Comment on Mastodon says it doesn't 'have the means' to comply with age verification laws
Korhaka@sopuli.xyz 1 day agoAnd who are they going to address that fine to? Tell them to shove it up their fucking arse as their laws mean nothing to you if you don’t live there.
MudMan@fedia.io 1 day ago
Yeah, well, remind me not to do business with you under any circumstances.
Self hosting is cool and all, but if you think decentralized networks and services are a get out of jail free to bypass regulations applying to their centralized counterparts you shouldn't be hosting decentralized networks and services.
For one thing if you have no understanding of legal compliance I don't want you to store any of my data at all.
Korhaka@sopuli.xyz 17 hours ago
I don’t need to comply with American laws as I am not American. Their law literally does not apply to me
MudMan@fedia.io 16 hours ago
If you run a social media platform that hosts American users they actually might.
Same as the bar for whether GDPR applies to you isn't whether your server is physically in the EU, it's whether you're processing data from EU users. Or, in fact, how you're supposed to get explicit permission from EU users to host their data anywhere outside the EU in the first place.
Now, I'm not a lawyer in Mississippi, so I'm not gonna give you legal advice, but I would definitely look into it if I'm setting up a public instance. The same way I'd be looking into what compliance things I need to do to host people's data. It's one thing to set up for friends and family, but if you're hosting data from outsiders you probably need to understand what you're doing.
I've also not looked into what happens if you are sharing data with a noncompliant server in a restricted territory (so someone is self hosting in Mississippi and then federating with your server elsewhere). I don't think the legislators who wrote this dumb rule know, either. They clearly haven't thought that far ahead. Common sense dictates that the outside server would be fine and it'd be the local server's problem to be compliant. I presume that's what Bluesky is counting on (i.e. that someone will set up a local instance and act as an ingest bridge for them without it having to be them). Then again, you have British legislators now claiming that all VPNs need to have age controls, so I am not taking common sense for granted when it comes to these things.f
Korhaka@sopuli.xyz 16 hours ago
How exactly do they plan on enforcing a fine when you have no business in their country? It works on companies that have an actual presence there. But if you just don’t care about that country you could completely ignore it.