[justaman]

I think everyone has a sour taste left over from decades of half-baked laws written by politicians that don't understand the basics of the internet or technology in general.

With that said, I also don't understand the issues people are having with this.

[ranger_danger]

I wonder how they deal with the (hopefully) constant abuse reports aimed at them from providers who are tired of their shady customers doing shady things from their IPs.

[webspinner]

They wouldn't.

[logifail]

> With that said, I also don't understand the issues people are having with this.

The regulation "requir[es] U.S. Infrastructure as a Service (IaaS) providers of IaaS products to verify the identity of their foreign customers"

Q: How would one propose to determine if a customer is foreign or not?

A checkbox, perhaps? <rolls eyes>

No bad actor would possibly pretend to be a domestic customer, of course... <rolls eyes again>

[refulgentis]

That's a strawman. <rolls eyes> It won't be a checkbox, of course... <rolls eyes again>

[logifail]

> That's a strawman [..]

OK, I'll bite. How exactly are [US] domestic users of services supposed to prove they don't need to prove their identity?

EDIT: it reminds me of the Common Travel Area (between Ireland and of the United Kingdom of Great Britain and Northern Ireland), which has some glorious inconsistencies. For instance that nationals of Ireland and the UK travelling between those two countries do not need a passport, except when you take an international flight and rock up at IE/UK border control it's fairly hard to prove you are a national who doesn't need to provide a passport without having ... a passport (or equivalent ID).

[outop]

Have you travelled between the UK and Ireland? You most definitely do not need a passport and do not need "equivalent ID". You can travel (by boat) with a student card, driving license, photographic travel pass (ie over-60s pass, young person rail pass), or photographic id from your work.

The check is very much "don't stop walking but hold your ID-looking thing in your hand so a nonchalant man can glance at it". You would attract very little attention with someone else's UK or Irish driving license, a bit more if you decided to test the waters with a weird form of ID.

Children can travel with a birth certificate (no photo).

You need more than this to get on an aeroplane, but that also applies to domestic flights in the UK.

If you get the boat and show eg. a Romanian student card, they might ask you where your passport is, somewhat reasonably since you would have needed it to travel to the UK or to Ireland. They would accept an ID card probably and might let you in with legit looking non-government ID.

That's the sea border. You can cross the land border between the Republic of Ireland and Northern Ireland without any form of ID at all, government-issued, photographic or otherwise. Lots of people do it every day by car or bus and it would not remotely occur to them to take ID with them.

So the Romanian student would have no problem travelling between London and Dublin without showing anything since they could get a boat Glasgow- Belfast and then get a bus to Dublin.

If this was your best example of governments lying and changing the rules, it's not a very good one (and is also kind of offensive to Irish and British people).

[logifail]

> You need more than this to get on an aeroplane, but that also applies to domestic flights in the UK.

Can you clarify what you mean by "more than this"?

I've travelled on many domestic flights within the UK, and ID is not routinely checked.

> If this was your best example of governments lying and changing the rules

Ouch.

The common travel area has its origins way back in 1923, the rules are clear, no-one is lying.

It's just that it's hard to prove you are entitled to its benefits without having an ID document with you that - if you're entitled - it says you don't have to have with you...

[outop]

When did you last travel on a UK domestic flight? You definitely need government issued ID.

You are suggesting that having to show any photographic ID is the same as having to show a passport. That's obviously silly.

No one has to prove that "they are entitled to not show a passport" by showing British or Irish ID. This is a fantasy.

On the boat everyone, British, Irish or other, has to show ID of some kind. No one has to show a passport. At the land border no one has to show anything.

[refulgentis]

KYC stands for Know Your Customer, and is a core regulation in banking. So we can pivot off that and work through what a bank does to verify your identity.

I signed up for a Mercury bank account a few months back for my Delaware corporation without talking to anyone, so I'll use that as a template.

I can't remember the exact steps, but tl;dr submit a passport photo / driver's license photo and a photo I take in the app itself. If it was a not-US passport, then they'd dig into a full verification, not just a quick manual check of "is that face the same as the passport/license, is the passport/license ID # valid, and are the photos edited"

[AnthonyMouse]

You seem to be conceding the point that they would be forced to invade the privacy of their US customers in addition to just foreign ones.

[refulgentis]

True, I guess I wouldn't call it invading privacy, that's sounds a bit overwrought to me. Then banks invade my privacy, the DMV invades my privacy, etc. There's always tradeoffs, I respect people's concern about them, and I wish there was a gentler to say it.

[monksy]

> a photo I take in the app itself

So what else did they pull off your phone? Location data, personal photos, personal files, wifi connections near by, microphone data, ongoing location data?

[webspinner]

Exactly, they just want more mass surveillance.

[refulgentis]

None of those, just asked for the photo

[webspinner]

You don't understand the issues me as a blind person has with it? OK I have to upload a government ID every time I want to use an internet service. That's stupid. It's also considered a general warrant, and I thought we did away with those long ago.

[newaccount7hhhf]

What laws are you talking about? The Internet has grown a lot that’s largely because we have smart politicians and strong institutions. I really think the regulation of the Internet has been amazingly good.

[Kye]

For example: CAN-SPAM. If I want to send emails to a list, I have to burn $90 of my scarce dollars every year just for a PO box for the address at the bottom on the off chance someone sends a letter to unsubscribe. Unless I want to put my home address in every email, which I don't, and no one should. Unsubscribe links and highly effective spam filters were already completely standard when the law was passed in 2003. It doesn't matter if the email you send doesn't actually require it because every mailing list provider requires it.

[loeg]

Eh, unsubscribe links were definitely not universal in 2003 and they barely are today. But the situation has definitely improved in the last 20 years.

[AnthonyMouse]

The point is the rules are daft. A sensible rule would require a functioning unsubscribe process in the email, which every piece of software would then automate as an unsubscribe link. The actual rule requires people to be able to unsubscribe via a postal mailing address, which is unreasonable and ridiculous.

[webspinner]

Yeah, who wants to do that? I don't want to, no one wants to. It's a stupid law!

[loeg]

I'm just saying, your earlier comment would have been better without the sentence: "Unsubscribe links and highly effective spam filters were already completely standard when the law was passed in 2003."

[AnthonyMouse]

The person you're replying to is not the person you're quoting.

But also, the people with unsubscribe links now but not in 2002 would still commonly send their messages from a consistent address, making it easy to block them if you wanted to, and making even primitive spam filters highly effective against them. Meanwhile the people who randomize their from address to prevent this are the people who still don't have a functioning unsubscribe link.

[jovial_cavalier]

https://en.wikipedia.org/wiki/Stop_Online_Piracy_Act

https://en.wikipedia.org/wiki/PROTECT_IP_Act

https://en.wikipedia.org/wiki/Anti-Counterfeiting_Trade_Agre...

https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_A...

https://en.wikipedia.org/wiki/Patriot_Act

https://en.wikipedia.org/wiki/PRISM

[webspinner]

Yep, all of those need to go the way of the creamitorium!!!! You forgot FISA and CISA though, how'd you do that.