exemption from following the laws because the enforcement logistics just werent there. A physical store that sells porn has to ID whereas online you dont, for example.
In addition there are more services, such as social media, becoming age-gated.
The enforcement hurts the sensibilities of people like us on hackernews but it's common sense to a lot of people. We live in very polarizing times, but as you've noted, it has bipartisan support. The easiest explanation is the hackernews-friendly take of lack of enforcement mechanisms is the more radical one.
Personally I think it's a bit sad but inevitable. The laws are just catching up. And there will absolutely be some good coming from it, such as holding companies liable for breaking the law.
Physical stores look at your id, they don't take a copy. Same for home delivery of alcohol at least in the UK.
They may or may not. Just like online services may or may not make a copy. That is besides the point - the point is they verify age because it's already illegal to distribute porn to minors.
No, the do not make a copy and that specifically is the point I am making. The guy looking at my id while standing in my porch is doing something ephemeral.
Facebook is theorized to be paying an advocacy group to launch these, so that they can externalize the legal problems of social networking onto age verification and piecemeal state laws; simultaneously lowering their damages costs in future lawsuits and also raising the drawbridge over the newly-difficult compliance moat against future competitors.
> What's with the bipartisan push for these bills all of a sudden?
There is popular fury against the big tech companies for harming our children. That makes it politically advantageous to put forward solutions. Electeds are responding to that incentive.
Tech privacy “advocates” are notoriously useless at civic engagement, so most of the time I assume the electeds had nobody to talk to other than parents’ groups, who are going to pick the simplest solution to put to pen: the companies have liability to age gate.
I think part of it is because many affluent parents have children with major mental health issues: anxiety, depression, bipolar, thoughts of self-harm, etc. and many of these parents blame social media. The affluent have way more sway over policymaking, and since social media seems easier to control that other vices, they're exerting their control.
The suicide rate in Palo Alto, for instance, was so high that the CDC investigated it (around 2016). The situation hasn't improved much since then. https://elestoque.org/2025/12/07/opinion/community-members-t...
Another example: in the California Assembly hearings for AB 1043 (their age verification bill), one mom offered testimony in support by saying it was social media that enticed her daughter into developing anorexia.
This wasn't even a debate two years ago. People were still complaining about Secure Boot and needing Microsoft's permission to install Linux, and about locked phone bootloaders. The fact that this "need" has been manufactured was the victory. Michigan holding back for a moment doesn't matter when they already took California, and Europe is actively hostile to privacy - advocating for it there is starting to verge on the criminal.
Now the claw is closing, and government and big tech are combining. We're either going to let this tiny inbred elite track, monitor and rule every portion of our lives, or we're not. There are no solutions through government, and there are no technical solutions.
Right now you should be buying more computers than you need and datahoarding.
It is disrespectful that they can pretend with a straight face that they've suddenly discovered privacy concerns. The people who pay them started by priming them with the best arguments and lines that their "media" guys could come up with to dismiss those concerns and to paint the people bringing them up as Chinese terrorist pedophiles. They probably just figured out that they need to wait after the midterms, eliminate a few people and get a few others in, then they could get it passed attached to something else. While they're consciously planning, we're simply reacting and ascribing to ignorance and incompetence what is far better explained by malice.
The entire purpose of these laws is to destroy privacy. It isn't churches and puritans lobbying for them. There's no visible constituency lobbying for this, just a bunch of people who have been softened into going "well, if it helps..."
People need to ask themselves who's getting this stuff done? There are so many things that 70-80% of the electorate are loudly clamoring for that can't even get acknowledged by anyone in power or in the mainstream media, but this stuff gets passed?
Of course. Suddenly we are concerned about privacy and the catch-all strikes again.
This all feels coordinated towards another goal.
Maybe I'm just a cynical bastard, but after reading the article I can't help but agree. They saw the light way too easily and the sponsors didn't push back at all. That's how it's supposed to work, yeah, but it's a far cry from anything I've experienced in my entire lifetime. Something's up.
HTTP 451
"We recognise you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the EU which enforces the General Data Protection Regulation (GDPR) and therefore cannot grant you access at this time. For any issues, e-mail us at info@franklinnews.org or call us at (847) 497-5230."
