[godelski]

> What I’ve never understood is the argument that what California does regulating ISPs could actually affect the service plans in 49 other States.

What I've never understood is the argument that what Europe does regarding privacy could actually affect the privacy of other countries.

Sure, some websites detect your location and apply different rules to you but a lot end up just following GDPR and apply it universally because it is easier and cheaper to do that than do a "means testing" and apply specific rules. Creating all those rulesets makes for an increasingly complex system, makes it more prone to error (which includes doing those banned actions within California and resulting in a lawsuit), and just is overall more expensive. Determining country origin is presumably a lot easier than determining state origin too. Not to mention that California is the most populous state and the biggest tech sector. Pretty much the argument is ISPs have bigger fish to fry when they're restricted from doing something to a large portion of their customers.

No one and nothing are truly independent. That's always been a lie being sold. Choices you make affect others and choices collectively made affect you. It's literally the definition of a society. On HN we have these discussions about Chrome's dominance allowing them to have control over how the internet is structured. We've had these discussion about Apple's dominance influencing right to repair. And so on. Monolithic forces are never going to be stopped by single player boycotting. My usage of Firefox for over a decade never did anything to dethrone Chrome and I never expected it would, but hey, it also can't happen without people like me. Just needs to happen at a larger scale.

[SllX]

Except for the fact that the facts are different.

When you sign up with an ISP, you’re signing up for a guaranteed service at a physical location with defined jurisdictional borders and laws governing it. My ISP throttling their New York customers who try to use Netflix isn’t going to affect me. Honestly throttling their Oregon customers wouldn’t either.

This is factually different from Facebook who serves people independent of their location, residence or citizenship and don’t give a fig about who your ISP is because laws might cover someone based on any or all of those whereas a Californian who invades Texas is no longer covered by California-specific consumer protection laws, and to the extent that businesses choose to adhere to them in Texas is incidental. ISPs are very much bound by the location they setup infrastructure in in the way that the services you access through that connection are not as evidenced by the fact that they already take into account your residential address when determining 1. if they can service your location at all and 2. what services and what quality guarantees they can make to you.

Also just to make a note on GDPR, one of the screwy things about it is that covers EU citizens. EU citizenship is a complicated enough thing, but there’s a lot of people with EU citizenship living elsewhere in the world. Fully complying with GDPR is a much more onerous requirement in terms of infrastructure and professionals you need to hire than ISPs complying with a net neutrality law in one State. I’m not saying there’s no additional overhead, it probably is easier to have contracts that are as standard across as many markets as possible, but ISPs are already skilled at working within local jurisdictional requirements.

[godelski]

> When you sign up with an ISP, you’re signing up for a guaranteed service at a physical location with defined jurisdictional borders

It's messier than that. This works if all NY, OR, <whatever state> gets its traffic distributed through a guaranteed hub in those locations. Specifically when you know the end point of the user. Let's just take the simple case and say a Google employee sitting in a CA office is working with a Microsoft employee sitting in a WA office and assume OR has a throttling service. The hubs along the way are Seattle, Vancoover, Portland, Eugene, Redding, SF. Do the Portland and Eugene servers throttle? To do this they'd need to know: 1) the source destination, 2) the final destination, 3) the type of traffic, 4) the type of service, and so on. Are they going to have that? Probably not. And then it'd be trivial to get around if you start using encrypted traffic and encrypted DNS services. The ISPs just can't do that wish such granularity that they don't risk being sued by CA.

> Also just to make a note on GDPR, one of the screwy things about it is that covers EU citizens.

A note on the CA thing, the DOJ and several ISP lobby groups tried to get CA's law overturned at a federal level immediately after it was passed. It's been upheld. So they kinda already looked at a solution that strongly implies what the parent implied about other states likely implementing similar laws were the ISPs to start such fuckery.

CA here isn't just acting as a filter in that they do a thing and so having to work around them is more cost than its worth. They are _also_ an example, where they tried to get the laws overturned and failed. So they don't want to get any more similar laws in other states because that will have even more of an effect and tighten what they can do even further.

[SllX]

ISPs are already rate-limiting users based off the service tier they paid for. If you’re paying for 250 Mbps down and 1 Mbps up, you’re not getting the 1 Gbps down 5 Mbps up connection that your neighbor is offering. If you choose to upgrade to the 1 Gbps plan, you’re using the same equipment over the same wire.

Choosing to then sell you an additional premium option where you get the full 1 Gbps you theoretically could get but don’t already pay for, but they’ll give it to you for a selection of curated services including their own is possible, and to incentivize you to not use a VPN, they won’t count it against your data cap when you access Netflix at 4K on 4 screens simultaneously because you’re now a VIP customer—all of that would violate the spirit of net neutrality. T-Mobile already does similar things as a “bonus” for their customers and technically, it’s not net neutral. There’s all kinds of ways to discriminate between paying customers, and that was the original fear of not having net neutrality: that the internet would become just like cable TV. That hasn’t happened with or without net neutrality as law (or as an FCC rule at least). Pretty much most markets have explicit data caps on some ISPs at least now, but the way it started was ISPs rolled that out slowly, over the course of years, market by market.

You are correct that other States could pass similar laws. I don’t follow the politics of other States much, but if California can do it, so can they, but other States can’t rely solely on the fact that California did a thing and now they don’t have to bother taking any legislative action themselves, if it’s important anyway (and I’m not convinced this particular issue counts as important). California even won in Federal court, great! There’s precedent for it now, but that doesn’t mean ISPs would necessarily lose in a different circuit, and they could always force a circuit split in a friendlier district.

[mywittyname]

I know for a fact there are tech companies that build out separate systems for EU and US data pipelines. It's not really a big deal to have a lawyer look over the data that's being collected and flag stuff as can be collected in Europe, and can be migrated to the USA for processing. Companies generally run EU-specific infrastructure anyway. GDPR is honestly one of the easier aspects of operating in Europe.

[godelski]

> I know for a fact there are tech companies that build out separate systems for EU and US data pipelines.

Great, me too. I thought it was clear in my first sentence...

>> Sure, some websites detect your location and apply different rules to you but a lot end up just following GDPR and apply it universally because it is easier and cheaper to do