- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
Decentralized social network Mastodon says it can’t comply with Mississippi’s age verification law — the same law that saw rival Bluesky pull out of the state — because it doesn’t have the means to do so.
The social non-profit explains that Mastodon doesn’t track its users, which makes it difficult to enforce such legislation. Nor does it want to use IP address-based blocks, as those would unfairly impact people who were traveling, it says.


Well even if mastodon.social complies, there are many many other instances to choose from, from all different countries
and even other similar platforms like Sharkey or Mbin that work with Mastodon
It doesn’t matter, though. They all have the same choice to make: comply, shut down in that territory… or be fined an insane amount.
Eugen argued… well, pretty much what you are arguing now. The question Bluesky guy posed to him is what Mastodon.social would do and how would the presence of smaller instances prevent the issue, especially for instances without the resources to comply at all in the first place.
Eugen did not respond to that, but Mastodon.social just did, and the answer is… Mastodon.social will do the same thing as Bluesky and so will every other instance.
Because of course it’s pretty obvious that having a decentralized platform doesn’t help with stupid regulation, because stupid regulation applies to every instance. There’s no reason decentralization would bypass a blanket requirement unless the legal requirement has carved an exception for smaller platforms (and even then there’s a question of what counts as a platform in that scenario).
And the thing is… I’m okay with you not having though that through, but Eugen certainly must have. Right? I mean, they had a pretty well thought out answer for Techcrunch in 24 hours, they must have given it some thought. It’s an unforced communication error.
Those are not the only choices… not everyone can/will be fined (example: Pirate Bay)
Why are we focusing on mastodon.social? I’m not even a fan of mastodon.social. I’m not really interested in their original discussion either. Honestly I kinda hope mastodon.social does comply or lock users out so that users spread out more to other instances instead. But they aren’t even close to the majority of the Fediverse anyways.
There are plenty of instances hosted in different countries that won’t care about this law, or you can self host.
You do know that Eugen developed the Mastodon software, right? He’s not advocating for mastodon.social, he’s advocating for Mastodon.
I’m just talking about the Fediverse. Sure ATProto can theoretically avoid this too but they don’t have as many choices for instances, if any at all that are outside the US and federated with Bluesky? And it seems like self hosting is much harder.
We are focusing on mastodon.social because you jumped on a thread about mastodon.social confirming they won’t be complying with Mississippi’s age verification law, which in turn is a follow up to coverage of Bluesky doing the same thing. And also because Eugen Rochko jumped into that announcement to claim that Bluesky stepping away from that territory was an example of how Fedi’s wider decentralization was an advantage, even though it turned out to no be an advantage at all.
Why would we be talking about anything else? That’s literally the topic. You may be looking for a different thread. If anything, the uncontrolled impulse to talk about the ways in which AP is more decentralized than AT whether that’s relevant to the conversation or not is the exact communication mistake Eugen made. Which makes doing that again even weirder.
To be clear, it doesn’t matter where your instance is hosted. Mastodon.social is not hosted in Mississippi, either, it’s hosted in Berlin. You’re still taking on a TON of potential liability if you don’t comply with their age verification or block that territory from access if the law stays in the books, just like you’re risking a ton of liability if you breach GDPR even if your site isn’t in the EU.
The title says Mastodon, not mastodon.social, and it appears that Eugen was talking about the Fediverse or Mastodon, not mastodon.social specifically (hence the word decentralization, the discussion was not centralized on mastodon.social).
I think people are mixing up the discussion between Mastodon vs mastodon.social too much. Eugen and his non-profit are the developers of Mastodon, so it makes sense for them to be talking it up.
That quote from the article does NOT say mastodon.social
There are other countries… watch and see how many instances just ignore the law, there will be many in the Fediverse.
I mean Pirate Bay is still running lol, so yeah I think decentralization works
No, the article is about Mastodon.social’s nonprofit following up with an official statement after not responding when approached about the original report.
Eugen himself was just shitting on Bluesky, his entire comment was that Bluesky leaving showed “why true decentralization is important”. Ironically, that whole pissing match ended up hinging about how much Eugen was focusing on Bluesky rather than their protocol, too. Turns out to be a popular deflection and it turns out to not change anything practical.
You are retroactively trying to reinterpret the subject matter here to save face and I’m too tired right this minute to entertain it. We don’t have to have a conversation, man, no hard feelings, but if you insist on having one here I’d appreciate if it wasn’t about something else entirely.
Are you talking about Mastodon gGmbH? https://joinmastodon.org/de/about
https://github.com/mastodon
Yeah, Mastodon gGmbH also hosts mastodon.social, as far as I can tell. Or… I mean, at least that’s the address and company info they show in mastodon.social’s about page (not Mastodon, but mastodon.social, there are two separate About pages, both reference Mastodon’s gGmbH’s address).
The one thing I’ll give you is that the statement they issued is talking about Mastodon software overall not having the technical tools to comply with the law in the first place and are explicitly refusing to comment on what mastodon.social will specifically do about it.
Which is irrelevant because, one presumes, if the answer was to build the tools to be able to comply with the age verification law they would have said that and put them into the Mastodon software, not just kept them exclusively for mastodon.social.
And who are they going to address that fine to? Tell them to shove it up their fucking arse as their laws mean nothing to you if you don’t live there.
Yeah, well, remind me not to do business with you under any circumstances.
Self hosting is cool and all, but if you think decentralized networks and services are a get out of jail free to bypass regulations applying to their centralized counterparts you shouldn’t be hosting decentralized networks and services.
For one thing if you have no understanding of legal compliance I don’t want you to store any of my data at all.
I don’t need to comply with American laws as I am not American. Their law literally does not apply to me
If you run a social media platform that hosts American users they actually might.
Same as the bar for whether GDPR applies to you isn’t whether your server is physically in the EU, it’s whether you’re processing data from EU users. Or, in fact, how you’re supposed to get explicit permission from EU users to host their data anywhere outside the EU in the first place.
Now, I’m not a lawyer in Mississippi, so I’m not gonna give you legal advice, but I would definitely look into it if I’m setting up a public instance. The same way I’d be looking into what compliance things I need to do to host people’s data, both due to GDPR and due to other privacy laws around the world. It’s one thing to set up for friends and family, but if you’re hosting data from outsiders you probably need to understand what you’re doing.
I’ve also not looked into what happens if you are sharing data with a noncompliant server in a restricted territory (so someone is self hosting in Mississippi and then federating with your server elsewhere). I don’t think the legislators who wrote this dumb rule know, either. They clearly haven’t thought that far ahead. Common sense dictates that the outside server would be fine and it’d be the local server’s problem to be compliant. I presume that’s what Bluesky is counting on (i.e. that someone will set up a local instance and act as an ingest bridge for them without it having to be them). Then again, you have British legislators now claiming that all VPNs need to have age controls, so I am not taking common sense for granted when it comes to these things.
How exactly do they plan on enforcing a fine when you have no business in their country? It works on companies that have an actual presence there. But if you just don’t care about that country you could completely ignore it.
Yeah, see, I’m not a lawyer, but I am confident enough that “committing crimes in another country remotely is safe” is absolutely terrible legal advice. Don’t do that. I am confident enough in my understanding of legal matters to issue that recommendation.
I mean, I’ve given Rochko crap here for not thinking things through when he incorrectly suggested more decentralization would make Masto behave differently than Bluesky in this issue. I don’t for a second assume he meant “because fuck it, fine me if you can, USA” or I would be giving him way more crap and closing my Masto account just in case for good measure.