The idea that a state court in one particular state can enforce such an absurd law against a company that likely has no business operations or servers in the state is ridiculous. I don't care if you like the porn site in question or not, or condone or endorse its content. This is a slippery slope towards every regional tinpot dictator legislature attempting to censor the internet by having an entity's domain name revoked.
.com in particular has also been well proven over the past 5 to 10 years to be vulnerable to federal court orders to seize domains at the registrar level. That's not really anything new. It's a known risk for anyone building a corporate brand/identity around a specific .com domain name. What's new is this is being done from the state court level. (Edit: To be clear, in my opinion, a US State court completely lacks jurisdiction on this matter).
> The idea that a state court in one particular state can enforce such an absurd law against a company that likely has no business operations or servers in the state is ridiculous.
I agree. California has been doing this since 2022 [1][2] and it's equally indefensible.
States should not be allowed to wield their size and influence as a cudgel against other states and jurisdictions.
Interestingly if you browse American-hosted online internet firearms accessories websites (and FFLs who will sell you something online to ship to your local FFL), for the most part, it's just a basic HTML popup of "Are you over 18? Click Yes, okay, proceed". I haven't seen a single one that actually attempts to implement age verification. It seems that the Internet-based vendors, the same general cohort of companies that are exhibitors or attendees at the annual SHOT trade show, are not very scared of the Californian AG yet.
I'm unaware of the Californians attempting to seize anyone's domain name over this issue. But indeed this also seems like an overreach, California doesn't get to regulate what an Internet gun accessory store in Idaho advertises or publishes on the Internet. State to state transfers of serialized items go through a well defined federal government regulated process, such as if a person in Nebraska buys a Zastava M70 online from a dealer in Montana.
Items require payments which usually would be a credit card. Kids cannot get a credit card on their own as far as I know so the parents have to be involved in some way. (Obviously there are alternatives like paypal, prepaid debit cards, etc but it is quite a bit harder to actual get the item).
The ID (and therefore the age) is checked when one goes to pick up their firearm at the local FFL dealer, so an age check on the site doesn't add anything useful.
Correct, I was referring to the websites that have implemented only the most basic fig leaf of legal compliance (ca. 2001 era HTML popup of "are you over 18?") to be able to browse the product selection, even of items that aren't serialized/FFL 4473-requiring firearms receivers. Like, yes, I totally need to confirm that I'm over 18 to look at this Streamlight flashlight.
> I'm unaware of the Californians attempting to seize anyone's domain name over this issue.
They may not be attacking the domain but they're attempting to leverage the US Legal system to shut down operations. Arguably that's even worse- they can't just move to another domain/tld.
But you see, guns aren't harmful to small children. It's that damn pornography. Seeing a gun doesn't traumatize you for life, but man, seeing a private area? Life ruined.
Of course, once the number of years since you were born reaches exactly 18, your brain automatically shuts off the part of you that is impossibly traumatized by private areas, so it's suddenly completely okay and normal.
Oh, and when you reach exactly 16, somehow you're only impossibly traumatized by private areas on the screen, not in-person. Everyone knows this is true.
(I don't mean to be genuinely insensitive about the real harms that adult content can pose. I just think there's a difference between calling content harmful simply because it's adult and content causing harm because the viewer isn't ready for it)
It also makes complete and total sense that you can sell your body by joining the Marines as an 0311 MOS rifleman/grunt on your 18th birthday, but you're going straight to hell if you have an alcoholic drink before you're 21. I don't know if I've ever met a European who doesn't think the US's alcohol age laws are weird.
I have a cousin who lives in Illinois and joined the Marines. He's 20 now. He can shoot fully automatic weapons in the military and has won awards for handgun precision and skill.
But he can't buy a handgun in his home state or drink a beer.
It’s my understanding, for the most part, that they do not have constant access to fire arms, that they are somewhat tightly controlled on base precisely because the army has learn widespread indiscriminate access is a safety problem despite all this training.
The army "learned" no such thing. There was never a safety problem with guns on military bases. Guns were banned by Bill Clinton as part of a broader gun control push by the Democrats.
The effect has been the opposite of increased safety. We've had a couple of unopposed mass murder incidents on US military bases since the ban went into effect, most notably by Nidal Hasan, who was able to kill 13 and wound 33 because nobody else had a weapon.
For a few years after states raised the drinking age to 21, you could still drink at 18 on a military base. Even today base commanders still have the ability to lower the age to 18 if there's a nearby international border over which personnel can drink at that age.
Yes, US alcohol laws are stupid. Modern temperance activists were able to greatly restrict legal access to booze using anti-drunk driving "for the children" rhetoric.
Honestly I think the legal age for drinking could be lower if only society treated it better. A lot of drinkers are not only reckless but brought up to be reckless by how society treats them, what society expects of them, peer pressure, etc.
Similarly to how I'm salty about having to obtain LSD from black markets instead of having a known safe supply from a pharmacy. I trust my vendor, but the skill to not only find the market but to find the vendor and actually execute the ordering process is not easy to come by.
A lot more things could be available if people were properly informed and not just fed propaganda about how they're waay too dangerous. It's completely possible to be responsible about substances, it's called harm reduction. Also prescriptions are a thing -- even if I had to get a prescription from my doctor, I would even be fine with that as long as I'd get to take it at home.
> The idea that a state court in one particular state can enforce such an absurd law against a company that likely has no business operations or servers in the state is ridiculous.
Two things of note regarding this.
First, note the office of origin: Texas Attorney General, which is currently occupied by Ken Paxton who is running for a tightly contested seat in the US Senate.
Second, a state court does not have jurisdiction beyond its borders for entities not operating within same.
> .com in particular has also been well proven over the past 5 to 10 years to be vulnerable to federal court orders to seize domains at the registrar level. ... What's new is this is being done from the state court level.
Which is why any attempt to enforce this ruling would be subject to removal to Federal court.
Unenforceable and meant strictly for political theater IMHO.
> This is so much state overstepping bounds and irony aside, so much for independence and rights by a state that proclaims personal agency comes first.
When a political party declares we are in a "post-truth" era and fully embraces nihilistic "the ends justify the means" tactics, the result is inevitable;
Take, hold, and increase power by any means necessary.
For if one does not hold oneself to a standard of ethical behavior, where the actions of others do not affect one's adherence to the rule of law, where the temptation to indulge in vendettas is not renounced, and where there is no accountability for engaging in any of the aforementioned, then there is no motivation for seeing those one disagrees with as anything more than an irritant to be dispatched forthwith.
And we then find ourselves with elected officials wildly exceeding their mandate, such as here.
One of the reasons I keep my .in domain up and running as my backup email (and just for personal use). That .com domain, if taken down/away from other jurisdictions (the ones that can easily do it) for whatever reason (including a “mistake” or slip) would mean it’s gone for good (because I neither have the capacity nor resources to appeal/fight that in foreign lands).
Your .IN domain is probably one of the worst possible choices of all ccTLD to claim that you can publish things on it without fear of reprisals or censorship, be assured that something bad would happen to it or you personally if you happened to run afoul of any powerful people in the Indian government (or oligarchs).
Something like .NL (you do not need to be a Dutch national to register) or .IS would be much more legally resilient.
I worry about it about as much as I worry about getting extradited to Thailand to face court for violating a law insulting the Thai king. I am unaware of even a single person of my nationality who has been extradited to Europe to face some kind of GDPR tribunal.
If I were running a business that had any operations or clients whatsoever in Europe my opinion on this topic would be different (in terms of legal liability to the corporation, and necessity of compliance to ensure ongoing revenue from European customers, etc), but I am not.
The GDPR doesn't try to remove anything from the global internet. You're free to not serve your site in the EU. Texas is free to block sites in Texas. But Texas trying to remove the ability of Europeans to access European websites is a completely different matter.
There is no difference in principle. That is equally unacceptable.
There is a difference in kind, because it becomes impossible for the global internet to exist if thousands of local jurisdictions are being given their way, with conflicting local legislation resulting in global takedown when it is impossible to comply with two different jurisdictions. So this is noteworthy as an escalation of an already existing problem into an even worse direction.
---
Rate-limit edit:
> Which is why the Internet hasn't been global in a long time, and looks pretty different in China vs EU vs Russia.
China and Russia aren't part of the global internet because they have national firewalls and segregated themselves. The EU very much is, and with limited exceptions the internet doesn't look much different from the US, the EU, Japan, Canada, Australia, Mexico, Thailand, Brazil, or South Africa. It seems absurd to suggest that the internet isn't global when I'm in all likelihood talking to you from the opposite side of the world and this is the norm. And what is the point you're making? That we should embrace the China/Russia model and give not only every country but also every state/province/city its own Great Firewall?
"That we should embrace the China/Russia model and give not only every country but also every state/province/city its own Great Firewall?"
I actually don't have much of an opinion about what it should be, I was only discussing this from a descriptive legal standpoint. My guess is what will happen is companies will voluntarily target their sites to different regions and different legal regimes (like many big US sites do for their foreign versions, or gambling sites do here). That's kind of what's happening here, Verisign is complying probably so they can still have the TX market.
> It seems absurd to suggest that the internet isn't global
Internet from L1 to L4 is global but WWW at L5 and above was always sort of fragmented. Look at chat apps: Messenger, WhatsApp, WeChat, LINE, KakaoTalk, Telegram, etc. The fault lines for userbases of these apps roughly align regional borders.
The major architectural difference is that through enforcement of their own domestic legislation, China and Russia both force their ISPs to run all international internet traffic through certain choke points (chinese great firewall, russian "SORM" traffic interception boxes and similar).
Whereas this is for the most part not the scenario for major IP transit providers in Europe, the USA, Canada (top 50 by size CAIDA ASRank scale/scope ISPs ranked by ASN which are not Russian or chinese).
GDPR Article 17 expressly requires the removal _of your personal data_ from the internet _upon your request_, which is very different from a US state trying to remove a website hosted in and run by a company incorporated in another country.
And geo blocking may be functionally impossible but the law cares about intent and actions, not if you prevented someone who used a VPN or lied about their location from using your service.
