[hn_throwaway_99]

All the porn companies have handled this by simply blocking the sites in the states in question, just forcing people to use VPNs. If you ask for ID verification to see NSFW content they know hardly anyone would provide it, and at the same time it opens you up to a lot of liability in handling extremely sensitive PII.

The whole thing is just moralistic BS anyway. I'm sure most kids can figure out how to use a VPN better than adults.

[itake]

> just forcing people to use VPNs

Does this really even work? The law isn't "if the user's ip address appears to be from this state, then you must require id".

Properly enforcing georestrictions like this costs money and destroys businesses, but that is kinda the point.

[azernik]

It provides plausible deniability. "We did our best, judge"

[moate]

It's not even plausible deniability, it's literally "how are we supposed to know what location people are in other than ISP?" That's the de facto determinate of location online. The government hasn't taken the position that a bar checking driver's licenses to confirm someone's age provides "plausible deniability", but rather that they're doing their part to comply with the law, even if some users are going to use fake IDs to cheat the system.

[itake]

1/ block data center connections / require users to connect via a residential IP, not cell phone.

2/ request GPS location from the device.

3/ request WiFi location from the device.

4/ require billing address to be out of state. (States collect sales tax based on billing address, not where the service or product is bought. So I think this is fair.)

[dspillett]

No, but they have deniability. “We checked, and they weren't in your state as far as we can tall”.

Slightly aside, if you filter like this for any reason it is safer to check that the request is NOT coming from some other location – that way your main failure mode is accidentally screening someone in a state you don't need to, not accidentally letting someone in that you could face legal action for, though this is a harder check to make.

The blocked people that use VPNs may well appear to be coming from a non-US location too which probably makes the denial slightly safer.

[svnt]

I’m sorry but business success aside, how else do you propose to do it? Require them to go outside and take a panoramic video including their face that somehow also captures third-party information about the date and time and then feed it into geoguessr?

[itake]

Couple thoughts:

1/ if the company can’t meet the regulations, it can’t exist.

2/ if there is wiggle room of “as long as you tried your best, then it’s ok”, then requesting gps location, nearby wifi nodes, and banning traffic from data centers, then that would be better.

[harimau777]

I think the problem is that laws that are trying to force morality on people.

[ryandrake]

The general problem is that web site X doesn't know if user Y lives in state Z. And most of the realistic ways to allow them to know this are huge PII disasters waiting to happen. This has nothing to do with morality. If states wanted to ban HN, it would be just as ridiculous. Using IP address is about as pointless as using your mobile phone's area code.

[numpad0]

No, the problem is unchecked moral panicking. IP geoblocking is mitigation.

[Digory]

All laws force morality on people.

[chimeracoder]

> If you ask for ID verification to see NSFW content they know hardly anyone would provide it, and at the same time it opens you up to a lot of liability in handling extremely sensitive PII.

Yes, and that is exactly why Morality in Media (the right-wing, evangelical group behind these laws) has been proposing them. Their goal is to outlaw pornography (and other "immoral" content) on the internet by making it so difficult to access or provide legally that nobody will bother.

> I'm sure most kids can figure out how to use a VPN better than adults.

You're making the mistake of assuming their goal is to prevent kids from being able to access pornography. It is not. Their goal is to make it so financially impractical to run any service that publishes (or allows people to publish) pornography, LGBTQ content, or anything that they deem "immoral" that nobody even tries. And it's working: many services which used to allow that content before 2017 no longer do, and it is much, much more expensive (and difficult) for the remaining folks to find platforms or hosting providers to continue to do so.

[caminante]

I was curious about the origin. It may not be what you expect.

> These bills didn’t originate from some evangelical PAC or conservative think tank. Their actual origin was, ironically, The Howard Stern Show. [0]

While it seems like everyone has overwhelmingly sided against free speech advocates (ACLU) and porn sites, there are some interesting points about access/addiction. I'm less impressed if it's purely evangelical driven (at least now), but I'm sympathetic to arguments about access for minors (or their ability to post under-age content). I don't have the answer.

[0] https://www.politico.com/news/magazine/2023/08/08/age-law-on...

