Beginning 1 September, We Will Need to Geoblock Mississippi Ips
Key topics
Dreamwidth's decision to geoblock Mississippi IPs starting September 1 has sparked a lively debate about the implications of complying with state laws that restrict online content. Some commenters, like Bender, suggest that dynamically blocking users with registered addresses in Mississippi might be a more effective approach, while others, like groby_b, argue that minimizing legal exposure is the top priority. As users weigh in, concerns about the law's enforceability and the potential for over-blocking arise, with some, like andybak, feeling that the restrictions effectively shut them out, despite not living in Mississippi. The discussion reveals a complex web of issues surrounding jurisdictional authority and online freedom.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
-114233s
Peak period
67
0-2h
Avg / period
11.4
Based on 160 loaded comments
Key moments
- 01Story posted
Aug 27, 2025 at 4:03 PM EDT
4 months ago
Step 01 - 02First comment
Aug 26, 2025 at 8:19 AM EDT
-114233s after posting
Step 02 - 03Peak activity
67 comments in 0-2h
Hottest window of the conversation
Step 03 - 04Latest activity
Aug 28, 2025 at 7:43 PM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Google have additional information about IP addresses that updates dynamically based on cell phone, wifi and other magic usage so maybe ask them if they have some javascript that queries their site for more specific city/state details. Also call Pornhub and ask how they were blocking specific states to meet legal requirements.
Tough for the neighbors, but nitpicking "resident" is not a good choice here.
It would be pretty crazy if you could kill someone in Arizona and then just walk over the border to California and not be able to be prosecuted…
https://en.wikipedia.org/wiki/Zone_of_Death_(Yellowstone)
"The Zone of Death is the 50-square-mile (130 km2) area in the Idaho section of Yellowstone National Park in which, as a result of the Vicinage Clause in the Constitution of the United States, a person may be able to theoretically avoid conviction for any major crime, up to and including murder"
>New York governor rejects Louisiana's extradition request for doctor in abortion pill case
cough
I mean it would be absurd if an anti-death-sentence state started trying to extradite the executioners working in pro-death-sentence states for murder, right?
Not by the same definition, no, its not, though there is a crime called "murder" in all states, and there tends to be significant overlap in the definitions.
There is a certain group in the USA that is working hard on undermining the rights of the people of America, the enemies, foreign and domestic, per se; and this is part of their plank to control speech through fear and total control and evisceration of anonymity.
I support controlling access to porn for children, especially since I know people who were harmed and groomed by it, but these types of laws are really just the typical liar’s wedge to get the poison pill of tracking and suppression in the door.
I hope some of the court cases can fix some of these treasonous and enemy acts by enemies within, but reality is that likely at the very least some aspects of these control mechanisms will remain intact.
If it really was about preventing harm against children, then they would have prevented children from accessing things, not adults. But that’s how you know it’s a perfidious lie.
This MS situation is just another step towards what they really want, total control over speech, thought, and what you are able to see and read.
This MS situation is just a kind of trial balloon, a probe of the American people and the Constitution and this thing we still call America even though enemies are within our walls dismantling everything.
As you may have read, in MS they are trying to require all social media companies to “…deanonymize and age-verify all users…” …… to protect the children, of course. So you, an adult, have to identify yourself online in the public square that is already censored and controlled and mapped, to the government so it can, e.g., see if you oppose or share information about the genocide it is supporting … to protect Mississippi children, of course.
(It is possible for state charges existing to make other actions federal crimes, though, e.g., there is a federal crime of interstate travel to avoid prosecution, service of process, or appearance as a witness. But state charges themselves can't get "bumped up" to the federal level.)
It's a good question. Maybe something with interstate commerce laws?
That loophole got closed once inter-state data sharing became possible and Oregon merchants were required to start collecting those out-of-state taxes at the point of sale.
Avoiding taxes. It's different. It was always perfectly legal to travel to another state to buy something expensive and bring it back home. No crimes were committed.
It was a loophole that you could buy in Oregon specifically to avoid $1,000s in sales taxes.
It was legal to do that. If it was purchased out of state with the intent of bringing it back home, then (assuming the home state was California) California use taxes were always owed on it. Other states with sales taxes also tend to have similarly-structured use taxes with rates similar to the sales tax rates.