And yet still an attempt at extraterritorial overreach. Regardless, I imagine that the rest of us who don't do business in the EU will continue to disregard its very existence. (Except in principle when we write negative comments about it on the internet that don't in practice matter whatsoever, such as this one that you're reading right now.)
How is it extraterritorial overreach when you acknowledge in the same comment that you can ignore it because you aren't in the EU? Unlike the site that is the subject of the thread, which has actually been subjected to extraterritorial overreach. This criticism and false equivalency is ridiculous.
I'm curious - what kind of PII does HN make available and has it ever refused to remove it when asked by the individual concerned?
I can't recall HN asking/requiring PII from me in any fashion, so I don't see the relevance. If a commenter published some PII about me, then I wonder if HN would remove the comment if I complained to them about it. As I see it, HN isn't acting as a data controller.
That seems a bit contrived, but it would be similar to if someone else posted your home address in a comment. Presumably emailing HN to request its removal would be the correct thing to do and I wonder if HN would remove the PII.
> GDPR Article 17 expressly requires the removal of things from the global internet
...as part of compliance with GDPR, if you choose to be compliant. Please name one instance of the EU suing and successfully removing an American website from the internet under this article, or any part of the GDPR? Considering we're talking about an actual case of the US seizing the domain of a European website, whataboutting a hypothetical with the GDPR which has never done the reverse despite being in force for 10 years is incredibly disingenuous.
---
Rate-limit edit:
> Are you saying that you don’t think that the GDPR text is written to apply outside of the EU, or that it does say that but it’s not relevant because it’s not viable for anybody to enforce that?
The GDPR is European legislation, written for the territory the EU has legal jurisdiction over. Why would anybody think it's meant to apply outside of the EU? Plenty of businesses choose to operate by two sets of privacy policies, one where they continue fucking over their American users and one where they adhere to the GDPR for European users, and that is perfectly acceptable. There is no "think" about it, the legislation obviously does not apply outside the EU, nor is it intended to.
> Why would anybody think it's meant to apply outside of the EU?
Because it's clearly worded in such a manner, similar to US financial laws. The key difference is that the EU so far lacks the leverage to throw its weight around outside its own territory to the extent that the US does. (Also presumably politicians won't be willing to burn bridges over PII handling violations to the same extent that they do over financial crimes.)
Are you saying that you don’t think that the GDPR text is written to apply outside of the EU, or that it does say that but it’s not relevant because it’s not viable for anybody to enforce that?
Common complaint is that government enforcement of laws is insufficient, i.e. fines are only x% of their worldwide revenue. Sounds like this way has teeth and might force companies to actually obey the law?
Texas rangers vs RCMP sounds like it would make for a decent arena bloodsport matchup.
Back on topic, does the constitutionality matter if the business is destroyed by the process? How long might they be without their domain name even if they prevail in the end? I somehow doubt texas would ever get stuck paying out damages.
Default judgement, absolutely meaningless at this point as to how a court would rule against a plaintiff that actually showed up, respected the court’s authority, and defended itself.
Why should a Netherlands based company that publishes content on the internet entirely outside of this state's borders and jurisdiction be required to show up or respect its authority? By this logic if I'm sued in Turkey for publishing content on my web server hosted in California insulting Erdogan, I should have to go show up and defend myself in some kangaroo court.
But does a US State control a TLD, really? Is that even something that's within the legitimate legal power of an individual state? Previous .com seizures have been done at the federal court level. The federal government reserves the authority to regulate all inter-state commerce. The entire history of how the .com TLD is run by Verisign is federal government related.
Doing this at the state court level is as nonsensical as an individual state deciding it doesn't like a law or regulation that's part of the jurisdiction of the FAA or FCC, and wants to do its own unique weird local thing.
I don’t like it. But since when US or US entities have been doing things affecting rest of the globe that they can “legally” do or they “should” do? With US - they do things because they “can” do things. And now so does China and to some extent Russia.
And why even a “US federal” court should have such arbitrary and sweeping authority that affects other countries’ businesses and people? The world should realise that “.com” is a US domain in technicality and spirit both (like many other domains)
This is one of the extremely broken aspect of “The Internet”. Large part of it is literally controlled by US with zero oversight or shared authority.
PS. Look at how India recently moved all bank domains to https://<bank name>.bank.in. And I usually don’t agree with my Govt (and for good reason) but this is a proper sovereignty move.
Any state can issue a warrant and extradite Americans from any other state. Something to do with catching runaway slaves. It's gonna catch up with us when California starts charging me with a crime for something about age verification or when Texas tries to extradite abortionists
Individual states have already been attempting to extradite people from other states for the crime of mailing early term abortion medication across state lines, for example:
So if I don’t do business in Texas, have no operations in Texas or otherwise deal with Texas in any way a state court should just be able to order a company to suspend my whole domain?
I’m Canadian and Texas courts have zero authority over me so they can f*ck off.
But they do have authority over the domain registrar, so you’re vulnerable there no matter where you live.
I don’t agree with the premise of age verification, but of course a prosecutor would go after the assets they can reach if enforcing local laws. They’ve done this for years when it comes to copyright infringement.
It's a huge overreach to say that any individual US state has authority over a domain registrar, and even more specifically over .COM as a TLD, given its history with VeriSign and the US federal government.
There exists a well defined process, precedent and prior case law in US federal court to seize a .COM domain name by a court order issued to VeriSign. Doing this at the state level is entirely new.
Well that's an interesting question. Where is the owner of .com headquartered? Because presumably that state's courts do have jurisdiction. Which if you stop and think about it is entirely arbitrary and really drives home what a poor system ICANN DNS is on a fundamental level.
> Stuart Lawley, the CEO of ICM Registry--the company behind the XXX top level domains, says XXX sites should help empower parents to keep their kids away from adult content.
Well that's kinda the whole idea of having an "adult content" tld; it's so you can block all .xxx domains instead of having to create a blocklist of sites. Like an opt-in nsfw flag for the internet, basically.
Sure but that doesn't really work with the existing age verification laws. Unless .xxx is requiring domains to implement age verification or there's some sort of global redirect to a verification portal, that site is back in the same legal jeopardy of having Texas confiscate their domain again.
The article in the comment I was replying to wasn't talking about age verification laws, they were talking about "parents protecting kids", a.k.a. content filtering.
As for the other part, I'd just assume that they wanted to switch to a registrar more used to adult content websites and less likely to be impacted by the Texas govt. Just like pirate sites switch TLDs to the ccTLD of the country least likely to prosecute them all the time.
I was mostly just talking about the fact that registering a domain with a registrar that is about "XXX sites should help empower parents to keep their kids away from adult content" isn't necessarily a bad thing.
Honest question: what is the ultimate end game if at some point a court in another country orders a domain be reinstated? Do we end up with a domain registration system per country?
The winner of that battle will be wherever the DNS is hosted. Which is the USA. Even several ccTLDs are hosted in the USA and must obey USA law above the law of that country.
I think given the history and "ownership" of the specific TLD of .com by verisign and verisign's relationship with the US federal government, it then proceeds to ignore any court orders to reinstate the ownership issued by a court in any other country that is not the USA.
Presumably that would depend entirely on the extent to which verisign has any business dealings in the country in question. The more assets that could be seized or customers lost the more likely they are to comply.
So basically this whole thing is a ploy to get rid of porn: basically, censorship that vaguely tries not to look like censorship.
1. Instigate a completely impractical, rights-violating scheme for age verification that nobody in their right mind wants to implement.
2. Then, enforce it against whatever porn sites land in your jurisdiction at all, knowing that they, like everyone else, don't do the verification.
Am I close?
Suppose the porn site tries to implement it. How many people are going to hand over their personal info to a shady porn site? Most visitors are there anonymously for whatever free stuff they can watch.
Either way, the porn site is ... screwed. Implement age verification: 99% visitors now back-button out and find another porn site. Don't implement it: blocked or shut down.
So a state (or municipality or anyone capable of making laws) has the ability to say, "You don't meet our local laws, take down your URL" now?
This is going to be a real problem when states start nuking whole parts of the internet from orbit. A state has a law against conversion therapy and starts to remove sites with that? A state has a law against trans people? Or abortion? Or medical misinformation? Suddenly we just start purging sites back and forth?
Battlegrounds end up as torn up, muddy, desolate places. Turning the domain registry into a battleground is a bad idea. Over the long term, no one wins if we choose to fight there.
In the US, if you used a US domain or registrar, this is possible. If you are Dutch and registered a .nl domain with a Dutch registrar, this is not possible.
I mean the US works like this, it isn't suprising a US state also does.
If someone from the US does something illegal on your site (which is legal in your country), depending on how much they want you will end up in a US prison.
Before the US decided that betting online was OK, betting sites had travel advisories for their employees not to travel to the US.
Wrong. Porn is considered protected speech unless it is considered “obscene” (which is an incredibly difficult bar to meet), and even possession of obscene material in one’s home is protected.
You wrote this in the passive voice; it doesn't say who is doing the blocking.
Pornhub itself is doing the blocking; it uses geolocation and denies services to IP addresses from jurisdictions with age verification laws. The laws are usually not structured so as to require a third party such as an ISP to block noncompliant sites; instead, the governments of the states with those laws can sue the porn sites and their service providers (Verisign in the case of .com domains).
> The explicit tube site Pornhub is now blocked in 25 U.S. states
I had assumed that the states were blocking Pornhub but reading between the lines in the linked article it does imply it's not the states are not applying technical blocks.
The states have applied intentionally onerous requirements onto these sites with full knowledge that would most likely not comply making them de facto blocks. You wouldn't be fooled if a gangster said "that's some nice kneecaps you got there, it would be a shame if something happened to them" so I don't know why we are acting so naive about Texas and co.
The USA controls ICANN and IANA, who together control the DNS root, as well as controlling all so-called "generic" TLDs through ICANN. Only some country TLDs are actually outside of US jurisdiction, as many of the delegate to USA-based registry providers. ICANN/IANA still control whether or not those countries even get to have domains, so the USA could decide that if the Netherlands wouldn't block motherless-dot-nl then .nl shall no longer exist.