This is extremely funny given it's an article about privacy concerns :)
I love seeing this, and love seeing regulations working exactly as wanted! What I see is basically "We're unable to serve this website without compromising your privacy, so instead of pretending or giving you a choice, we give you this message so you can turn around".
Right... as if can trust some random American or other non-European website that it really respects the law. What are you gonna do if it breaks the GDPR law? GDPR ruined the Internet.
I'd argue greedy capitalists ruined it. They were also the cause of GDPR
They also built it out.
> "We're unable to serve this website without compromising your privacy... "
More accurately, "we do not have the staff or funds to figure out what every single random law around the globe requires of us, and since foreign countries are not a realistic advertising market for a local Michigan newspaper, there's really no reason for us to try."
Well, you don't have to do any of that stuff if you either are upfront about selling user data and ask if it's OK, or if you just don't do that stuff at all.
European law imposes a great deal more obligations on a business than that. This claim is simplistic to the point of disingenuousness.
Since obviously there is no "European law" in the first place, I think it's pretty safe to assume you have no idea what you're talking about.
Interpol would like a word.
> Interpol would like a word.
Also not a "European law" by any measure or understanding, that's a international organization that does police cooperation across the continent (and further), it isn't even a law enforcement agency... Not exactly sure how you could confuse that with laws, but here we are.
https://en.wikipedia.org/wiki/Digital_Markets_Act
https://en.wikipedia.org/wiki/Digital_Services_Act
https://en.wikipedia.org/wiki/General_Data_Protection_Regula...
Here are three.
That would be rather surprising to the large number of law schools that teach European Law as a core subject, such as the Panthéon-Sorbonne (Droit européen), Bologna U (Diritto Europeo), and Humboldt U (Europarecht).
Equally surprised would be the authors of very many legal books and journals, e.g. https://www.cambridge.org/core/browse-subjects/law/european-...
But to know that you would have to study the laws of other countries or in this case EU which costs money and in this case is not an obviously beneficial investment.
they blocked a continent without seeking any advice?
Why not? That continent is not their target audience.
It probably wasn't worth the effort to block foreign countries just from random unnecessary compute cost to serve a site to them, but when those countries start being serious about penalties you could face for serving their residents? Now it's justifiable to block non-US countries.
the thing is "We don't want to get legal advice" is a ridiculous justification for acting on legal advice
I'm sure they (or whoever sells the product they use to publish) did get legal advice, of the "what is the cheapest way to ensure this isn't an issue for us" and the response was "block 'em all, let God VPN them out."
After all, using a VPN doesn't absolve companies of the GDPR.
Yes so the informed choice they made was "block gdpr countries" vs "be transparent about our use of personal data".
Every site that gdpr-blocks itself is saying that they intend to extract value from your data and they don't want to tell you how.
No, it can also be saying "I simply have too many other things to do than worry about what the correct data retention or ban appeal or DSA statement of reasons requirement or DSA statement of reasons transparency DB API or UK Ofcom age verification requirements or..."
Sometimes if you're just one person and the EU isn't a core market and you are a small business or non-profit, it's easier to just say, ok you know what, no thanks to all this for now.
The signal remains the same:
"Will you sell my data?"
"This interview is over. (I'm very busy.)"
That's absurd. Are you, right now, compliant with all relevant laws and regulations in Turkmenistan? Do you have legal advice to back that up? Why not? Is it because you're a criminal?
No! Of course not! It's because you don't care about Turkmenistan, to the extent you've never even bothered to look up what is and is not legal there, let alone get legal advice about it. That's a perfectly fine answer. This random Michigan newspaper doesn't care about the EU. That's a perfectly fine answer too.
Turkmen: "Will you sell my data?"
Me: "No."
If complying with the GDPR was that easy an entire industry wouldn't be needed.
Use of AWS availability zones as it applies to Article 5?
https://gdpr-info.eu/chapter-5/
It is that easy.
It's pretty clear you're not a good faith interlocutor at this point.
Refute me or shut up.
If your site is covered by GDPR and you do not have a physical presence in the EU you have to appoint someone in the EU to receive mail on your behalf, so people who want to make GDPR requests by mail can write to them. See Article 27.
There are services that will do this for you. Last I checked they were typically in the neighborhood of a couple hundred Euros a year.