They were legally avoiding sales taxes, but also illegally evading use taxes, and, moreover, there is very little reason for the former if you aren't also doing the latter, unless you just have some moral objection to your taxes being taken at the point of sale and the paperwork and remittance to the government being done by the retailer instead of being a burden you deal with yourself.
AFAIK it's not that Oregon changed anything, either. It's that Washington passed additional laws that require out-of-state merchants to collect the tax when selling to customers in WA, and said out-of-state merchants complied.
https://www.supremecourt.gov/opinions/17pdf/17-494_j4el.pdf
https://en.wikipedia.org/wiki/South_Dakota_v._Wayfair,_Inc.
Prior to this ruling, if you were a merchant in state A and you mailed something to someone in State B, you were not considered to have an economic nexus in state B, and hence state B had no jurisdiction over you to enforce sales tax collection.
Previous definitions of economic nexus involved having physical buildings or employees operating within a jurisdiction's boundaries.
South Dakota v Wayfair said that mailing something to a customer established economic nexus in the customer's jurisdiction, hence the merchant now has to register as a business in the customer's jurisdiction and collect applicable sales taxes and follow all the laws of that jurisdiction.
The whole ruling is weird though, because the justification came down to it's messing up the order of things, and since Congress can't be bothered to fix it with legislation, the Courts have to make up stuff to prolong the status quo.
The situation petcat described is tax evasion (illegal, since use tax is due in lieu of paying sales tax at point of purchase, assuming item is brought back to home state).
Tax avoidance is simply minimizing tax liability, completely legal.
It’s called a ‘use tax’. In practice, nobody pays (personal) use tax, myself included.
Washington has a use tax: https://dor.wa.gov/taxes-rates/use-tax
California has a use tax: https://cdtfa.ca.gov/taxes-and-fees/use-tax/
Idaho has a use tax: https://tax.idaho.gov/taxes/sales-use/use-tax/online-guide/
So, all of those people going to Oregon to shop without sales tax and not paying use tax were technically breaking the law, not using a loophole. I’m not judging them, I don’t pay use tax either :)
I understand it used to be possible to show ID in store and have sales tax not be applied, but now you need to submit receipts and etc.
I’ve never understood people like you that say anything and everything to increase taxes.
How does it make any rational or logical sense that you should pay higher taxes for something?
So when you go to Delaware that has 0% sales taxes, you make sure to log everything and pay taxes to your home state upon return?
If you don't, you are technically violating the law. All states with sales tax also have a use tax.
For example, if you are a resident of neighboring Maryland, this is the form you'd need to fill out for purchases you make in Delaware.
https://www.marylandcomptroller.gov/content/dam/mdcomp/tax/f...
Now, buying a fancy computer or something... but a car?
I haven't seen it as much in WA, but I used to see a lot of Oregon plates on new vehicles in Northern California where I had reason to believe the driver was a resident of CA. I do know someone who was pulled over for driving like a Californian while having out of state plates, so there's some enforcement that way anyhow. (Changed several lanes from the fast lane to the exiting lane in a continuous motion)
Oregon merchants are not required to collect sales tax for any other jurisdictions outside of Oregon. And they don’t, any non Oregonian can go to any merchant in Oregon right now, and you will be charged the same as any other customer who lives in Oregon.
Also, it was never a loophole to buy things in Oregon to evade sales tax. All states with sales tax require their residents to remit use tax for any items brought into the state to make up the difference for any sales tax that would have been paid had it been purchased in their home state.
The threat of lawsuits.
> How is this enforceable if a company doesn't have any infrastructure within that state?
If you are intentionally doing business in a US state, and either you or your assets are within the reach of courts in the US, you can probably be sued under the state's laws, either in the state's courts or in federal courts, and there is a reasonable chance that if the law is valid at all, it will be applied to your provision of your service to people in that state. Likewise, you have a risk from criminal laws of the state if you are personally within reach of any US law enforcement, through intrastate extradition (which, while there is occasional high-profile resistance, is generally Constitutionally mandatory and can be compelled by the federal courts.)
That's why services taking reasonable steps to cut off customers accessing their service from the states whose laws they don't want to deal with is a common response.