DNS being centralised in the USA was potentially problematic when they weren't abusing their power. Now that they are actually abusing their power, it is actually problematic.
ARIN is also a US non-profit corporation, located in Virginia, but the people who run RIPE and APNIC and AFRINIC might disagree that the Internet is entirely "controlled" by Americans.
Yes, my point was the dns isn't the "whole" internet. I know network engineers at some major ISPs that would still find a way to communicate with each other if a genie waved a magic wand and all dns infrastructure worldwide went "poof".
But also my point was that ARIN specifically is vulnerable to USA originated malicious court actions the same as verisign is.
Verisign continually responds to requests. ARIN traditionally doesn't - it just hands out numbers. But we'll see how RPKI makes ARIN more similar to Verisign. ARIN could be ordered to delete RPKI records for an AS, kicking it out of the portion of the internet that checks RPKI records - which also happens to be mandated by the US government.
Hard to say. .cn is of course always strictly regulated: every website needs to be reviewed and registered with the police, and open its data to them. But we can also see that .uk from the supposedly "free west" is moving closer to this.
> obtained a court-ordered writ directing Verisign, the company that maintains the “.com” domain registry, to place the domain “motherless.com” on a registry lock, hold, or similar status.
So they're using the fact that Verisign is a US company and can therefore be leaned on.
I'm not sure how I feel about this. What do other countries do who don't have Verisign to lean on? US companies really don't like being told what to do by governments of other countries, but when the shoe is on the other foot...
But that, more appropriately, only affects internet users in that country (ignoring the cloudflare network blocking that causes various other sites to also be blocked).
This appears to basically wipe the site from the entire internet, for all countries.
When you create the infrastructure, you make the rules. If a party doesn't like those rules, they are free to create their own replacement infrastructure and obtain global buy-in.
ccTLDs already exist and their respective countries have sovereignty over those TLDs: the UK can disappear any .uk domain name it wants from the global internet.
The .com TLD is American, and is therefore subject to American legal proceedings.
> The .com TLD is American, and is therefore subject to American legal proceedings.
Ample precedent and prior case law exists that the US Federal government can obtain court orders to seize .COM domains. Going back 15 years now.
State government that's another question entirely. When people say "American legal proceedings", the distinction between state courts and federal courts have two very different regions of responsibility and authority.
> The .com TLD is American, and is therefore subject too American legal proceedings
This is not an "American" proceeding so much as a Texan one, and it's not clear that the State of Texas should have any jurisdiction over the .com TLD.
That's the correct way, because it applies only to residents of that jurisdiction. Texas should be able to prevent their local ISP's from showing illegal content, but not control what people see in other parts of the country/state.
It's not confusing and you should understand what's happening for your own safety. This has been happening for a couple of decades internationally and now with USA states.
This result means that Texas can take various means to block motherless. But more importantly no motherless employees should travel to Texas without risk of arrest. Same for abc/youtube/facebook employess traveling to India.
You should be aware of this and monitor it in your industry.
This isn't some "non-extradition country without a treaty" scenario - "neener neener, if I don't step foot in your area you can't touch me." The United States does still have a functioning Constitution.
If Texas wants to arrest an employee of these organizations, they can simply issue a Texan arrest warrant and other States will be compelled to enforce it.
I'm sure there are friendly and generous humans also living in North Korea and Iran. Doesn't mean I want to risk subjecting myself to their government's authority.
Until those people control the Texas government, I don’t see the relevance.
I grew up in South Africa during the apartheid era, when black people weren’t allowed to vote or even participate in the economy at much beyond the level of slaves. I didn’t get upset when people criticized South Africa, or boycotted it, because the country’s actions certainly justified that.
The entire US is in much the same situation now: in the process of flushing democratic governance down the toilet, elevating open corruption to the standard way of doing business, and flirting with authoritarianism to a degree virtually unimaginable just a few years ago.
In that context, the #notalltexans whine sounds rather muffled from all that sand you’ve stuck your head in.
The friendly, generous humans who resoundingly endorse the corrupt Ken Paxton's actions and will overwhelmingly vote for him to serve them in the senate this year? Actions speak louder than words. With friends like Texans, who needs enemies?
> The Office of the Attorney General will continue to use every available legal mechanism, including writs of attachment against domain names, to enforce Texas law and ensure that no company, regardless of where it is incorporated, can profit from exposing Texas children to harmful content.
And Kick Online Entertainment S.A. appears to be incorporated in Luxembourg. The "S.A." is a mostly European thing, kind of like a "limited" company.
> I won’t lose any sleep at the loss of such scum but the general principle seems a bit strange.
That's generally key in making a precedent. The first case is someone nobody really cares for, but it's built a precedent where the next case must follow suit.
> In March 2012, the U.S. government declared that it has the right to seize domains ending in .com, .net, .cc, .tv, .name, and .org if the companies administering the domains are based in the U.S. The U.S. government can seize the domains ending in .com, .net, .cc, .tv, and .name by serving a court-order on Verisign, which manages those domains.
The only thing slightly redeem about about them economic wise is their gas reserves. The way they run their state is very similar to a corrupt nation as well. They still want to break away from the US.
So he managed to block the site globally for not forcibly violating the privacy of its users with mandatory age verification.
The US court system really needs to do something about this, and overturn Free Speech Coalition v. Paxton in favour of Reno v. American Civil Liberties Union.
FWIW, the site isn't blocked globally. They just moved to a new domain.
I do generally agree that local governments trying to forcefully exert their influence beyond their jurisdiction is deeply problematic. It wouldn't even be possible to host a website on the internet if this becomes normalized, due to being held to thousands of contradicting standards. At most Texas should have the authority to tell Texas ISPs to block traffic.
It operates in Texas if it is serving Texas users.
> Kick Online, which openly describes itself as a “moral free” company, ignored the lawsuit and refused to comply with the court’s order. It continued publishing and distributing harmful sexual material that was accessible to minors in Texas.
This is the same website with a forum with millions of users trading information on how to assault their partner.
Does this mean Texas can shutdown other websites in other states that provide abortion support? I’m sure there are those who would argue such to be harmful to children…(not to mention the fetus)
Right, that's why speech by white Christians males should be protected, and not any of those Muslims or gay people.
Now, I say this mockingly, my neighbors (yes I live in Texas) say such things with a steadfast belief. Which is really weird to me because they keep electing adulterers and rapists.
I don't see the disconnect you do - they are voting for white Christian men to protect white Christian men. The rape and adultery was hurting women (or gay guys).
> It operates in Texas if it is serving Texas users.
What do you mean "serves"? Does that just mean not actively blocking users from Texas? Allowing your web site to be accessible regardless of user location is, and always has been, the default way to run a web site. Your assertion would mean that web site operators are beholden to the laws of all jurisdictions on the planet if they don't actively block those users.
Think about what a bad precedent that would be. Some countries criminalize promotion of pro-LGBT+ content. What if those countries suddenly demand extradition of people who run pro-LGBT+ blogs because the web sites are available there?
Also, keep in mind that geolocation isn't actually part of the Internet - it's an overlay that private companies have cobbled together that usually works. But it's not perfect, especially at the subnational level. Many times I've connected to public Wi-Fi and I get an alert that I've signed into something from across the country, because that's where the Wi-Fi provider's IPs are located. Are you sure that every jurisdiction in the world will accept that if gelocation gets it wrong, you're off the hook? Utah has already claimed that companies are responsible for complying with their laws even if the user masks their location with VPN. https://www.privacyguides.org/news/2026/05/11/utah-targets-v...
> Think about what a bad precedent that would be. Some countries criminalize promotion of pro-LGBT+ content. What if those countries suddenly demand extradition of people who run pro-LGBT+ blogs because the web sites are available there?
Simple: a local court having jurisdiction over those individuals would utilize their own laws and discretion to decide if they are required to extradite these people.
If a country chooses not to comply, political consequences may ensue - this is basic international diplomacy. Russia doesn't seem to care about demands to extradite Snowden: they don't have to, they have the resources and political will to ignore these demands. Someday, perhaps to curry favor, they might comply.
Smaller, weaker countries don't have the luxury of noncompliance, nor do they have the same ability to have their various legal proceedings enforced extraterritorially.
My other comment in this thread has citations demonstrating SCOTUS support and approval for Texas to enforce these laws, as well as links to statue trackers showing where states and countries have implemented these age validation requirements for social media and adult content sites.
It was a choice by Motherless and their holding company, Kick Online, to egregiously ignore Texas law; the law has been found sound by the US Supreme Court, and enforceable by Texas. These are the facts of the situation. Everything else to discuss on this is feelings and opinion, unless there are relevant facts not yet shared or discovered.
The problem is that Paxton is attempting to do the same thing to every site that doesn't forcibly violate user privacy with mandatory age verification. Its part of Project 2025 and the Heritage Foundations goals, and its incompatible with privacy rights.
I took a quick look at the Texas law. Like a few other such laws it allows sites to use an external service to do the check, as long as the service uses a "commercially reasonable" method of doing that. That basically means it has to be based on government ID or by inference based on certain types of transaction records they can get access to (e.g., if you have a mortgage they can reasonably infer you are an adult).
As far as I can tell it would be possible to build an age verification service based on an open source ZKP implementation such as Google's Longfellow [1] that would be acceptable to these laws, but would allow anonymous age verification. It would be similar to the system the EU is now trialing, except not limited to iOS and to Android devices with Google Play. Longfellow should be able to work with those but also most modern smart phones running any OS the supports the phone's secure element, and also desktop computers that have secure elements, and devices like YubiKeys.
You would have to verify your age with the age verification service to set things. The easiest way to make it so that is not a privacy risk is for the age verification service to be offered by some entity that already has your ID documents. In the EU that would be the governments themselves, but I don't think any US state governments are ready to do that.
The age verification service doesn't necessarily need to store copies of whatever ID you present. It just needs to know you are when it issues its ID documents that get bound to your device's secure element. If this service was offered by some entity that has a widespread physical presence (a bank would be perfect) you could go in, show ID in person, and get your device enrolled.
