They're right to point out that laws like this are primarily motivated by government control of speech. On a recent Times article about the UK's Online Safety Act:
> Luckily, we don’t have to imagine the scene because the High Court judgment details the last government’s reaction when it discovered this potentially rather large flaw. First, we are told, the relevant secretary of state (Michelle Donelan) expressed “concern” that the legislation might whack sites such as Amazon instead of Pornhub. In response, officials explained that the regulation in question was “not primarily aimed at … the protection of children”, but was about regulating “services that have a significant influence over public discourse”, a phrase that rather gives away the political thinking behind the act. They suggested asking Ofcom to think again and the minister agreed.
> "They're right to point out that laws like this are primarily motivated by government control of speech. On a recent Times article about the UK's Online Safety Act:"
Err, BlueSky is enthusiastically complying with that one (as you read by clicking through to their corporate statement),
> "We work with regulators around the world on child safety—for example, Bluesky follows the UK's Online Safety Act, where age checks are required only for specific content and features... Mississippi’s new law and the UK’s Online Safety Act (OSA) are very different. Bluesky follows the OSA in the UK. There, Bluesky is still accessible for everyone, age checks are required only for accessing certain content and features, and Bluesky does not know and does not track which UK users are under 18. Mississippi’s law, by contrast, would block everyone from accessing the site—teens and adults—unless they hand over sensitive information, and once they do, the law in Mississippi requires Bluesky to keep track of which users are children."
It's bold of them to attempt to shift the Overton Window in this way ("OSA is actually moderate and we should hold it up as an example of reasonableness to criticize other censorship laws against"). That happened fast.
They absolutely took control of Luigi. Rather than becoming a revolutionary icon who inspired people to water the tree of liberty with the blood of capitalists, he got turned to a meme, co-opted, defanged and reduced to nothing, like a Che Guevara t-shirt.
They don't actually care about the block or ban, they just want to put in enough token effort that a judge in the area will feel that it was reasonably done. It's performative for the legal system.
... but any replacement you build will, in practice, have to include a single centralized "relay" that aggregates all content. Since that's a lot of content, it has to be run by a big, easily found, easily pressured organization. And everybody "porting their accounts across" means a flag day that's going to be almost impossible to organize in practice. It'd effectively be just as much work as switching to an entirely new protocol.
Maybe you could theoretically have an AT "app view" that takes data from multiple relays, but nothing in the implementation does anything to support that, and as far as I know nothing in the protocol does anything to help it discover the relays... which in practice means that even if you extend the app views to use multiple relays, there will never be more than a handful of relays with meaningful reach.
The AT protocol is at best a really crappy excuse for decentralization. And frankly a pretty poor example of open source too, given the usability and organization of the code they release.
Compare with, say, Nostr, which is actually decently decentralized... but, in not-unrelated news, suffers from massive content discovery problems. Or compare with Briar, which is even more decentralized but has both discovery and scaling problems. Or for that matter Usenet.
(I personally don't think Bluesky is a bad idea and I'm glad for more things in the ecosystem. But the point of decentralizing isn't just to protect against editorial constraint by the service owner; it's to protect against government pressure too. Mississippi could go after Mastodon service providers, but it'll cost them a lot more to find and chase 'em all).
If you think technology will protect you from censorship look at China. They can stop all but the most persistent users. It is just a question of how much they care to; they have the means. And most users are closer to Homer Simpson than Edward Snowden.
If you get 75% coverage (or let's say the 5 biggest ISPs here, comcast and so on) you don't need to really chase the long tail of small providers that hard. It would effectively be unavailable to non technical people at that point.
Universities? The primary revenue source for basically 100% of US universities is the federal government. The concept of a private university in the US is little more than a legal technicality.
They don't need to. If only 1% of the people are able to access censored content and therefore hold censored ideas, the majority will treat them as crazy pariahs.
It's the same mechanism that makes us consider the 1% of flat earthers crazy. Sadly the mechanism works based on how many people believe a thing, not whether it's true, so it can also block true things if only 1% of people believe them.
We think flat earthers are crazy because it is a fairly trivial thing to prove them wrong. If you believe something that is that easily disproved AND widely understood to be so, there is clearly something wrong with you.