Except for very specific things that are forbidden to the states in Art. I Sec. 10, or where Congress has specifically closed off state action in its own actions under the Interstate Commerce Clause, states retain the ability to regulate commerce in manners that impact interstate commerce so long as they do not discriminate against interestate commerce compared to in-state commerce in such regulations.
To enforce all this, states can sue companies and they can take steps to ensure companies can't do business in their state (so like maybe force ISPs to block Dreamwidth?).
When I get the time, I'll be hosting a site from my closet that allows anything short of csam and I will reject states like MS and TX. My final act will be to die. But I don't much want to live.
Anyway find a reason to live, unless you're objectively suffering there's quite a few
https://en.wikipedia.org/wiki/Dreamwidth
https://en.wikipedia.org/wiki/The_Walker_Montgomery_Protecti...
The end game here is total control and awareness of who is saying what at any time, in order to allow those messages to be thwarted.
If they make an honest attempt to comply and a small number of people using VPNs slip through the cracks, if they're ever reported, they'll likely be given a slap on the wrist at most. If they ignore the law or do some obvious half assed attempt to comply and thousands of Mississippi users are still using their site and they get reported, it's far less likely that a judge will be lenient.
Dreamwidth has been at the forefront of banning large swaths of the internet. They started doing it years before anyone else. Before the for-profit corporate spidering of HTTP/S content even began causing issues. This is well trod territory and entirely familiar for them and their upstream network provider they like to blame their inability to fix it on.
Pornhub and BlueSky have done similar in response to this legislation in Texas. Wikipedia and a few other sites blocked the UK to avoid being burdened by their Safety act. Pretty much every streaming platform implements regional geo blocking for licensing reasons.
I’ll be curious to see how things shake out in the long run given the current political climate.
No? Wikipedia is not blocked in the UK.
Also, for the enforcement agency who is/will be tasked with checking things out here...do they know whether geo-blocking is valid method or not? Its a silly law, don't get me wrong...but if its enforcement validation mechanisms are not up to snuff, i wonder how things will play out - both here in dreamwidth's case and other folks in a similar boat?
It may not be, if the law can be applied to them.
OTOH, may be sufficient to make it illegal to apply the law to them in the first place. US states do not have unlimited jurisdiction to regulate conduct occurring outside of their borders, but they do have more ability to regulate conduct of entities intentionally doing business within their borders.
For example, these days in Russia awareness and usage of VPN is well beyond any normal country. With Facebook and IG for example blocked for Meta being officially branded an "extremist organization" (by the way Taliban was taken off that list recently, so what do you guys in Menlo Park are cooking what is worse than Taliban? May be some freedom of speech? :) people in Russia of all strata is still using it, now through VPN, many from mobile devices. The thing of note from USSR/Russia here is that habitual violation of unreasonable laws breeds wide disrespect for the system of law as a whole, and it i very hard to reverse the flow.
It is possible some US States and maybe the UK will end up like China.
it is like age verifying current generic access to the Internet. Sure, we'll come to this too (the anti-utopias aren't fiction, it is future :), yet we still don't verify such a generic access because it isn't the time yet, the society isn't yet totalitarian enough.
As a preview - in Russia (i'm less familiar with China to comment on it) they do already attack VPN by making it illegal to advertise it, something like this.
Launch a small website and commit a felony in 7 states and 13 countries.
I wouldn't have known about the Mississippi bill unless I'd read this. How are we have to know?
Regulatory capture in real time!
What would you have preferred? Of course you'd prefer if the law never existed in the first place, but I don't see having a third party auditor verify compliance is any worse than say, letting the government audit it. We don't think it's "regulatory capture" to let private firms audit companies' books, for instance.
it's regulatory capture if a cartel of ID verification companies are lobbying for specific requirements that lock out upstart competitors.
But yeah, this definitely sounds like a business opportunity for services or hosts.
Capitalism at its best. We have a definite problem with over-regulation and a judicial system that isn't coping nor keeping up. Capitalism, instead of fixing the problem, makes a business model out of it.
Capitalism: Why fix it when you can make money of it.