Even better would be for a trusted non-profit to run this, like the EFF or the ACLU. Yes, I know they don't want age verification to happen at all, but they are going to lose that one, and it would be prudent to try to make it so that people have a privacy preserving way to do it that can be used anonymously when that happens.
Anyway, once your device is set up verifying your age to a website would involve a protocol between your device in the website the uses a ZKP (Zero Knowledge Proof) to demonstrate to the website that the identify information the age verification service bound to the secure element on the your devices says your age is acceptable. The ZKP doesn't disclose anything else from your identidy information. (The web server sees your IP address of course, but they would see that without age verification too). Note that the age verification service has no idea when, or were, you age verify at a website.
> Even better would be for a trusted non-profit to run this, like the EFF or the ACLU.
You're seriously proposing that organizations along the same general lines as the EFF or ACLU would be okay with being the implementing partner of a "papers, please" identify verification regime? I highly doubt their leadership would entertain the idea for even the briefest moment.
I'm proposing that organizations like that recognize that age verification is going to happen, and try to ensure that when that happens there will be at lease some age verification services that do it in a way that doesn't subject you to a "papers, please" situation every time you go to a website that has to check age.
It can be done with either 0 or 1 "papers, please" events per device rather than 1 per website or worse 1 per website visit, and without preventing anonymous access, but most of the laws do not require that it be done that. Most age verification services will do the minimum required, which usually will mean they are more intrusive and more leaky.
The best way they could ensure that, if they can't convince governments to write the age verification laws to require it, would be to operate such a service themselves.
Even ignoring the political aspects, like the fact that EFF/ACLU don't want to be in this business (as you note)…
This system will likely fail in the same way that almost every new DRM system has failed: someone will implement the "secure element" badly and its keys or secrets will get exfiltrated and cloned.
It's one thing to keep a cryptosystem secure when its users appreciate that system (e.g. hard disk encryption or TOTP 2FA)… but it's very hard to keep cryptosystems secure when millions or billions of people are unwilling and resentful users having those systems imposed on them.
There's no such thing as "reasonable age verification measures". Its lie spread by fascists like Ken Paxton, the Heritage Foundation, and ton of other evil people.
Well the site does not present Texas in a good light. Their .gov site presents me with this. Looks like they need to worry about their own site instead of worrying about out of state sites.
>Warning: Potential Security Risk Ahead
> Firefox detected a potential security threat and did not continue to www.texasattorneygeneral.gov. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.
Definitely bad overall and opposed to the principle by which this is being done, but I am at least glad it happened to motherless. The last I saw of that site it had terrible moderation and hosted quite a bit of dubious material.
I guess by default all .com's have US jurisdiction? Because even if it's a default judgment, and the registrar is based out of the US, which seems to the case here, any court order from the US is able to take a domain down.
The Ninth Circuit held that the U.S. court had jurisdiction to proceed because VeriSign—the registry for all .com domains—was located in the United States.
Every TLD that is not a ccTLD is effectively a US ccTLD. This has always been the case, and perhaps the US has tricked us into becoming complacent. If the world was fair they would all be underneath .us.
I want to see other countries start rejecting the ICANN root and forcing all the US domains under .us, but it will never happen. It would break their vhosts for one thing. Doing it at the browser level could avoid that.
I vaguely recall some crypto project that was 'blockchain for domain names'. I scoffed at it at the time, but maybe there is a real need for something like that after all. (Or some other system for domain names you truly own and can't be rugpulled.)
Probably Namecoin, but there are several now. Probably ENS (Ethereum name service) is the most notable.
But keep in mind Zooko's triangle - you can't have all three of secure, human-readable, and decentralised.
In Zooko terms, blockchains are secure, human-readable, centralised registries - there is only one, and you have to stay connected to it. Onion domains (which are public key hashes) are secure, unreadable, and decentralised. Petnames (as used in I2P) are insecure, readable, and decentralised.
The idea that a state court in one particular state can enforce such an absurd law against a company that likely has no business operations or servers in the state is ridiculous. I don't care if you like the porn site in question or not, or condone or endorse its content. This is a slippery slope towards every regional tinpot dictator legislature attempting to censor the internet by having an entity's domain name revoked.
.com in particular has also been well proven over the past 5 to 10 years to be vulnerable to federal court orders to seize domains at the registrar level. That's not really anything new. It's a known risk for anyone building a corporate brand/identity around a specific .com domain name. What's new is this is being done from the state court level. (Edit: To be clear, in my opinion, a US State court completely lacks jurisdiction on this matter).
> The idea that a state court in one particular state can enforce such an absurd law against a company that likely has no business operations or servers in the state is ridiculous.
I agree. California has been doing this since 2022 [1][2] and it's equally indefensible.
States should not be allowed to wield their size and influence as a cudgel against other states and jurisdictions.
[1] https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
[2] https://oag.ca.gov/news/press-releases/ghost-gun-crackdown-a...
Interestingly if you browse American-hosted online internet firearms accessories websites (and FFLs who will sell you something online to ship to your local FFL), for the most part, it's just a basic HTML popup of "Are you over 18? Click Yes, okay, proceed". I haven't seen a single one that actually attempts to implement age verification. It seems that the Internet-based vendors, the same general cohort of companies that are exhibitors or attendees at the annual SHOT trade show, are not very scared of the Californian AG yet.
I'm unaware of the Californians attempting to seize anyone's domain name over this issue. But indeed this also seems like an overreach, California doesn't get to regulate what an Internet gun accessory store in Idaho advertises or publishes on the Internet. State to state transfers of serialized items go through a well defined federal government regulated process, such as if a person in Nebraska buys a Zastava M70 online from a dealer in Montana.
Damn, I didn't even considered this angle. Lot's 18+ items dont actually require age verification online. Yet porn/socials are being subjected to it.
Just shows what priorities are.
Items require payments which usually would be a credit card. Kids cannot get a credit card on their own as far as I know so the parents have to be involved in some way. (Obviously there are alternatives like paypal, prepaid debit cards, etc but it is quite a bit harder to actual get the item).
Hard to get prepaid debit cards? They sell them anywhere with a cash register these days.
Are you suggesting this is fine for sites outside the scope of Texas's specific ire?
Guns are good and equal freedom. Boobs are bad and lead to degeneracy. I hate this place.
The ID (and therefore the age) is checked when one goes to pick up their firearm at the local FFL dealer, so an age check on the site doesn't add anything useful.
Correct, I was referring to the websites that have implemented only the most basic fig leaf of legal compliance (ca. 2001 era HTML popup of "are you over 18?") to be able to browse the product selection, even of items that aren't serialized/FFL 4473-requiring firearms receivers. Like, yes, I totally need to confirm that I'm over 18 to look at this Streamlight flashlight.
> I'm unaware of the Californians attempting to seize anyone's domain name over this issue.
They may not be attacking the domain but they're attempting to leverage the US Legal system to shut down operations. Arguably that's even worse- they can't just move to another domain/tld.
But you see, guns aren't harmful to small children. It's that damn pornography. Seeing a gun doesn't traumatize you for life, but man, seeing a private area? Life ruined.
Of course, once the number of years since you were born reaches exactly 18, your brain automatically shuts off the part of you that is impossibly traumatized by private areas, so it's suddenly completely okay and normal.
Oh, and when you reach exactly 16, somehow you're only impossibly traumatized by private areas on the screen, not in-person. Everyone knows this is true.
(I don't mean to be genuinely insensitive about the real harms that adult content can pose. I just think there's a difference between calling content harmful simply because it's adult and content causing harm because the viewer isn't ready for it)
It also makes complete and total sense that you can sell your body by joining the Marines as an 0311 MOS rifleman/grunt on your 18th birthday, but you're going straight to hell if you have an alcoholic drink before you're 21. I don't know if I've ever met a European who doesn't think the US's alcohol age laws are weird.
I have a cousin who lives in Illinois and joined the Marines. He's 20 now. He can shoot fully automatic weapons in the military and has won awards for handgun precision and skill.
But he can't buy a handgun in his home state or drink a beer.
Make it make sense.
It’s my understanding, for the most part, that they do not have constant access to fire arms, that they are somewhat tightly controlled on base precisely because the army has learn widespread indiscriminate access is a safety problem despite all this training.
The army "learned" no such thing. There was never a safety problem with guns on military bases. Guns were banned by Bill Clinton as part of a broader gun control push by the Democrats.
The effect has been the opposite of increased safety. We've had a couple of unopposed mass murder incidents on US military bases since the ban went into effect, most notably by Nidal Hasan, who was able to kill 13 and wound 33 because nobody else had a weapon.
For a few years after states raised the drinking age to 21, you could still drink at 18 on a military base. Even today base commanders still have the ability to lower the age to 18 if there's a nearby international border over which personnel can drink at that age.
Yes, US alcohol laws are stupid. Modern temperance activists were able to greatly restrict legal access to booze using anti-drunk driving "for the children" rhetoric.
Honestly I think the legal age for drinking could be lower if only society treated it better. A lot of drinkers are not only reckless but brought up to be reckless by how society treats them, what society expects of them, peer pressure, etc.
Similarly to how I'm salty about having to obtain LSD from black markets instead of having a known safe supply from a pharmacy. I trust my vendor, but the skill to not only find the market but to find the vendor and actually execute the ordering process is not easy to come by.
A lot more things could be available if people were properly informed and not just fed propaganda about how they're waay too dangerous. It's completely possible to be responsible about substances, it's called harm reduction. Also prescriptions are a thing -- even if I had to get a prescription from my doctor, I would even be fine with that as long as I'd get to take it at home.
> The idea that a state court in one particular state can enforce such an absurd law against a company that likely has no business operations or servers in the state is ridiculous.
Two things of note regarding this.
First, note the office of origin: Texas Attorney General, which is currently occupied by Ken Paxton who is running for a tightly contested seat in the US Senate.
Second, a state court does not have jurisdiction beyond its borders for entities not operating within same.