We don't think that people who think there's a bearded man in heaven are crazy, even if that's crazier than thinking earth is flat.
We don't think they are crazy because they are not 1%, they are majority.
Most people think flat earthers are crazy not because they proved them wrong. Just most people around them think flat earthers are crazy and that's enough.
No we think flat earthers are crazy because it's trivial to prove wrong, whereas religious belief is a matter of faith that can't really be proven one way or the other, regardless of how silly the belief is.
There is no way to prove that the earth isn't actually flat but every observation conspires to make it look round. For instance some flat earthers say that the atmosphere reflects light in the exact way that makes it look round.
Take any phenomena on a globe earth, describe the exact same thing in flat earth coordinates and then say that everything weird in the equations is a new physical effect you just discovered.
If every observation conspires to make it look round, it's round because observation is all we have. Refusing to accept observational evidence that forms a coherent explanation is either anti-science or anti-definition-of-words. This justification for flat earth exits the realm of scientific inquiry and enters the realm of Cartesian evil demons, a hypothesis even Descartes rejected.
China isn't an example of the impact of poltics vs technology because chinese people generally don't use de-centralized or private tech in the first place
Mississippi can’t unless they can establish personal jurisdiction over a specific Mastodon operator. Which if that instance’s owner/operators don’t live in Mississippi, probably requires a novel application of the Zippo test [1] that’s a bit questionable for how noncommercial Mastodon tries to be.
This proves that Bluesky isn't decentralized. Children shouldn't view pornography, but I am worried about state abuse of the controls necessary to prevent it. Every scheme that isn't full-Orwell creates black markets. They all seem to be an excuse to eventually blanket ban VPNs.
And I could keep going. But point being there are a thousand alternative frontends and every other bit or piece to interface with the same bluesky without censorship.
And the only user facing components are the frontend and the PDS. The appview can't even see the user's IP, only the PDS it proxies through. So if you move to an independent PDS and use any third party frontend, even if you use the bluesky PBC appview, there is no direct contact/exposure to the company that could be exploited.
The client/frontend calls out to a set of XRPC endpoints on the user's PDS. The user can use any PDS they want but yes most users are on the bluesky "mushroom" PDSes. There are plenty of open enrollment PDS nowadays if you care to look around and want to switch away.
The appview have no ability to interact with the user directly so if you use any non bluesky PDS and non-bluesky client/frontend (both relatively trivial to do), then the appview is basically a (near) stateless view of the network which you can substitute with any appview you want (the client can choose the appview to proxy to with an http header) without ever touching bluesky the company.
And of course there are multiple appview hosts. As well as relay hosts (which the appviews depend on but not the user/client).
There are plenty of ways to go about using bluesky without yourself or the services you use ever touching bluesky the company's infrastructure.
Edit: I mistook the bsky.sh domain, my bad. Can't get strike through to work for the life of me. I give up.
~~Bluesky blocked in Mississippi, try to work around it, only for the resource that tells you how to do this to be hosted on Bluesky, which is blocked. That's... suboptimal~~.
I can't help but feel like Bluesky is just three corporations in a trenchcoat pretending to be an open federated ecosystem.
Bluesky is not decentralized. The AT protocol is - albeit with few large integrators besides Bluesky, but it isn't susceptible to like 51% attacks or anything so that's mostly okay.
Does it actually? (Genuine question.) The article doesn't get into specifics about how the block is implemented, but I wouldn't be surprised if there is some non-trivial way around it.
Or, conversely, I'm unsure if other decentralized platforms would be unable to implement a similar block.
The client checks https://bsky.app/ipcc locally on startup, and if the json object it gets contains "isAgeBlockedGeo : true" it displays the block message.
ublock origin filters can replace the contents of any page using regex.
TLDR it's a single geoloc RPC call clientside. you can just tag it with an adblock filter to kill it. Or use any third party client (my comment to OP has a bunch of them listed).