[chimeracoder]

> I was curious about the origin. It may not be what you expect.

As someone who's been following this for over a decade, I can assure you it is, in fact, what I expect.

That article is absolute nonsense, which you can tell by the fact that it claims the clock starts in 2021, when these bills have actually been introduced multiple times before then.

Furthermore, the article contradicts its own narrative, first claiming that a Howard Stern spot "started" it, then admitting two paragraphs later that the legislator was inspired by that radio show to contact... an anti-porn lobbyist that she had already known about for years. That's a really... interesting definition of "origin" that they're using.

[caminante]

Sure, but LA was the first to pass age verification for adult sites (and it wasn't until 2022-23). I don't know what the line is between that and other age verification (13+) or blanket anti-porn bills you're referring to. [0]

I don't follow your point about contradiction.

How is contacting a single-issue ally (who's on the opposite end of the political spectrum at that -- and not a "GOP Think Tank" or "evangelical") changing the origin? The person she reached out to is a pro-abortion, radical feminist. That is strengthening the article's key conclusion by a lot. It's a surprising turn for an origin story.

[0] https://en.wikipedia.org/wiki/Age_verification_system#United...

[Aromasin]

This seems a little baffling to me because these evangelical groups are uniquely American. There would still exist a huge pornography industry globally, particularly within the EU, that would serve the US even if these groups achieved every goal. It's deluded to think it could be stopped.

[brimwats]

No they're not; their roots are in the YMCA and the British society for the suppression of vice and earlier societies dating back to the 1700s. They originated when the church courts were shut down and are a feature of British evangelicalism that Americans turbocharged.

[chimeracoder]

> This seems a little baffling to me because these evangelical groups are uniquely American.

I'm referring to one of several groups that is behind a specific campaign in the US. That doesn't mean that there aren't other efforts to curtail this in other countries or globally.

As mentioned elsewhere, there's a law that's about to go into effect in the UK which is actually way broader and draconian than any that has been passed anywhere in the US. There are more in other countries too.

> There would still exist a huge pornography industry globally, particularly within the EU, that would serve the US even if these groups achieved every goal.

And yet, when Tumblr and Imgur and Reddit[0] banned pornography, no EU-based competitor emerged to take their place.

[0] Reddit's ban wasn't a total ban, but it was enough to effectively shut down many groups (which was the goal).

[numpad0]

EU guys are the same. Organizations like German state police are doing "crackdowns" of Internet contents in total disregard of jurisdiction. Targeting criteria is neither consumers nor producers but specific subjective quality of content itself: they never care who makes it or at what cost, but that it exists.

[influx]

Does the EU allow sales of pornography to minors?

[azeirah]

VPNs? Or children?

[southernplaces7]

>Yes, and that is exactly why Morality in Media (the right-wing, evangelical group behind these laws)

Sure, they're major culprits but let's not let the left get off the hook entirely on promoting moralizing censorship of porn too. There are segments of it, especially those in certain feminist camps that hate pornography with a victorian near-evangelical level of scorn and they have a loud voice of their own under different flags and reasoning.

[mmooss]

Are there many and do they have any influence? I haven't heard anything from such groups. Have they gotten any laws passed, like the age verification laws the other groups have succeeded in passing in several states?

[Digory]

“ We believe we have a moral responsibility to keep porn off the iPhone," Steve Jobs declared in an email to a customer. "Folks who want porn can buy an Android."

[TheOtherHobbes]

There are, but they're disorganised and poorly funded, and opposed by other feminists. (It's practically a law - for almost every feminist moral POV there is an equal and opposite feminist moral POV.)

Meanwhile the organised and well-funded evangelicals and right-wingers ignore the constant stream of SA and CP convictions among youth pastors and other supposed moral authorities.

The stats don't necessarily prove that religious states consume more porn, but porn is an existential problem for evangelicals in a way that it isn't for most progressives.

[Dalewyn]

Pedantic, but the word you're looking for is proxy, not VPN.

A Virtual Private Network is a private network such as a Local Area Network created virtually on a Wide Area Network such as the internet. Tailscale, SoftEther, or Hamachi for the old boys are examples of VPN implementations.