> .com in particular has also been well proven over the past 5 to 10 years to be vulnerable to federal court orders to seize domains at the registrar level. ... What's new is this is being done from the state court level.
Which is why any attempt to enforce this ruling would be subject to removal to Federal court.
> Second, a state court does not have jurisdiction beyond its borders for entities not operating within same.
Where did you come by this information?
Article IV, Section I
Full Faith and Credit shall be given in each State to the public Acts, Records, and judicial Proceedings of every other State.
And third, there was a default judgement.
I wonder what was the value of the domain on the open market, its quite a famous domain and probably had high lead generation..
But I agree with the parent comment.
This is so much state overstepping bounds and irony aside, so much for independence and rights by a state that proclaims personal agency comes first.
>> Two things of note regarding this.
> And third, there was a default judgement.
Unenforceable and meant strictly for political theater IMHO.
> This is so much state overstepping bounds and irony aside, so much for independence and rights by a state that proclaims personal agency comes first.
When a political party declares we are in a "post-truth" era and fully embraces nihilistic "the ends justify the means" tactics, the result is inevitable;
For if one does not hold oneself to a standard of ethical behavior, where the actions of others do not affect one's adherence to the rule of law, where the temptation to indulge in vendettas is not renounced, and where there is no accountability for engaging in any of the aforementioned, then there is no motivation for seeing those one disagrees with as anything more than an irritant to be dispatched forthwith.And we then find ourselves with elected officials wildly exceeding their mandate, such as here.
Personal agency comes first in Texas only as long as you're a white heterosexual christian man with conservative political beliefs.
One of the reasons I keep my .in domain up and running as my backup email (and just for personal use). That .com domain, if taken down/away from other jurisdictions (the ones that can easily do it) for whatever reason (including a “mistake” or slip) would mean it’s gone for good (because I neither have the capacity nor resources to appeal/fight that in foreign lands).
Your .IN domain is probably one of the worst possible choices of all ccTLD to claim that you can publish things on it without fear of reprisals or censorship, be assured that something bad would happen to it or you personally if you happened to run afoul of any powerful people in the Indian government (or oligarchs).
Something like .NL (you do not need to be a Dutch national to register) or .IS would be much more legally resilient.
https://en.wikipedia.org/wiki/Internet_censorship_in_India
How do you feel about GDPR?
I worry about it about as much as I worry about getting extradited to Thailand to face court for violating a law insulting the Thai king. I am unaware of even a single person of my nationality who has been extradited to Europe to face some kind of GDPR tribunal.
If I were running a business that had any operations or clients whatsoever in Europe my opinion on this topic would be different (in terms of legal liability to the corporation, and necessity of compliance to ensure ongoing revenue from European customers, etc), but I am not.
Thanks for the answer! It wasn't a gotcha, I was genuinely just curious.
The GDPR doesn't try to remove anything from the global internet. You're free to not serve your site in the EU. Texas is free to block sites in Texas. But Texas trying to remove the ability of Europeans to access European websites is a completely different matter.
"But Texas trying to remove the ability of (for instance) Europeans to access websites is a completely different matter."
I fail to see the difference in principle from the federal government doing this for copyright violations.
There is no difference in principle. That is equally unacceptable.
There is a difference in kind, because it becomes impossible for the global internet to exist if thousands of local jurisdictions are being given their way, with conflicting local legislation resulting in global takedown when it is impossible to comply with two different jurisdictions. So this is noteworthy as an escalation of an already existing problem into an even worse direction.
---
Rate-limit edit:
> Which is why the Internet hasn't been global in a long time, and looks pretty different in China vs EU vs Russia.
China and Russia aren't part of the global internet because they have national firewalls and segregated themselves. The EU very much is, and with limited exceptions the internet doesn't look much different from the US, the EU, Japan, Canada, Australia, Mexico, Thailand, Brazil, or South Africa. It seems absurd to suggest that the internet isn't global when I'm in all likelihood talking to you from the opposite side of the world and this is the norm. And what is the point you're making? That we should embrace the China/Russia model and give not only every country but also every state/province/city its own Great Firewall?
"That we should embrace the China/Russia model and give not only every country but also every state/province/city its own Great Firewall?"
I actually don't have much of an opinion about what it should be, I was only discussing this from a descriptive legal standpoint. My guess is what will happen is companies will voluntarily target their sites to different regions and different legal regimes (like many big US sites do for their foreign versions, or gambling sites do here). That's kind of what's happening here, Verisign is complying probably so they can still have the TX market.
> It seems absurd to suggest that the internet isn't global
Internet from L1 to L4 is global but WWW at L5 and above was always sort of fragmented. Look at chat apps: Messenger, WhatsApp, WeChat, LINE, KakaoTalk, Telegram, etc. The fault lines for userbases of these apps roughly align regional borders.
Which is why the Internet hasn't been global in a long time, and looks pretty different in China vs EU vs Russia.
The major architectural difference is that through enforcement of their own domestic legislation, China and Russia both force their ISPs to run all international internet traffic through certain choke points (chinese great firewall, russian "SORM" traffic interception boxes and similar).
Whereas this is for the most part not the scenario for major IP transit providers in Europe, the USA, Canada (top 50 by size CAIDA ASRank scale/scope ISPs ranked by ASN which are not Russian or chinese).
> The GDPR doesn't try to remove anything from the global internet
GDPR Article 17 expressly requires the removal of things from the global internet
> You're free to not serve your site in the EU
Geoblocking is functionally impossible
GDPR Article 17 expressly requires the removal _of your personal data_ from the internet _upon your request_, which is very different from a US state trying to remove a website hosted in and run by a company incorporated in another country.
And geo blocking may be functionally impossible but the law cares about intent and actions, not if you prevented someone who used a VPN or lied about their location from using your service.
> .. which is very different from ...
And yet still an attempt at extraterritorial overreach. Regardless, I imagine that the rest of us who don't do business in the EU will continue to disregard its very existence. (Except in principle when we write negative comments about it on the internet that don't in practice matter whatsoever, such as this one that you're reading right now.)
How is it extraterritorial overreach when you acknowledge in the same comment that you can ignore it because you aren't in the EU? Unlike the site that is the subject of the thread, which has actually been subjected to extraterritorial overreach. This criticism and false equivalency is ridiculous.
> which is very different
If you say so
HN ignores GDPR, in particular Article 17, and it hasn't been taken down from the internet or even blocked in the EU.
I'm curious - what kind of PII does HN make available and has it ever refused to remove it when asked by the individual concerned?
I can't recall HN asking/requiring PII from me in any fashion, so I don't see the relevance. If a commenter published some PII about me, then I wonder if HN would remove the comment if I complained to them about it. As I see it, HN isn't acting as a data controller.
You can post your home address in a comment and then you can't delete it.
That seems a bit contrived, but it would be similar to if someone else posted your home address in a comment. Presumably emailing HN to request its removal would be the correct thing to do and I wonder if HN would remove the PII.
Edit: it's covered by HN Privacy policy which is available here: https://www.ycombinator.com/legal/
TLDR: email privacy@ycombinator.com for privacy concerns which should cover removing comments.
In my opinion, that seems compliant with GDPR.
> GDPR Article 17 expressly requires the removal of things from the global internet
...as part of compliance with GDPR, if you choose to be compliant. Please name one instance of the EU suing and successfully removing an American website from the internet under this article, or any part of the GDPR? Considering we're talking about an actual case of the US seizing the domain of a European website, whataboutting a hypothetical with the GDPR which has never done the reverse despite being in force for 10 years is incredibly disingenuous.
---
Rate-limit edit:
> Are you saying that you don’t think that the GDPR text is written to apply outside of the EU, or that it does say that but it’s not relevant because it’s not viable for anybody to enforce that?
The GDPR is European legislation, written for the territory the EU has legal jurisdiction over. Why would anybody think it's meant to apply outside of the EU? Plenty of businesses choose to operate by two sets of privacy policies, one where they continue fucking over their American users and one where they adhere to the GDPR for European users, and that is perfectly acceptable. There is no "think" about it, the legislation obviously does not apply outside the EU, nor is it intended to.
> Why would anybody think it's meant to apply outside of the EU?
Because it's clearly worded in such a manner, similar to US financial laws. The key difference is that the EU so far lacks the leverage to throw its weight around outside its own territory to the extent that the US does. (Also presumably politicians won't be willing to burn bridges over PII handling violations to the same extent that they do over financial crimes.)
Are you saying that you don’t think that the GDPR text is written to apply outside of the EU, or that it does say that but it’s not relevant because it’s not viable for anybody to enforce that?
So, you feel the same about stuff like the GDPR then, right?
Answered below in same thread.
This kills their operations in other states that do not have this.
Not sure how this does not violate interstate commerce.
Contact your congress criter: https://www.congress.gov/
BTW: Kick - Melborne, AU. US Operations: SanFran CA. Registar: Verisign - Reston, VA.
Common complaint is that government enforcement of laws is insufficient, i.e. fines are only x% of their worldwide revenue. Sounds like this way has teeth and might force companies to actually obey the law?
it doesnt have teeth if its unconstitutional
otherwise they could just send the texas rangers to canada to go kill the execs in montreal
Texas rangers vs RCMP sounds like it would make for a decent arena bloodsport matchup.
Back on topic, does the constitutionality matter if the business is destroyed by the process? How long might they be without their domain name even if they prevail in the end? I somehow doubt texas would ever get stuck paying out damages.
"Unconstitutional" is whatever the Supreme Court says it is.
Default judgement, absolutely meaningless at this point as to how a court would rule against a plaintiff that actually showed up, respected the court’s authority, and defended itself.
Why should a Netherlands based company that publishes content on the internet entirely outside of this state's borders and jurisdiction be required to show up or respect its authority? By this logic if I'm sued in Turkey for publishing content on my web server hosted in California insulting Erdogan, I should have to go show up and defend myself in some kangaroo court.
If you want to keep the domain name you got from a TLD that they control, yes.
Or did you mean, like, morally?