Interesting though: I wonder how long til site host lists and ad filters start shipping anti-censorship lists and features. We know some DNS provider is already doing it. (I forgot which one)
They're right to point out that laws like this are primarily motivated by government control of speech. On a recent Times article about the UK's Online Safety Act:
> Luckily, we don’t have to imagine the scene because the High Court judgment details the last government’s reaction when it discovered this potentially rather large flaw. First, we are told, the relevant secretary of state (Michelle Donelan) expressed “concern” that the legislation might whack sites such as Amazon instead of Pornhub. In response, officials explained that the regulation in question was “not primarily aimed at … the protection of children”, but was about regulating “services that have a significant influence over public discourse”, a phrase that rather gives away the political thinking behind the act. They suggested asking Ofcom to think again and the minister agreed.
https://www.thetimes.com/comment/columnists/article/online-s...
> "They're right to point out that laws like this are primarily motivated by government control of speech. On a recent Times article about the UK's Online Safety Act:"
Err, BlueSky is enthusiastically complying with that one (as you read by clicking through to their corporate statement),
> "We work with regulators around the world on child safety—for example, Bluesky follows the UK's Online Safety Act, where age checks are required only for specific content and features... Mississippi’s new law and the UK’s Online Safety Act (OSA) are very different. Bluesky follows the OSA in the UK. There, Bluesky is still accessible for everyone, age checks are required only for accessing certain content and features, and Bluesky does not know and does not track which UK users are under 18. Mississippi’s law, by contrast, would block everyone from accessing the site—teens and adults—unless they hand over sensitive information, and once they do, the law in Mississippi requires Bluesky to keep track of which users are children."
https://bsky.social/about/blog/08-22-2025-mississippi-hb1126
It's bold of them to attempt to shift the Overton Window in this way ("OSA is actually moderate and we should hold it up as an example of reasonableness to criticize other censorship laws against"). That happened fast.
And surprise surprise, it's in the name of "protecting children", the same thing red blooded Americans have been falling for for decades.
Who is failing to protect them from what?
Some people would say "this is exactly why we can't have good things".
“services that have a significant influence over public discourse”
This may show paranoia but all these things that are happening recently kinda add up to preparation for war.
In the tiktok ban case we know its reintroduction and passong was because it allowed criticism of Israel, at least according to the people that reintroduced it and got it passed https://www.kenklippenstein.com/p/tiktok-ban-fueled-by-israe...
Israel and Luigi have them spooked. Two incidents where they've completely lost control of the narrative.
Israel, maybe, but Luigi, definitely not.
They absolutely took control of Luigi. Rather than becoming a revolutionary icon who inspired people to water the tree of liberty with the blood of capitalists, he got turned to a meme, co-opted, defanged and reduced to nothing, like a Che Guevara t-shirt.
https://archive.is/3pave
Other thread: https://news.ycombinator.com/item?id=44989125
How exactly can a website restrict itself in a single state?
They're blocking IPs that look Mississippi-ish. I assume just using Maxmind or some other IP geolocation database.
Badly. Anyone whose IP has recently been geolocated in that state will be swept up in the ban (and anyone with a VPN can evade it)
They don't actually care about the block or ban, they just want to put in enough token effort that a judge in the area will feel that it was reasonably done. It's performative for the legal system.
No, not performative or token.
Blocking via geoip is a reasonable, best effort method in this case. It's doing a best effort to comply.
So not merely for performance without true compliance, or tokenism, which courts really frown upon.
IP geolocation
Its actually really simple but its not perfect.
Reminder that Bluesky is not decentralized, and can be censored or bought out just like Twitter.
AT protocol is open source.
Bluesky is private but the underlying mechanism is OSS and accounts are portable.
Go build the replacement and people can port their accounts across.
... but any replacement you build will, in practice, have to include a single centralized "relay" that aggregates all content. Since that's a lot of content, it has to be run by a big, easily found, easily pressured organization. And everybody "porting their accounts across" means a flag day that's going to be almost impossible to organize in practice. It'd effectively be just as much work as switching to an entirely new protocol.
Maybe you could theoretically have an AT "app view" that takes data from multiple relays, but nothing in the implementation does anything to support that, and as far as I know nothing in the protocol does anything to help it discover the relays... which in practice means that even if you extend the app views to use multiple relays, there will never be more than a handful of relays with meaningful reach.
The AT protocol is at best a really crappy excuse for decentralization. And frankly a pretty poor example of open source too, given the usability and organization of the code they release.
Compare with, say, Nostr, which is actually decently decentralized... but, in not-unrelated news, suffers from massive content discovery problems. Or compare with Briar, which is even more decentralized but has both discovery and scaling problems. Or for that matter Usenet.