Whether or not GDPR applies to a site not in the EU is somewhat subjective. It comes down to whether you envisaged serving people in the EU.
If your site does not need EU visitors it can make some sense to block them. That provides evidence that you did not envisage serving people in the EU, and then you don't have to figure out if you need to be hiring a service in the EU to receive GDPR mail.
>since foreign countries are not a realistic advertising market for a local Michigan newspaper
This may be true for in house ads, but there are ad networks that already are able to personalize ads and have ad inventory for such foreign countries.
It's illegal for us to steal from you, so we won't invite you inside.
What does GDPR get you that browser settings and an extension don't? I'm genuinely curious how random websites refusing to serve content / spamming cookie banners is a good thing?
The data download and removal side of GDPR seems useful for more "entrenched" use cases where you have an account and a long history on a service but... fly-by website visits should not be this heavily regulated. Blocking cookies and scripts is trivial.
I should not need extensions for a business to respect my privacy. It's as simple as that.
If you look at it through an equity angle, needing extensions relegates the negative effects to those that are already not "well off" — the technologically illiterate who don't know what to do or know someone who does.
So someone's refusal to make a couple clicks to install an extension necessitates: 1) millions of users having to click to get the annoying popup off their screen, 2) installing an extension to block those anyway, and 3) a more fractured internet where website operators outright refuse to serve content because of liability? I'd bet a very large sum of money that the technologically illiterate don't read anything on those popups and click "Accept all cookies"
How does someone's refusal to install an extension necessitate millions of users having to close the popup? I guess you mean someone as in "vast majority of population"?
Why is the government making efforts to increase technological literacy not an option?
A proper course in technological literacy would also necessarily include the fact that browser extensions are quite possibly not safe.
> I'm genuinely curious how random websites refusing to serve content / spamming cookie banners is a good thing?
They refuse to allow visitors to visit their website without taking, processing and selling their data and letting those visitors know that this is happening. That they outright block me instead of doing those anyways, clearly is a good thing and in my benefit.
There's also your IP address. No browser setting or extension is going to hide it. There are of course VPNs and proxies, but they're different things.
Or "we don't care about respecting stupid laws in your country. If you don't like being blocked, take the issue to your politicians."
But that's the thing, making them outright say "we don't care about respecting stupid laws in your country" (which for us means "we need to continue to be able to sell user data without notifying we do this") is not an "issue", that's the whole benefit of it in the first place.
Anyways, it sounds like a win-win here, they get to not care, and we get to be rejected with clear reasons why, so again, benefits all around.
A US based non-profit news organization isn’t going to spend money to pay lawyers to ensure they meet a regulatory burden that doesn’t affect their core demographic.
Neither are they gonna lose the potential of getting the data of any of their visitors, hence they're in this catch-22.
A burden that's proportional to how much user data you mine, process and/or share with third parties. Hence the irony
> A US based non-profit news organization isn’t going to spend money to pay lawyers to ensure they meet a regulatory burden that doesn’t affect their core demographic.
I like being covered by gdpr. Though I really cannot see any country's gdpr peops taking anyone in the US to court. A very simple "Fuck you" (along the lines of The Pirate Bay) would end any legal conversations. It would be different if the news organisation had an office in the EU. Anyway, i have a vpn, so....
The UK is not part of the US (yet?) nor the EU, but they're currently fining US companies - it doesn't surprise me at all that many take the easy answer of "ban them by IP".
> The UK is not part of the US (yet?) nor the EU, but they're currently fining US companies
Are they going after money they have in the UK or are they delusional enough to think they can successfully fine a company with no ties to the UK?
The latter - https://xcancel.com/prestonjbyrne/status/2034551030453539149
We await the larger rodent.
I wonder why do they censor the content? It's not like the EU can enforce GDPR in US.
For the record, I think it's important to highlight this as "hey, the system actually works" sometimes. All the fatalism and whatnot with government.
If it's illegal in the United States to ask someone's age before distributing porn to them online because of the first amendment, why can physical porn stores ask for id? Is that also unconstitutional?
It is not illegal to ask a user's age in the US online. Can you let us know what your source is?
> It is not illegal to ask a user's age in the US online.
Note that this is not what I said. You overgeneralized it - I will assume without bad intention. The question is if it's illegal to require porn companies to verify the age of their users.