But does a US State control a TLD, really? Is that even something that's within the legitimate legal power of an individual state? Previous .com seizures have been done at the federal court level. The federal government reserves the authority to regulate all inter-state commerce. The entire history of how the .com TLD is run by Verisign is federal government related.
Doing this at the state court level is as nonsensical as an individual state deciding it doesn't like a law or regulation that's part of the jurisdiction of the FAA or FCC, and wants to do its own unique weird local thing.
I don’t like it. But since when US or US entities have been doing things affecting rest of the globe that they can “legally” do or they “should” do? With US - they do things because they “can” do things. And now so does China and to some extent Russia.
And why even a “US federal” court should have such arbitrary and sweeping authority that affects other countries’ businesses and people? The world should realise that “.com” is a US domain in technicality and spirit both (like many other domains)
This is one of the extremely broken aspect of “The Internet”. Large part of it is literally controlled by US with zero oversight or shared authority.
PS. Look at how India recently moved all bank domains to https://<bank name>.bank.in. And I usually don’t agree with my Govt (and for good reason) but this is a proper sovereignty move.
(Oh by the way ICANN is “still” in the US)
Any state can issue a warrant and extradite Americans from any other state. Something to do with catching runaway slaves. It's gonna catch up with us when California starts charging me with a crime for something about age verification or when Texas tries to extradite abortionists
Individual states have already been attempting to extradite people from other states for the crime of mailing early term abortion medication across state lines, for example:
https://www.google.com/search?client=firefox-b-d&q=US+state+...
So if I don’t do business in Texas, have no operations in Texas or otherwise deal with Texas in any way a state court should just be able to order a company to suspend my whole domain?
I’m Canadian and Texas courts have zero authority over me so they can f*ck off.
But they do have authority over the domain registrar, so you’re vulnerable there no matter where you live.
I don’t agree with the premise of age verification, but of course a prosecutor would go after the assets they can reach if enforcing local laws. They’ve done this for years when it comes to copyright infringement.
It's a huge overreach to say that any individual US state has authority over a domain registrar, and even more specifically over .COM as a TLD, given its history with VeriSign and the US federal government.
There exists a well defined process, precedent and prior case law in US federal court to seize a .COM domain name by a court order issued to VeriSign. Doing this at the state level is entirely new.
Well that's an interesting question. Where is the owner of .com headquartered? Because presumably that state's courts do have jurisdiction. Which if you stop and think about it is entirely arbitrary and really drives home what a poor system ICANN DNS is on a fundamental level.
Verisign is headquartered in Reston, VA
> But they do have authority over the domain registrar
Why do you say that?
They do not
That is the strategy - you start with the easy cases - somebody who wouldn’t or couldn’t defend themselves and who is “bad” in public perception.
The domain name is motherless.com if that's what you wanted to know. It's a porn site.
I recognize the unusual name. They were also off recently due to a Dutch issue
https://www.cnn.com/2026/05/08/europe/porn-site-motherless-t...
More interesting would be the IP!
You don't need it, they've migrated to motherless.xxx.
> Stuart Lawley, the CEO of ICM Registry--the company behind the XXX top level domains, says XXX sites should help empower parents to keep their kids away from adult content.
https://www.cnet.com/news/privacy/man-behind-xxx-domains-say...
Well that's kinda the whole idea of having an "adult content" tld; it's so you can block all .xxx domains instead of having to create a blocklist of sites. Like an opt-in nsfw flag for the internet, basically.
Sure but that doesn't really work with the existing age verification laws. Unless .xxx is requiring domains to implement age verification or there's some sort of global redirect to a verification portal, that site is back in the same legal jeopardy of having Texas confiscate their domain again.
The article in the comment I was replying to wasn't talking about age verification laws, they were talking about "parents protecting kids", a.k.a. content filtering.
As for the other part, I'd just assume that they wanted to switch to a registrar more used to adult content websites and less likely to be impacted by the Texas govt. Just like pirate sites switch TLDs to the ccTLD of the country least likely to prosecute them all the time.
I was mostly just talking about the fact that registering a domain with a registrar that is about "XXX sites should help empower parents to keep their kids away from adult content" isn't necessarily a bad thing.
Also in the US - strange choice
https://ipinfo.io/185.107.81.233
A big blow to the Texas hosting industry. Some of the world's largest hosting sites are in Texas. They'll likely move out to more liberal states.
Are those states somehow exempt from the United States Constitution's requirement to uphold "judicial Proceedings of every other State?"
Texas? They'll rather call for the military to protect their "freedoms" (of calling arbitrary court decisions).
Isn't motherless a European website? What the ffff?
Update: yeah https://opencorporates.com/companies/nl/30159632
Honest question: what is the ultimate end game if at some point a court in another country orders a domain be reinstated? Do we end up with a domain registration system per country?
The winner of that battle will be wherever the DNS is hosted. Which is the USA. Even several ccTLDs are hosted in the USA and must obey USA law above the law of that country.
Which ones?
I think given the history and "ownership" of the specific TLD of .com by verisign and verisign's relationship with the US federal government, it then proceeds to ignore any court orders to reinstate the ownership issued by a court in any other country that is not the USA.
Presumably that would depend entirely on the extent to which verisign has any business dealings in the country in question. The more assets that could be seized or customers lost the more likely they are to comply.
We literally already have one of those. Each country has a .XX TLD, and all other TLDs are for the USA.
So, stage set to ban GrapheneOS website internationally?
So basically this whole thing is a ploy to get rid of porn: basically, censorship that vaguely tries not to look like censorship.
1. Instigate a completely impractical, rights-violating scheme for age verification that nobody in their right mind wants to implement.
2. Then, enforce it against whatever porn sites land in your jurisdiction at all, knowing that they, like everyone else, don't do the verification.
Am I close?
Suppose the porn site tries to implement it. How many people are going to hand over their personal info to a shady porn site? Most visitors are there anonymously for whatever free stuff they can watch.
Either way, the porn site is ... screwed. Implement age verification: 99% visitors now back-button out and find another porn site. Don't implement it: blocked or shut down.
So a state (or municipality or anyone capable of making laws) has the ability to say, "You don't meet our local laws, take down your URL" now?
This is going to be a real problem when states start nuking whole parts of the internet from orbit. A state has a law against conversion therapy and starts to remove sites with that? A state has a law against trans people? Or abortion? Or medical misinformation? Suddenly we just start purging sites back and forth?
Battlegrounds end up as torn up, muddy, desolate places. Turning the domain registry into a battleground is a bad idea. Over the long term, no one wins if we choose to fight there.
No. If a site doesn't want to comply with the state, they can geoblock. That's what pornhub does.
In the US, if you used a US domain or registrar, this is possible. If you are Dutch and registered a .nl domain with a Dutch registrar, this is not possible.
I thought this was always the case?
But what people do instead is to disable access for people from that specific state.
I mean the US works like this, it isn't suprising a US state also does.
If someone from the US does something illegal on your site (which is legal in your country), depending on how much they want you will end up in a US prison.
Before the US decided that betting online was OK, betting sites had travel advisories for their employees not to travel to the US.
This is a pretty clear violation of the First Amendment, but the current SCOTUS doesn't care about the Constitution.
Multiple conservative SCOTUS justices openly admit to taking bribes from parties with cases before them.
I believe the current precedent is that porn is not speech.
Wrong. Porn is considered protected speech unless it is considered “obscene” (which is an incredibly difficult bar to meet), and even possession of obscene material in one’s home is protected.
C’mon, people, these issues are trivial to look up the facts about. There’s no excuse for ignorance here. https://firstamendment.mtsu.edu/article/obscenity-and-pornog...
So nobody has ever gone to jail for possessing child porn?
Porn is speech. This has been litigated several times by SCOTUS.
Obscenity is not speech.
It seems like it's pretty easy to comply. Pornhub and others don't have any problems complying with TX.
According to this pornhub is blocked in 25 states including Texas.
https://mashable.com/article/pornhub-blocked-states-2025
You wrote this in the passive voice; it doesn't say who is doing the blocking.
Pornhub itself is doing the blocking; it uses geolocation and denies services to IP addresses from jurisdictions with age verification laws. The laws are usually not structured so as to require a third party such as an ISP to block noncompliant sites; instead, the governments of the states with those laws can sue the porn sites and their service providers (Verisign in the case of .com domains).
> You wrote this in the passive voice
I used the language of the link.
> The explicit tube site Pornhub is now blocked in 25 U.S. states
I had assumed that the states were blocking Pornhub but reading between the lines in the linked article it does imply it's not the states are not applying technical blocks.
The states have applied intentionally onerous requirements onto these sites with full knowledge that would most likely not comply making them de facto blocks. You wouldn't be fooled if a gangster said "that's some nice kneecaps you got there, it would be a shame if something happened to them" so I don't know why we are acting so naive about Texas and co.
I can't tell if it's Texas or Porn sites that are supposed to be the gangster in this metaphor.
Right, because they complied. Which was easy for them to do.
Oh look, Ken Paxton is bragging about accomplishing nothing.
The sooner the US loses control over the internet the better.
Just for clarity's sake, what is "the Internet", and how does "the United States" have "control" over it?
https://youtu.be/iDbyYGrswtg?si=AL91MHC5q5yg2jnA
The USA controls ICANN and IANA, who together control the DNS root, as well as controlling all so-called "generic" TLDs through ICANN. Only some country TLDs are actually outside of US jurisdiction, as many of the delegate to USA-based registry providers. ICANN/IANA still control whether or not those countries even get to have domains, so the USA could decide that if the Netherlands wouldn't block motherless-dot-nl then .nl shall no longer exist.
DNS being centralised in the USA was potentially problematic when they weren't abusing their power. Now that they are actually abusing their power, it is actually problematic.
ARIN is also a US non-profit corporation, located in Virginia, but the people who run RIPE and APNIC and AFRINIC might disagree that the Internet is entirely "controlled" by Americans.
RIPE, APNIC and AfriNIC (you forgot LACNIC or deliberately excluded it because South America is technically America) don't control the DNS.
