Beginning 1 September, we will need to geoblock Mississippi IPs

You pretty much just plug the IP into a geolocating API and hope. There's nothing else to do. Any collateral damage is on the legislation, not any individual site or admin.

As you say, IP geolocation is unreliable. Unfortunately that's the only option. If it is technologically impossible to comply with the law, you just gotta do the best you can. If someone in MI gets a weird IP, there's absolutely nothing any third party can do. That's on the ISP for not allocating an appropriate IP or the legislators for being morons.

GeoIP services are not 100% accurate, but that doesn't mean they're completely useless.

The law in question requires "commercially reasonable efforts"

I live in Vancouver, WA and my IP comes back to Portland, OR.

ISPs have no obligation, although the ubiquity of sites and apps relying on IP geolocation mean that ISPs are incentivized to provide correct info these days.

I run a geolocation service, and over the years we've seen more and more ISPs providing official geofeeds. The majority of medium-large ISPs in the US now provide a geofeed, for example. But there's still an ongoing problem in geofeeds being up-to-date, and users being assigned to a correct 'pool' etc.

Mobile IPs are similar but are still certainly the most difficult (relative lack of geofeeds or other accurate data across providers)

Probably an area for Cloudflare to offer it as a service. Content type X, blocked in [locales]. Advertised as a liability mitigation.

Any physical business has to deal with 100s of regulations too, it just means the same culture of making it extremely difficult and expensive to do anything at all is now coming to the online world as well, bit by bit.

More to the point, why would anyone outside of Mississippi need to comply? What legal grounds do they have to dictate what other people do outside of their state?

Check your local laws and make sure never to travel outside your current state.

Ah! Thank you. I was wondering why mjg59 needed to geo-block people on his blog. I had no idea dreamwidth was a platform and he was only a user of that platform. I don't think I've ever seen anyone else's content on that site. Now I feel dumb because I've been calling him "dreamwidth" in my head for years.

And the law in question:

https://en.wikipedia.org/wiki/The_Walker_Montgomery_Protecti...

Thanks, I could not get by their really bad captha

> This is so short-sighted.

Might as well be the slogan of the current era

>Surprising how quickly everyone is expected to comply with these laws - within a week you're supposed to block what could be a portion of your user base?

But the law was signed over a year ago[1]? The recent development was that the injunction blocking the bill from being implemented got struck down. I'm not sure what you'd expected here, that the courts delay lifting the injunction because of the sites that didn't bother complying with the law, because they thought they'd prevail in court?

[1] https://legiscan.com/MS/bill/HB1126/2024

I don’t think it’s short sighted. They just don’t care.

> Clueless human, but what stops a company from ignoring these laws from certain states?

The threat of lawsuits.

> How is this enforceable if a company doesn't have any infrastructure within that state?

If you are intentionally doing business in a US state, and either you or your assets are within the reach of courts in the US, you can probably be sued under the state's laws, either in the state's courts or in federal courts, and there is a reasonable chance that if the law is valid at all, it will be applied to your provision of your service to people in that state. Likewise, you have a risk from criminal laws of the state if you are personally within reach of any US law enforcement, through intrastate extradition (which, while there is occasional high-profile resistance, is generally Constitutionally mandatory and can be compelled by the federal courts.)

That's why services taking reasonable steps to cut off customers accessing their service from the states whose laws they don't want to deal with is a common response.

Now I am curious as well. Are there…extradition treaties between states?

Apparently, U.S. statutory and case law establish that a business has an "economic nexus" in a state can be made subject to that state's laws. An economic nexus doesn't require a physical presence, just sufficient economic activity. Sufficient economic activity is usually defined, by each state, according to revenue or volume of transactions. Another test for an economic nexus is something called purposeful availment, which is whether a business is targeting the residents of a jurisdiction. So it seems like, "Are you intentionally selling to Missouri residents?"

To enforce all this, states can sue companies and they can take steps to ensure companies can't do business in their state (so like maybe force ISPs to block Dreamwidth?).

If they're able to elevate some of your charges to the federal level you're fucked. IANAL though so I don't know if/how that would happen.

> How is this enforceable if a company doesn't have any infrastructure within that state?

It's a good question. Maybe something with interstate commerce laws?

IANAL but i don't think using a vpn matters...Because whether a user is using a vpn or otherwise or not, if the user is identified as from Mississippi, that would be the test for whether these guys would need to block or not. Like, if a user from Mississippi uses a vpn, and these guys don't know that and detect that this user's IP is from, say, Arkansas...how would they be held liable? Unless, i'm missing something, right?

NAL, but yes, I believe that it would still be a violation of the law. That said, laws aren't applied by robots and it's likely they would be given leniency if they could show they actually tried to respect the law.

If they make an honest attempt to comply and a small number of people using VPNs slip through the cracks, if they're ever reported, they'll likely be given a slap on the wrist at most. If they ignore the law or do some obvious half assed attempt to comply and thousands of Mississippi users are still using their site and they get reported, it's far less likely that a judge will be lenient.

Seems to work without issue in states that require age verification for pornography sites. Would assume a site like pornhub has spent money on lawyers

I don’t see how, but the people trying to implement total control of speech, thought, and communication in America are a diabolical and crafty bunch that will likely try putting someone through the wringer for that one day.

The end game here is total control and awareness of who is saying what at any time, in order to allow those messages to be thwarted.

It’s unclear how that phrase got into the wiki; the bill text https://billstatus.ls.state.ms.us/documents/2024/html/HB/110... does not seem to mention that phrase.

The law mentions that it does not apply to job application websites.

https://law.justia.com/codes/mississippi/title-45/chapter-38...

That's probably what the wikipedia author meant to say

Yeah the Wikipedia explanation has faulty grammar. I couldn't figure it out either.

My understanding is that this is similar to the law the UK passed recently except instead of verifying age of users for "adult" content, every platform needs to verify (and log) age of all users for all content?

It can't possibly be that ridiculous.

For the Bluesky ban, I'm not in Mississippi, but whatever IP Geolocation service they're use thinks I my home internet is in Mississippi. It's doubtless that lots of people inside Mississippi but near borders aren't being blocked, because that's just not a thing that's really possible.

If I were in Dreamwidth's shoes, I'd be very much concerned with minimizing legal exposure, not number of users excluded. At 10k/user*day, it's a reasonable choice to block as broadly as makes sense.

Tough for the neighbors, but nitpicking "resident" is not a good choice here.