I suppose this is what confused me then, as it seemed obvious that e.g. the Facebook reccomendation algorithm isn't speech, so if a social media site would be considered speech it would be due to the user content. Section 230 doesn't in any way supercede the constitution, but it does clarify which party is doing the speech and thus where the first ammendment would apply.
No, it immunizes certain parties from being held automatically liable (without separate proof that they knew of the content, as applies to mere distributors [0]), the "publisher or speaker" standard being the standard for such liability (known as publisher liability.)
It doesn't "clarify" (or have any bearing on) where the First Amendment would apply. (In fact, its only relevant when the First Amendment protection doesn't apply, since otherwise there would be no liability to address.)
[0] subsequent case law has also held that Section 230 has the effect of also insulating the parties it covers against distributor liability where that would otherwise apply, as well, but the language of the law was deliberately targeted at the basis for publisher liability.
* The First Amendment generally prohibits the government from enacting any laws or regulations that limit speech based on its content (anything you might reasonably call "moderation" would definitely fall into this category!).
* Private companies are not the government. Social media networks are therefore not obligated to follow the First Amendment. (Although there is a decent argument that Trump's social media network is a state actor here and is therefore constitutionally unable to, say, ban anybody from the network.)
* Recommendation algorithms of social media networks are protected speech of those companies. The government cannot generally enact a law that regulate these algorithms, and several courts have already struck down laws that attempted to do so.
* §230 means that user-generated speech is not treated as speech of these companies. This prevents you from winning a suit against them for hosting speech you think injures you (think things like defamation).
* §230 also eliminates the liability of these companies for their moderation or lack thereof.
There remains the interesting question as to whether or not companies can be held liable via their own speech that occurs as a result of the recommendation algorithms of user-generated content. This is somewhat difficult to see litigated because it seems everybody who tries to do a challenge case here instead tries to argue that §230 in its entirety is somehow wrong, and the court rather bluntly telling them that they're only interested in the narrow question doesn't seem to be able to get them to change tactics. (See e.g. the recent SCOTUS case which was thrown out essentially for this reason rather than deciding the question).
>A blog is speech, but I wouldn't say that deciding to operate a social media site is speech.
And if the police has reason to suspect that there is illegal gambling happening at your dinner party they can obtain a warrant to bust your party.
Hell even if your party is to loud and annoys the neighbours the police can and will shut it down.
In some cases this arises in US Constitutional law as the freedom of other people to seek and encounter the speech, though I'm not sure if there's a formal name for the idea. (e.g. "Freedom of Hearing".)
You don’t need to know all the laws of Mississippi to serve such customer, or any laws from anywhere else other than Italy.
And if you don't do business in the US there is only so much the US can do. Most importantly it can ask ISPs in the US to block your site. As they do for copyright infringement routinely.
We have all accepted that our countries block copyright violations originating from outside their jurisdiction.
But of course this is a disaster for the free internet. While copyright laws are relatively uniform world wide, so if you respect it locally you're probably mostly fine everywhere, incoming regulation like age verification and limits on social media use, or harassment stuff, is anything but uniform.
To some degree this is also maybe more shocking to people in the US, as the US norms have de facto been the internets norms so far. It is, in any case, not entirely new:
"When Germany came after BME for "endangering the youth" and demanded that I make changes to the site to comply with German law, my response was to simply not visit Germany again (and I'm a German citizen). When the US started to pressure us, we moved all of our servers and presence out of the country and backed off on plans to live in the US. No changes were ever made to the site, and no images were ever removed — if anything, the pressure made me push those areas even more."
https://en.m.wikipedia.org/wiki/BMEzine
How do we deal with the fact that we don't have a global mechanism for agreeing (socially and legally) on necessary regulations, whilemaintaining the social good that is a truly global internet?
They can order overflights to land to arrest you, if they so desire. They can also block you from the more-or-less all legitimate commerce globally with sanctions. And if they really don't like you, they can kill you without due process.
All of which the US has done to undesirables over the years, and can do again without any controls or checks or balances, to anyone globally.
With the internet it's a lot less clear cut. The user is requesting data from Italy, maybe, but is located in another jurisdiction. Add Cloudflare and the data might even be served from the US by a US company you asked to serve your illegal data.
It's becoming a shit show and is breaking up the global internet.