A proxy is a server that accepts and forwards traffic from clients through it, lending its IP address to clients as the traffic origin if desired.

A proxy can exist in a private network, but it is not a requirement.

[hn_throwaway_99]

No, the word I was looking for was VPN, not proxy. We weren't having a technical discussion about protocols or what not, I was talking about the services people use to bypass state-level porn blocks, and for better or worse, those things are called VPNs. As someone who does understand the technical background, I don't really like it either, but tough shit, language changes and has different meanings in different contexts.

Just google "VPN" or "How do I access Pornhub in Alabama?" All of the results refer to "VPNs" as I was using the term.

[technion]

I think this ship has sailed. Services like nord or mullad are described as VPN products yet they are the products people are buying to route traffic into pornhub.

[Dalewyn]

Seeing as Hacker News is ostensibly composed largely of people in-the-know, we could certainly use appropriate terminology unlike the commons.

[fenomas]

Usages exist inside contexts, and the context of the post you replied to was unambiguous. Changing it like s/VPNs/services advertised as VPNs/ would not clarify anything to anyone, and changing it like s/VPNs/proxies/ would be less clear (since the author was likely referring to commercial services, not servers in a network).

[justanorherhack]

This is correct. This entire conversation demonstrates how bad technical people are at understanding people.

[Avicebron]

A lot of people live exclusively on layer 7, which is fine.

[numpad0]

"VPN" services do in fact use VPN, they're not HTTP based. It is technically appropriate to call them as such, as awkward as it is.

[0xcde4c3db]

Yeah; it's not strictly accurate, but in a similar sense that it's not strictly accurate to call the typical copper Ethernet connector "RJ45", to say that a UDP "connection" occurred, or to say that a modem connects to a "DB-9" serial port.

I suspect the root of the problem is that over time, "proxy" has become strongly associated with application-layer protocols like HTTP, and after that shift it wasn't obvious what to use for something lower-level that encompassed a wider range of protocols/endpoints/conversations. In principle, "tunnel" would probably have been better (and a legible metaphor to boot), but that's just not how things shook out in practice.

[zajio1am]

I would disagree.

First, system that forwards traffic behind its own IP address is called proxy if it works on application level, and NAT if it works on IP level. So we have socks proxy, but home router with NAT.

Second, VPN is just a fancy name for an overlay network over WAN. Overlay network is overlay network even if it only contains two nodes - your host and a remote router providing internet access.

I do not have direct experience with these VPN services, but i would guess they work on IP level and not on application level. So they are just ISPs providing service through overlay network (VPN) instead of access network or physical network.

[rUsHeYaFuBu]

Curious, does a proxy also tend to encrypt the data streamed between it and the end user like a VPN service would?

That is, does the ISP have access to the information that's being accessed via the proxy?

It was my understanding that proxies tending to mask where a request came from but does nothing significant with the data between it and the requester.

[Dalewyn]

>does a proxy also tend to encrypt the data streamed between it and the end user like a VPN service would?

It could, but it's not a hard requirement. A proxy server is just like any other server, encrypting the data en route is as desired.

A VPN encrypts data as a part of securing tunnels, but it's not a hard requirement there either. As long as two computers can communicate over private IP address ranges on a WAN, it's a VPN. The Private in VPN indicates the scope of the network, not whether any data within is immediately accessible.

See also: "Private" and "Public" IP address ranges.

>does the ISP have access to the information that's being accessed via the proxy?

The ISP providing internet to the proxy server will know what the proxy server requests and receives.

>It was my understanding that proxies tending to mask where a request came from but does nothing significant with the data between it and the requester.

Correct. Again, whether the data a proxy server receives and forwards was encrypted is tangential to the task of forwarding data.

[mhitza]

Depends on the proxy. If you have an SSH server you can open a local socks5 proxy, that when configured in your browser sends all the traffic through your server. Since its a proxy over SSH it's all encrypted till your server, then whatever protocol the website uses.

VPNs are better (as in more ergonomic) in practice, since large sites tend to block access from known hosting providers (looking at YouTube not rendering video when accessed from a Hetzner server).