Can you elaborate on that? I thought you could run your own instance and your identity was in the EDID.
In theory, but is that actually the case today? I couldn't find any information about the current state of federation for Bluesky.
Contrast this with Mastodon which already has a vibrant federated ecosystem.
Most people will never learn. It's an endless cycle.
https://archive.is/r8cfH
Meanwhile, nothing has changed on Mastodon.
(I personally don't think Bluesky is a bad idea and I'm glad for more things in the ecosystem. But the point of decentralizing isn't just to protect against editorial constraint by the service owner; it's to protect against government pressure too. Mississippi could go after Mastodon service providers, but it'll cost them a lot more to find and chase 'em all).
If you think technology will protect you from censorship look at China. They can stop all but the most persistent users. It is just a question of how much they care to; they have the means. And most users are closer to Homer Simpson than Edward Snowden.
Mississippi would have a hell of a time convincing every ISP in the US to put up a firewall too.
They could try, but not even China could build an impregnable firewall.
They don't have to go after all of them, they just have to make an example of one. See: qwest's Joseph Nacchio: https://en.m.wikipedia.org/wiki/Joseph_Nacchio
God, Nacchio's story is infuriating.
"Sorry, you can't use this evidence that exonerates you - it would be bad for the government."
If you get 75% coverage (or let's say the 5 biggest ISPs here, comcast and so on) you don't need to really chase the long tail of small providers that hard. It would effectively be unavailable to non technical people at that point.
AT&T, Comcast, C-Spire. I don't know anyone who is on anything else here unless it's through a university.
I heard from a friend that went to China and the hotel staff right away asks if they want to VPN their room.
Using a staff provided VPN sounds iffy.
six months ago I would have said the same thing about US universities.
Universities? The primary revenue source for basically 100% of US universities is the federal government. The concept of a private university in the US is little more than a legal technicality.
They don't need to. If only 1% of the people are able to access censored content and therefore hold censored ideas, the majority will treat them as crazy pariahs.
It's the same mechanism that makes us consider the 1% of flat earthers crazy. Sadly the mechanism works based on how many people believe a thing, not whether it's true, so it can also block true things if only 1% of people believe them.
We think flat earthers are crazy because it is a fairly trivial thing to prove them wrong. If you believe something that is that easily disproved AND widely understood to be so, there is clearly something wrong with you.
We don't think that people who think there's a bearded man in heaven are crazy, even if that's crazier than thinking earth is flat.
We don't think they are crazy because they are not 1%, they are majority.
Most people think flat earthers are crazy not because they proved them wrong. Just most people around them think flat earthers are crazy and that's enough.
No we think flat earthers are crazy because it's trivial to prove wrong, whereas religious belief is a matter of faith that can't really be proven one way or the other, regardless of how silly the belief is.
They're just different.
There is no way to prove that the earth isn't actually flat but every observation conspires to make it look round. For instance some flat earthers say that the atmosphere reflects light in the exact way that makes it look round.
Take any phenomena on a globe earth, describe the exact same thing in flat earth coordinates and then say that everything weird in the equations is a new physical effect you just discovered.
That's a void argument.
If every observation conspires to make it look round, it's round because observation is all we have. Refusing to accept observational evidence that forms a coherent explanation is either anti-science or anti-definition-of-words. This justification for flat earth exits the realm of scientific inquiry and enters the realm of Cartesian evil demons, a hypothesis even Descartes rejected.
Then we need to make every user the most persistent user. How many governments have given up because Tor Browser ships anti-censorship defaults?
technology does not work unless you use it
What does that mean?
China isn't an example of the impact of poltics vs technology because chinese people generally don't use de-centralized or private tech in the first place
On a side note I have very credible source telling that China might want open up the Internet "in a matter of days"
idk how "open" would this mean but drastic changes are coming.
Mississippi can’t unless they can establish personal jurisdiction over a specific Mastodon operator. Which if that instance’s owner/operators don’t live in Mississippi, probably requires a novel application of the Zippo test [1] that’s a bit questionable for how noncommercial Mastodon tries to be.
[1] https://en.wikipedia.org/wiki/Personal_jurisdiction_in_Inter...