> Can you let us know what your source is?
The Free Speech Coalition and Kagan, Sotomayor, and Jackson of the Supreme Court, to start. That was their minority opinion in the suit filed against Texas for requiring online porn companies to verify the age of users. The plaintiff argued it was a violation of the first amendment - it is a common argument.
https://www.scotusblog.com/2025/06/court-allows-texas-law-on...
The argument against the legality of these laws has always been highly suspect. There is a common sentiment that these laws are not good - but when pressed to explain why they aren't legal you get crazy arguments like this, that it violates the first amendment.
Fwiw, you did not say the same thing here and in your first post. Your words are meaningfully different.
You should try to engage with the substance of the post.
The claim made by some is that its illegal to require porn companies to do age verification due to the first amendment. It's really the only legal theory I've seen that supports the claim that the Texas law and others are unconstitutional. The rest just amounts to "it's bad so they should rule against Texas and others."
If his comment was based on some different understanding lets state it so we can clarify, but I think I already have. Of course its not illegal to ask someone's age on the internet. Is that truly what you believed I was saying?
I was just trying to explain the confusion of the original response, I'm not interested in the topic. They originally said "it's illegal for a company to verify someone's age", but their follow up post was "it's illegal for the government to force companies to verify age"
> If it's illegal in the United States to ask someone's age before distributing porn to them online because of the first amendment, why can physical porn stores ask for id? Is that also unconstitutional?
The laws typically don't require them to check ID but instead punish them for selling to minors. You then have several major differences from the online case:
In a physical store where they're neither de facto nor de jure required to check your ID when you're clearly an adult, many of them then don't. There is no feasible way to do the same thing on the internet so instead it effectively becomes requirement to ID everyone, which is different.
In a physical store the clerk can already see your face and hear your voice. It's already hard to be anonymous while interacting in person. A law that compromises anonymity in a context where it was already compromised is different than a law that compromises it in a context where it wasn't.
In a physical store, someone who checks your ID is a human being. They're probably not even going to remember you, are just a store clerk even if they do, and you can see if they try to photocopy your ID or similar and refuse to allow it. Or, you may have a human relationship with that person and trust them not to share your identity with their employer or anyone else. For an online service it's a computer operated by a corporation, and then there is no way for you to tell they're not storing the information, which they have a perverse incentive to do so they can tie all of your future and past interactions with them to your ID. This results in a much stronger chilling effect.
Moreover, a lot of these laws predate the sort of databases that now exist. If someone started making surveillance cameras that could undetectably read the barcode from your government ID if you took it out anywhere in the store and then record it in a database to associate with your activity, your typical defense from that would be to not take it out while you're in the store. At which point a government mandate to show them your ID would have different implications than it did in 1975, which could affect its constitutionality.
> In a physical store they're neither de facto nor de jure required to check your ID when you're clearly an adult, and many of them don't. There is no feasible way to do the same thing on the internet so instead it effectively becomes requirement to ID everyone, which is different.
1) Not true. The burden is on the seller to verify age. Sure, they can try to do it visually but if they fail they are still liable.
2) Even if true, nothing changes in a legal sense if they lose the ability to informally verify age because thats not a legal right of the consumer. It's just an incidental feature of buying in store which some people value. There may be a difference there, but its not a legal one.
3) Texas law didn't mandate age verification by ID specifically.
> Sure, they can try to do it visually but if they fail they are still liable.
That doesn't really have anything to do with the issue that there are practical ways of doing it in person without demanding ID but not online.
Also, those laws tend to have Problems if they actually try to enforce them that way. If the police get a 17 year old a convincing fake ID that says they're 21 or contrive some other circumstance where the seller would reasonably believe they were an adult and then try to prosecute someone for selling to a minor, judges start thinking things like maybe due process doesn't allow the government to get away with that.
> Even if true, nothing changes in a legal sense if they lose the ability to informally verify age because thats not a legal right of the consumer.
"Acquiring information anonymously" is a legal right of the consumer. Laws with chilling effects are a violation of the First Amendment.
> Texas law didn't mandate age verification by ID specifically.
But you're asking why it's different than doing it in person. It's different because the available mechanisms of ascertaining age are different.