The current legal reality is a shitshow but I don't think that's inherent to the situation itself. gTLDs and foreign hosting services certainly complicate things, but then so does choosing to (physically) import supplies from abroad. I'm not convinced there's a real issue there at least in theory.
I think that a single "common carrier" type treaty unambiguously placing all burden on the speaker and absolving any liability arising from jurisdictional differences would likely fix 90% of the current issues. If I visit a foreign run site and lie about my country of residence in order to access material that isn't legal where I reside the only liable party in that scenario should be me.
Be careful what you put in that menu.
Except that in this case it's more like applying state sales taxes to online purchases. That has been a thing for years at this point.
Websites don't have to be a business or be related to one.
The US doesn’t have 50 different cultures with totally different values, but probably has like… 7.
Source: am from Kansas City.
No cities are on fire and there aren't raiding parties crossing the border.
Source: am from St. Louis.
Yes! Make a union of states! How should we call that? States Union... Union of States... United States! Yeah, that should work.
I think it's going to happen one way or another and the most peaceful way to do it would be sooner rather than later.
You’ve come up with more reasons not to split up the country, by pointing out some ways the other parts of the country might have trouble.
I think (correct me if I’m wrong) you disagree with the partisan jab at the end, not the actual line of argument.
At some point it makes more sense to pass such a law at the federal level since we end up there eventually either way.
Expecting laws to instead propagate from neighbor to neighbor as I accidentally suggested—this wasn’t what I meant to suggest, but in defense of the idea:
> At some point it makes more sense to pass such a law at the federal level since we end up there eventually either way.
I do think there still could be some value. Laws could propagate across states that are more receptive to them, and then people can see if they work or not. Porting Masshealth to the whole country at once seems to have been a little bumpy. If it has instead been rolled out to the rest of New England, NY, then down to Pennsylvania… might have gone a little smoother.
More like: look at the EU, extrapolate how it would look after a little more unification, and then take advantage of the fact that we’re made up of small states already that can group ourselves up as fits. Germany and France seem all-right, so we should organize ourselves into Germany and France size units.
Sounds more like a... Confederation? of states. Or maybe... a Confederacy?
Indeed. It has far more than that. The US is astonishingly diverse.
In your mind, are these all filled with people who look the same, sound the same, practice the same religion, immigrated from the same place?
Same goes for other countries as well. It’s insane.
If anything, communications between Mississippi and California would be interstate commerce and would thus fall under federal legal jurisdiction.
If I run a server in Utah primarily for myself, and you as a Californian happen to stumble upon it, should I have to abide by California privacy laws?
> should I have to abide by California privacy laws?
It seems these are the conditions:
As of January 1, 2023, your business must comply with both the CCPA and the CPRA if you do business in California and meet any one of the following conditions:
* Earned $25 million in gross annual revenue as of January 1 from the previous calendar year
* Annually buys, sells, or shares the personal information of 100,000 or more California consumers or households
* Derived 50% or more of your gross annual revenue from the selling or sharing of personal information
Also lots of states have their own data privacy laws.
https://iapp.org/media/pdf/resource_center/State_Comp_Privac...
And yes, in this particular circumstance for this specific law as currently written a private blog doing it's own normal things probably wouldn't infringe or be subject to these rules.
But what about a Utah focused social media site that does have $25M in revenue? It's not trying to court California users. Why should they have to be liable to laws in a state they never intended to do business in? It's these Californians leaving California to interact with an org across state lines. Whatever happened to state sovereignty? Should an Oklahoman be required to buy only 3.2% beer in Texas as well or have some Texas beer and wine shop face the wrath of Oklahoma courts for serving an Okie some real beer?
Where did that web transaction actually happen? On the client or on the server? Where did the data actually get stored and processed?
IMO we're past the time of patchwork laws. The social experiment of figuring out what makes some sense is largely over at least for the basics. It's time for real federal privacy laws to make a real, enforceable nationwide policy.
> It's not trying to court California users.
The point that is being made, is that even a site generally designed and expected to be used by Utah citizens can become liable to Californian law because a Californian created an account.
If you actually sell things to Californians that's different. At that point, yeah, I think you _should_ be subject to California law. You're doing the equivalent of mail order business with a resident after all.
204 more comments available on Hacker News