- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
Decentralized social network Mastodon says it can’t comply with Mississippi’s age verification law — the same law that saw rival Bluesky pull out of the state — because it doesn’t have the means to do so.
The social non-profit explains that Mastodon doesn’t track its users, which makes it difficult to enforce such legislation. Nor does it want to use IP address-based blocks, as those would unfairly impact people who were traveling, it says.



I don’t need to comply with American laws as I am not American. Their law literally does not apply to me
If you run a social media platform that hosts American users they actually might.
Same as the bar for whether GDPR applies to you isn’t whether your server is physically in the EU, it’s whether you’re processing data from EU users. Or, in fact, how you’re supposed to get explicit permission from EU users to host their data anywhere outside the EU in the first place.
Now, I’m not a lawyer in Mississippi, so I’m not gonna give you legal advice, but I would definitely look into it if I’m setting up a public instance. The same way I’d be looking into what compliance things I need to do to host people’s data, both due to GDPR and due to other privacy laws around the world. It’s one thing to set up for friends and family, but if you’re hosting data from outsiders you probably need to understand what you’re doing.
I’ve also not looked into what happens if you are sharing data with a noncompliant server in a restricted territory (so someone is self hosting in Mississippi and then federating with your server elsewhere). I don’t think the legislators who wrote this dumb rule know, either. They clearly haven’t thought that far ahead. Common sense dictates that the outside server would be fine and it’d be the local server’s problem to be compliant. I presume that’s what Bluesky is counting on (i.e. that someone will set up a local instance and act as an ingest bridge for them without it having to be them). Then again, you have British legislators now claiming that all VPNs need to have age controls, so I am not taking common sense for granted when it comes to these things.
How exactly do they plan on enforcing a fine when you have no business in their country? It works on companies that have an actual presence there. But if you just don’t care about that country you could completely ignore it.
Yeah, see, I’m not a lawyer, but I am confident enough that “committing crimes in another country remotely is safe” is absolutely terrible legal advice. Don’t do that. I am confident enough in my understanding of legal matters to issue that recommendation.
I mean, I’ve given Rochko crap here for not thinking things through when he incorrectly suggested more decentralization would make Masto behave differently than Bluesky in this issue. I don’t for a second assume he meant “because fuck it, fine me if you can, USA” or I would be giving him way more crap and closing my Masto account just in case for good measure.