Or they pick a few and make an example out of them.
I believe the example would be "Good luck with that I'm in Germany."
That would be mastodon.social, yes, but there's lots of instances that are not.
Like I run one and I'm in Louisiana and I sure do not have the funds to mount a legal defense.
Sounds like a failure to properly build a threat model. Consider relocating your instance and begin using privacy mitigations like VPN.
Much cheaper than an attorney.
You reap what you sow.
This proves that Bluesky isn't decentralized. Children shouldn't view pornography, but I am worried about state abuse of the controls necessary to prevent it. Every scheme that isn't full-Orwell creates black markets. They all seem to be an excuse to eventually blanket ban VPNs.
This proves that Bluesky is not decentralised, btw.
FWIW the only "site that goes dark" is the https://bsky.app website frontend/mobile app.
And the "block" is a single clientside geo-location call that can be intercepted/blocked by adblock, etc.
And the "block" doesn't apply to any third party clients. So that includes:
- https://deer.social (forked client)
- https://zeppelin.social (forked client + independent appview)
- https://blacksky.community (forked client + independent appview + custom rust impl of PDS + custom rust impl of relay)
And a bunch of others like:
- https://anisota.net/
- https://pinksky.app/
- https://graysky.app/
And I could keep going. But point being there are a thousand alternative frontends and every other bit or piece to interface with the same bluesky without censorship.
And the only user facing components are the frontend and the PDS. The appview can't even see the user's IP, only the PDS it proxies through. So if you move to an independent PDS and use any third party frontend, even if you use the bluesky PBC appview, there is no direct contact/exposure to the company that could be exploited.
but Bluesky runs the API that all of these tools rely on
No it does not. That is the trick.
The client/frontend calls out to a set of XRPC endpoints on the user's PDS. The user can use any PDS they want but yes most users are on the bluesky "mushroom" PDSes. There are plenty of open enrollment PDS nowadays if you care to look around and want to switch away.
The appview have no ability to interact with the user directly so if you use any non bluesky PDS and non-bluesky client/frontend (both relatively trivial to do), then the appview is basically a (near) stateless view of the network which you can substitute with any appview you want (the client can choose the appview to proxy to with an http header) without ever touching bluesky the company.
And of course there are multiple appview hosts. As well as relay hosts (which the appviews depend on but not the user/client).
There are plenty of ways to go about using bluesky without yourself or the services you use ever touching bluesky the company's infrastructure.
Where does the firehose stream originate? From individual PDSes, or from the Bluesky relay that aggregates their repo events?
How do I do this then?
Everything but the relay (but you'd realistically only need the PDS): https://alice.bsky.sh/post/3laega7icmi2q
The relay: https://whtwnd.com/bnewbold.net/3lo7a2a4qxg2l
Edit: I mistook the bsky.sh domain, my bad. Can't get strike through to work for the life of me. I give up.
~~Bluesky blocked in Mississippi, try to work around it, only for the resource that tells you how to do this to be hosted on Bluesky, which is blocked. That's... suboptimal~~.
I can't help but feel like Bluesky is just three corporations in a trenchcoat pretending to be an open federated ecosystem.
so basically you can run a cache for them and they have the final say on all accounts/ids because nobody will see any federated content anyway.
you progress the grand parent comment point, with a lot more words.
Bluesky is not decentralized. The AT protocol is - albeit with few large integrators besides Bluesky, but it isn't susceptible to like 51% attacks or anything so that's mostly okay.
Does it actually? (Genuine question.) The article doesn't get into specifics about how the block is implemented, but I wouldn't be surprised if there is some non-trivial way around it.
Or, conversely, I'm unsure if other decentralized platforms would be unable to implement a similar block.
The client checks https://bsky.app/ipcc locally on startup, and if the json object it gets contains "isAgeBlockedGeo : true" it displays the block message.
ublock origin filters can replace the contents of any page using regex.
TLDR it's a single geoloc RPC call clientside. you can just tag it with an adblock filter to kill it. Or use any third party client (my comment to OP has a bunch of them listed).
Interesting though: I wonder how long til site host lists and ad filters start shipping anti-censorship lists and features. We know some DNS provider is already doing it. (I forgot which one)
[dupe]
Source: https://news.ycombinator.com/item?id=44989125