[ETH_start]

It's 100% bullshit. The parents themselves are responsible for letting their children browse the internet unsupervised.

The culture of over-reaction to danger that has taken over the political domain is creating a nanny state where it's impossible to avoid crosssing red lines and doing something wrong. It's paralyzing society by instilling inaction as the only safe path.

[itake]

> The parents themselves are responsible

Parents give their kids access to guns and we all know how that ends. If we can't hold parents accountable for their children's violence, I seriously doubt we can do anything about parents failing to parent their kids on this topic.

What are we going to do? throw the single mom with 2 jobs and 5 kids in jail because she didn't pay $20/mo for parental controls on her kids devices?

[ETH_start]

>throw the single mom with 2 jobs and 5 kids in jail because she didn't pay $20/mo for parental controls on her kids devices?

If she wants to have children out of wedlock or with a man who are not financially capable of being a provider, then she and her children should bear the consequences of that, not everyone else who know has to have government take over the internet and mandates identity disclosures for perusing adult content.

[itake]

Society pays the consequences either directly from government or the impact the kids have on everyone else that has to live with adults that discovered porn as a kid before they could understand it.

Kids that discovered porn at an early age will not understand how to process it properly and this will impact their relationships in the future. It is their future partners that suffer along with the kids and family.

[ETH_start]

If that's really the case, the only person who should be punished is the parent. Everyone else should not be punished with a more restricted society.

[itake]

How do you punish the parent without punishing the kid? Throw the single mom in jail? fine her? take the kid away?

If the kid is living with single-income grandma, b/c parents passed. Do we throw grandma in jail for not blocking the content properly?

[robertlagrant]

> The parents themselves are responsible for letting their children browse the internet unsupervised.

Unless you never let your child near any slightly older child with a phone, you as a parent cannot individually control this.

> The culture of over-reaction to danger

Which is it? Is it that parents haven't protected their children enough, or that children don't need protection from watching pornography?

[ETH_start]

>Unless you never let your child near any slightly older child with a phone, you as a parent cannot individually control this.

You have to not let your child near any older child with a non-child-safe phone. This is the parents' responsibility.

[monkeyfun]

>Unless you never let your child near any slightly older child with a phone, you as a parent cannot individually control this.

...are you implying kids are having group jerkoff / porn sessions? Seems like a pretty absurd claim.

Also, on your second point, you seem to be almost strawmanning -- I see no claim from the person you're replying to that they think kids need more protection.

They're stating that parents are actively giving their kids devices, and have a lot of tools to restrict usage of those devices. Whether they literally limit physical access, oversee use, or install filtering software, there's a lot that can be done to restrict access in an authoritarian manner to those kids, and exclusively within the household without having to affect and restrict the overwhelming majority of society: grown adults.

(I also personally believe education is more important than any sort of restriction, and am always against censorship or surveillance policies in general. I definitely agree with them on but I'm trying to mostly restrict my post to what that person almost definitely had in mind, rather than soapboxing my own views).

[Izkata]

> > Unless you never let your child near any slightly older child with a phone, you as a parent cannot individually control this.

> ...are you implying kids are having group jerkoff / porn sessions? Seems like a pretty absurd claim.

Pre-internet, there was a fairly common trope of a kid discovering a dirty magazine, often hidden in the home by an older sibling, and showing it to their friends. Nothing actually happening, they were just sharing the images. GP seemed to just be suggesting that updated for the internet age.

[robertlagrant]

> ...are you implying kids are having group jerkoff / porn sessions? Seems like a pretty absurd claim.

Just anything. Beheading videos. Whatever. I can't imagine anyone not realising this is a virtual certainty for some older kids to show younger kids.

> I see no claim from the person you're replying to that they think kids need more protection.

They called it "danger".

> there's a lot that can be done to restrict access in an authoritarian manner to those kids

But not to their kids' friends' older siblings. If you're not talking about that then I don't think you're particularly replying to my comment.

> I also personally believe education is more important than any sort of restriction, and am always against censorship or surveillance policies in general.

I think in this case this fights against the idea that some concepts or experiences are not appropriate for certain ages, and some of them are not currently curatable by parents in a way that they always have been throughout history.