Yes, my point was the dns isn't the "whole" internet. I know network engineers at some major ISPs that would still find a way to communicate with each other if a genie waved a magic wand and all dns infrastructure worldwide went "poof".
But also my point was that ARIN specifically is vulnerable to USA originated malicious court actions the same as verisign is.
Verisign continually responds to requests. ARIN traditionally doesn't - it just hands out numbers. But we'll see how RPKI makes ARIN more similar to Verisign. ARIN could be ordered to delete RPKI records for an AS, kicking it out of the portion of the internet that checks RPKI records - which also happens to be mandated by the US government.
you say this as you type it on an American-run website.
https://thenib.com/mister-gotcha/
They're not arguing for American-run websites to not exist.
Maybe another county should have developed, built out, and opened up the Internet themselves then?
So, what’s the safest domain tld that’s safe from all that craziness out there?
Your local country, provided that it is not crazy. Then you are only accountable to one country's jurisdiction.
Hard to say. .cn is of course always strictly regulated: every website needs to be reviewed and registered with the police, and open its data to them. But we can also see that .uk from the supposedly "free west" is moving closer to this.
If you're in China or in the UK, this is already true for your business, whether you have the domain or not.
Register two domains in different jurisdictions, with neither serving its own jurisdiction, and a redirect for stray users.
.onion
I don’t understand - was this site or company based in Texas?
Otherwise the general idea seems absurd that an individual state could freeze a domain impacting for the whole Internet…
(EDIT: I won’t lose any sleep at the loss of such scum but the general principle seems a bit strange.)
> obtained a court-ordered writ directing Verisign, the company that maintains the “.com” domain registry, to place the domain “motherless.com” on a registry lock, hold, or similar status.
So they're using the fact that Verisign is a US company and can therefore be leaned on.
I'm not sure how I feel about this. What do other countries do who don't have Verisign to lean on? US companies really don't like being told what to do by governments of other countries, but when the shoe is on the other foot...
> What do other countries do who don't have Verisign to lean on?
They lean on their ISPs, see Spain and the La Liga controversy.
But that, more appropriately, only affects internet users in that country (ignoring the cloudflare network blocking that causes various other sites to also be blocked).
This appears to basically wipe the site from the entire internet, for all countries.
When you create the infrastructure, you make the rules. If a party doesn't like those rules, they are free to create their own replacement infrastructure and obtain global buy-in.
ccTLDs already exist and their respective countries have sovereignty over those TLDs: the UK can disappear any .uk domain name it wants from the global internet.
The .com TLD is American, and is therefore subject to American legal proceedings.
> The .com TLD is American, and is therefore subject to American legal proceedings.
Ample precedent and prior case law exists that the US Federal government can obtain court orders to seize .COM domains. Going back 15 years now.
State government that's another question entirely. When people say "American legal proceedings", the distinction between state courts and federal courts have two very different regions of responsibility and authority.
https://www.law.cornell.edu/wex/full_faith_and_credit
> The .com TLD is American, and is therefore subject too American legal proceedings
This is not an "American" proceeding so much as a Texan one, and it's not clear that the State of Texas should have any jurisdiction over the .com TLD.
See Article IV, Section I of the Constitution of the United States of America. What a pesky document!
I think you know how absurd it sounds to say in response “well you can go and create your own internet”
Welcome to the world: people own things, have power, and use violence to protect their interests.
Stomping your feet on the ground because something's not perceived as fair doesn't really change things.
China has its own internet with limited access to the global "internet," other countries are free to do the same.
That's the correct way, because it applies only to residents of that jurisdiction. Texas should be able to prevent their local ISP's from showing illegal content, but not control what people see in other parts of the country/state.
> Full Faith and Credit shall be given in each State to the public Acts, Records, and judicial Proceedings of every other State.
Pretty clear to me.
It's not confusing and you should understand what's happening for your own safety. This has been happening for a couple of decades internationally and now with USA states.
This result means that Texas can take various means to block motherless. But more importantly no motherless employees should travel to Texas without risk of arrest. Same for abc/youtube/facebook employess traveling to India.
You should be aware of this and monitor it in your industry.
> travel to Texas without risk of arrest
This isn't some "non-extradition country without a treaty" scenario - "neener neener, if I don't step foot in your area you can't touch me." The United States does still have a functioning Constitution.
If Texas wants to arrest an employee of these organizations, they can simply issue a Texan arrest warrant and other States will be compelled to enforce it.
I would think it only applies to named employees, right?
Even people with mothers shouldn't travel to Texas.
> Even people with mothers shouldn't travel to Texas.
You know real, friendly, generous humans live in Texas, right?
I'm sure there are friendly and generous humans also living in North Korea and Iran. Doesn't mean I want to risk subjecting myself to their government's authority.
clearly more real, non-friendly, non-generous humans live in texas, who want their government to portray itself in such a way live in texas.
a reasonable number of those people is 10-15%, not 51%+
Until those people control the Texas government, I don’t see the relevance.
I grew up in South Africa during the apartheid era, when black people weren’t allowed to vote or even participate in the economy at much beyond the level of slaves. I didn’t get upset when people criticized South Africa, or boycotted it, because the country’s actions certainly justified that.
The entire US is in much the same situation now: in the process of flushing democratic governance down the toilet, elevating open corruption to the standard way of doing business, and flirting with authoritarianism to a degree virtually unimaginable just a few years ago.
In that context, the #notalltexans whine sounds rather muffled from all that sand you’ve stuck your head in.
How is South Africa doing today by comparison, in your opinion?
Would you rather live in Johannesburg or Dallas?
Real, friendly, generous humans live in Haiti, too. That doesn't make it a good travel destination.
The friendly, generous humans who resoundingly endorse the corrupt Ken Paxton's actions and will overwhelmingly vote for him to serve them in the senate this year? Actions speak louder than words. With friends like Texans, who needs enemies?
> The Office of the Attorney General will continue to use every available legal mechanism, including writs of attachment against domain names, to enforce Texas law and ensure that no company, regardless of where it is incorporated, can profit from exposing Texas children to harmful content.
And Kick Online Entertainment S.A. appears to be incorporated in Luxembourg. The "S.A." is a mostly European thing, kind of like a "limited" company.
> I won’t lose any sleep at the loss of such scum but the general principle seems a bit strange.
That's generally key in making a precedent. The first case is someone nobody really cares for, but it's built a precedent where the next case must follow suit.
https://en.wikipedia.org/wiki/Verisign
(Under "Controversies".)
> In March 2012, the U.S. government declared that it has the right to seize domains ending in .com, .net, .cc, .tv, .name, and .org if the companies administering the domains are based in the U.S. The U.S. government can seize the domains ending in .com, .net, .cc, .tv, and .name by serving a court-order on Verisign, which manages those domains.
Perhaps for violations of _federal_ law…
However, applying this for violations of _state_ law seems odd.
Where does it end?
What if a law enacted by a single US city’s city council is violated? Would US as a country seize the domain?
I'm gonna get a few people together and all run for city council so we can seize profitable domain names for ourselves.
"Sorry Meta, but BFE, Nebraska outlawed Farmville and now some guy named Bob owns facebook.com."
Texas isn’t the US government?
When people say “US government” they usually mean the federal government…
That was my point?
is verisign a texas company? id assume delaware, and so delaware, and the federal government have jurisdiction, not texas
No more than the government of France is the EU government.
It's more like the government of Hungry or Bulgaria in the EU analogy.
Texas isn't like a small corrupt country. It's like a big corrupt important country, like Germany. If it was small and corrupt it would be ignorable.
They're a small corrupt country.
The only thing slightly redeem about about them economic wise is their gas reserves. The way they run their state is very similar to a corrupt nation as well. They still want to break away from the US.
I think it remains to be seen whether Verisign follows through.
https://dnschecker.org/#A/motherless.com
So he managed to block the site globally for not forcibly violating the privacy of its users with mandatory age verification.
The US court system really needs to do something about this, and overturn Free Speech Coalition v. Paxton in favour of Reno v. American Civil Liberties Union.
Motherless shouldn't have used a domain under Texan jurisdiction if they didn't want this to happen.
The US court system is completely hamstrung by the current administration.
FWIW, the site isn't blocked globally. They just moved to a new domain.
I do generally agree that local governments trying to forcefully exert their influence beyond their jurisdiction is deeply problematic. It wouldn't even be possible to host a website on the internet if this becomes normalized, due to being held to thousands of contradicting standards. At most Texas should have the authority to tell Texas ISPs to block traffic.
Allowing states to force ISPs to block websites might be an even bigger can of worms.
> I won’t lose any sleep at the loss of such scum
Thank you for your virtue signaling. You're now registered as a lifetime GOP member.
It operates in Texas if it is serving Texas users.
> Kick Online, which openly describes itself as a “moral free” company, ignored the lawsuit and refused to comply with the court’s order. It continued publishing and distributing harmful sexual material that was accessible to minors in Texas.
This is the same website with a forum with millions of users trading information on how to assault their partner.
https://www.cnn.com/interactive/2026/03/world/expose-rape-as...
FAFO.
All fun and games till religions get in battles and shut down websites talking about gods and beliefs they don't like.
Indeed.
Does this mean Texas can shutdown other websites in other states that provide abortion support? I’m sure there are those who would argue such to be harmful to children…(not to mention the fetus)
They're already actively trying to prosecute people who mail medication across state lines.
Yes. With what they just did.
Yes, it means exactly that.
>religions get in battles and shut down websites talking about gods and beliefs they don't like.
Leftists and trans activists attempting to shut down Kiwifarms comes to mind.
All speech does not deserve the same protection, certainly not unlimited protection, says SCOTUS.
Supreme Court allows Texas to enforce law requiring age verification and parental consent on apps - https://www.scotusblog.com/2026/07/supreme-court-allows-texa... - July 6th, 2026
Supreme Court allows Texas’ law on age-verification for pornography sites - https://www.scotusblog.com/2025/06/court-allows-texas-law-on... - June 27th, 2025
https://mashable.com/article/all-the-states-and-countries-wi...
https://en.wikipedia.org/wiki/Social_media_age_verification_...
Right, that's why speech by white Christians males should be protected, and not any of those Muslims or gay people.
Now, I say this mockingly, my neighbors (yes I live in Texas) say such things with a steadfast belief. Which is really weird to me because they keep electing adulterers and rapists.
I don't see the disconnect you do - they are voting for white Christian men to protect white Christian men. The rape and adultery was hurting women (or gay guys).
> It operates in Texas if it is serving Texas users.
Then it's violating the laws of a whole lot of places by serving pornography to adults.
The existence of a web server doesn't feel like enough nexus to seize a domain.
> It operates in Texas if it is serving Texas users.
What do you mean "serves"? Does that just mean not actively blocking users from Texas? Allowing your web site to be accessible regardless of user location is, and always has been, the default way to run a web site. Your assertion would mean that web site operators are beholden to the laws of all jurisdictions on the planet if they don't actively block those users.
Think about what a bad precedent that would be. Some countries criminalize promotion of pro-LGBT+ content. What if those countries suddenly demand extradition of people who run pro-LGBT+ blogs because the web sites are available there?
Also, keep in mind that geolocation isn't actually part of the Internet - it's an overlay that private companies have cobbled together that usually works. But it's not perfect, especially at the subnational level. Many times I've connected to public Wi-Fi and I get an alert that I've signed into something from across the country, because that's where the Wi-Fi provider's IPs are located. Are you sure that every jurisdiction in the world will accept that if gelocation gets it wrong, you're off the hook? Utah has already claimed that companies are responsible for complying with their laws even if the user masks their location with VPN. https://www.privacyguides.org/news/2026/05/11/utah-targets-v...
> Think about what a bad precedent that would be. Some countries criminalize promotion of pro-LGBT+ content. What if those countries suddenly demand extradition of people who run pro-LGBT+ blogs because the web sites are available there?
Simple: a local court having jurisdiction over those individuals would utilize their own laws and discretion to decide if they are required to extradite these people.
If a country chooses not to comply, political consequences may ensue - this is basic international diplomacy. Russia doesn't seem to care about demands to extradite Snowden: they don't have to, they have the resources and political will to ignore these demands. Someday, perhaps to curry favor, they might comply.
Smaller, weaker countries don't have the luxury of noncompliance, nor do they have the same ability to have their various legal proceedings enforced extraterritorially.
Might makes right.
Today I learned that a foreign government operates in Texas.
I didn't know that Texas is supporting and promoting the North Korean government: http://naenara.com.kp/main/index/en/first
I wonder why they aren't being called out for anti-American terrorist groups.
Not a .com domain, so out of reach. Anything within US reach, individuals or entities, is fair game from a US judicial system perspective.
Everyone learns this the hard way, it seems.
I think he means since IANA/ICANN assings country LTD, so technically it's also under USA jurisdiction.
Waiting for the day when texas court demands deleting .ee LTD (since estonia is currently only country which has fought agaisnt age verification laws)
you'll find people in the thread saying that if its accessible in texas, its in Texas
under that setup, yes, twxas is illegally breaking US sanctions against north korea
A federal court, sure. But this was a state court ruling on a state law.
My other comment in this thread has citations demonstrating SCOTUS support and approval for Texas to enforce these laws, as well as links to statue trackers showing where states and countries have implemented these age validation requirements for social media and adult content sites.
It was a choice by Motherless and their holding company, Kick Online, to egregiously ignore Texas law; the law has been found sound by the US Supreme Court, and enforceable by Texas. These are the facts of the situation. Everything else to discuss on this is feelings and opinion, unless there are relevant facts not yet shared or discovered.
https://news.ycombinator.com/item?id=48953591
Importantly "egregious" is also opinion.
The other point of view is that they "very reasonably" ignored Texas law because they're not in Texas.
The Supreme Court found that the law was valid, but that ruling doesn't mean it necessarily applies in a situation like this.
Article IV, Section I
Full Faith and Credit shall be given in each State to the public Acts, Records, and judicial Proceedings of every other State.
The problem is that Paxton is attempting to do the same thing to every site that doesn't forcibly violate user privacy with mandatory age verification. Its part of Project 2025 and the Heritage Foundations goals, and its incompatible with privacy rights.
> it operates in Texas if it is serving Texas users
Nonsense.
There is no reliable way to not serve your content to people in Texas. If anything, Texas should compel ISPs to not serve it to their Texas customers.
That's the point. Texas will argue that every website operates in Texas so they get to take down every website.
I took a quick look at the Texas law. Like a few other such laws it allows sites to use an external service to do the check, as long as the service uses a "commercially reasonable" method of doing that. That basically means it has to be based on government ID or by inference based on certain types of transaction records they can get access to (e.g., if you have a mortgage they can reasonably infer you are an adult).
As far as I can tell it would be possible to build an age verification service based on an open source ZKP implementation such as Google's Longfellow [1] that would be acceptable to these laws, but would allow anonymous age verification. It would be similar to the system the EU is now trialing, except not limited to iOS and to Android devices with Google Play. Longfellow should be able to work with those but also most modern smart phones running any OS the supports the phone's secure element, and also desktop computers that have secure elements, and devices like YubiKeys.
You would have to verify your age with the age verification service to set things. The easiest way to make it so that is not a privacy risk is for the age verification service to be offered by some entity that already has your ID documents. In the EU that would be the governments themselves, but I don't think any US state governments are ready to do that.
The age verification service doesn't necessarily need to store copies of whatever ID you present. It just needs to know you are when it issues its ID documents that get bound to your device's secure element. If this service was offered by some entity that has a widespread physical presence (a bank would be perfect) you could go in, show ID in person, and get your device enrolled.
Even better would be for a trusted non-profit to run this, like the EFF or the ACLU. Yes, I know they don't want age verification to happen at all, but they are going to lose that one, and it would be prudent to try to make it so that people have a privacy preserving way to do it that can be used anonymously when that happens.
Anyway, once your device is set up verifying your age to a website would involve a protocol between your device in the website the uses a ZKP (Zero Knowledge Proof) to demonstrate to the website that the identify information the age verification service bound to the secure element on the your devices says your age is acceptable. The ZKP doesn't disclose anything else from your identidy information. (The web server sees your IP address of course, but they would see that without age verification too). Note that the age verification service has no idea when, or were, you age verify at a website.
[1] https://github.com/google/longfellow-zk
> Even better would be for a trusted non-profit to run this, like the EFF or the ACLU.
You're seriously proposing that organizations along the same general lines as the EFF or ACLU would be okay with being the implementing partner of a "papers, please" identify verification regime? I highly doubt their leadership would entertain the idea for even the briefest moment.
I'm proposing that organizations like that recognize that age verification is going to happen, and try to ensure that when that happens there will be at lease some age verification services that do it in a way that doesn't subject you to a "papers, please" situation every time you go to a website that has to check age.
It can be done with either 0 or 1 "papers, please" events per device rather than 1 per website or worse 1 per website visit, and without preventing anonymous access, but most of the laws do not require that it be done that. Most age verification services will do the minimum required, which usually will mean they are more intrusive and more leaky.
The best way they could ensure that, if they can't convince governments to write the age verification laws to require it, would be to operate such a service themselves.
I hate how quickly some people have just accepted age verification is inevitable.
Even ignoring the political aspects, like the fact that EFF/ACLU don't want to be in this business (as you note)…
This system will likely fail in the same way that almost every new DRM system has failed: someone will implement the "secure element" badly and its keys or secrets will get exfiltrated and cloned.
It's one thing to keep a cryptosystem secure when its users appreciate that system (e.g. hard disk encryption or TOTP 2FA)… but it's very hard to keep cryptosystems secure when millions or billions of people are unwilling and resentful users having those systems imposed on them.
There's no such thing as "reasonable age verification measures". Its lie spread by fascists like Ken Paxton, the Heritage Foundation, and ton of other evil people.
Well the site does not present Texas in a good light. Their .gov site presents me with this. Looks like they need to worry about their own site instead of worrying about out of state sites.
>Warning: Potential Security Risk Ahead
> Firefox detected a potential security threat and did not continue to www.texasattorneygeneral.gov. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.
It's being served by cloudflare and gets A+ from ssllabs. Maybe there's something going on with your network or your browser's TLS support.
Perhaps you could take it up with your ISP or whoever is doing mitm?
I wonder when browsers will follow Brave's lead and support decentralized domains that can't be censored due to laws from half way across the world.
Definitely bad overall and opposed to the principle by which this is being done, but I am at least glad it happened to motherless. The last I saw of that site it had terrible moderation and hosted quite a bit of dubious material.
So it's bad but you're okay with it because it's being done to someone you don't like..
This is exactly how we lose all our rights.
I guess by default all .com's have US jurisdiction? Because even if it's a default judgment, and the registrar is based out of the US, which seems to the case here, any court order from the US is able to take a domain down.
Found the case, https://law.justia.com/cases/federal/appellate-courts/ca9/07...
The Ninth Circuit held that the U.S. court had jurisdiction to proceed because VeriSign—the registry for all .com domains—was located in the United States.
Every TLD that is not a ccTLD is effectively a US ccTLD. This has always been the case, and perhaps the US has tricked us into becoming complacent. If the world was fair they would all be underneath .us.
I want to see other countries start rejecting the ICANN root and forcing all the US domains under .us, but it will never happen. It would break their vhosts for one thing. Doing it at the browser level could avoid that.
I vaguely recall some crypto project that was 'blockchain for domain names'. I scoffed at it at the time, but maybe there is a real need for something like that after all. (Or some other system for domain names you truly own and can't be rugpulled.)
Probably Namecoin, but there are several now. Probably ENS (Ethereum name service) is the most notable.
But keep in mind Zooko's triangle - you can't have all three of secure, human-readable, and decentralised.
In Zooko terms, blockchains are secure, human-readable, centralised registries - there is only one, and you have to stay connected to it. Onion domains (which are public key hashes) are secure, unreadable, and decentralised. Petnames (as used in I2P) are insecure, readable, and decentralised.