Get the top HN stories in your inbox every day.
mvdwoord
2ndorderthought
Utah hosts I think the biggest nsa data center.
Honestly, I would like my ISP to block all traffic to and from Utah if this law passes. I can't think of anything I want or need that involves that state.
Bender
Unfortunately it does not work that way unless perhaps I am misunderstanding your comment. The traffic monitored by the NSA will pass through their collection points in each state and will be silently mirrored to them regardless of the routing of your ISP. Even if your specific ISP does not mirror data the traffic will very likely pass through ISP's that do.
2ndorderthought
I think you misread me. I just meant, if companies are liable for VPN users in Utah, don't even let me connect to anything in Utah. I'm good.
I realize all my traffic gets siphoned there regardless more than likely anyways.
red-iron-pine
yeah this be the answer.
the Utah DC is just storage. NSA copies whatever it wants to locally and backs it up in Utah.
Only way you gonna avoid that is to use a meshnet that avoid major ISPs
mvdwoord
Without it being good or bad (long term, second order effects), I do think all of these (proposed) laws and where we are heading will balkanize the internet. Alternative tech may sound appealing to the tinkerers, and they may keep certain important channels alive (think radio amateurs... they know this game) but for the masses? I already happily block entire countries or regions to my VPS as there is zero benefit for me to not drop them at the FW level.
2ndorderthought
I wish there was an easy way to geolocate ip addresses by us state. It's not too hard to block everything from say russia.
flemhans
Which countries are you already blocking?
paulddraper
Skiing
nine_k
I hope e.g. Colorado has better Internet regulations, so I could do my skiing there instead.
2ndorderthought
I'm good, plenty of other things to do with my time and money.
shaftoe
I'm confused where all of this censorship is originating from. What wave of efforts is culminating? I can't really explain this from any movement I can see.
OccamsMirror
It's all coming from Meta: https://www.yahoo.com/news/articles/reddit-user-uncovers-beh...
Big tech wants regulatory capture.
progval
There is no evidence it is actually coming from Meta. The Reddit researcher the article cites generated their entire "analysis" in three days using Claude: https://news.ycombinator.com/item?id=47659552
Their website also added this page since I posted that comment: https://web.archive.org/web/20260411112604/https://tboteproj... where they claim their website is under "surveillance" because it got a few thousand requests from Google Cloud et al, most of them to a single page. This shows how low their standards are.
uncircle
I keep reading this but I don't understand how a company might want to push censorship on users. What is the economic benefit of censorship? Does Meta's bottom line increase if there is no illegal content and every user is age verified on the site? Would Meta care if you use a VPN?
The ones that stand to benefit the most are the governments themselves and their surveillance network.
mannanj
And Meta is captured by spy agencies. Don't be tricked at any point into thinking this is just a tech thing. And, spy agencies, who captured them?
2ndorderthought
It looks like a coordinated effort from multiple defense companies like meta, and I believe openai, and I think palantir.
red-iron-pine
palantir got all of the social security numbers in the US and now want to correlate all traffic against them.
yalls gonna have "social credit" scores real soon
tailscaler2026
Yep. I brought this up yesterday on the Roblox thread but HN has been ingesting the propaganda for too long to understand their beliefs about Roblox are misled.
Time to adjust your priors y'all. This is a concentrated effort toward surveillance, controlling who we talk to, and what information we're fed.
TiredOfLife
Also Soros and the lizard people of Venus. Surprisingly lizard people of Mars are against it.
Aurornis
> What wave of efforts is culminating? I can't really explain this from any movement I can see.
Look at any thread about social media, TikTok, smartphones, or porn sites on Hacker News: They are instantly filled with comments claiming that the internet is to blame for all of society's ills with younger generations. The HN threads fill with comments proposing that we ban children from having smartphones until they're 16 or 18 and similar ideas. Abstract ideas about banning kids from social media or porn sites are weirdly very popular even here, mostly from people who haven't thought about what that would mean for privacy for everyone.
These ideas have become pervasive, even inside tech communities. It was so easy to blame social media and the internet for everything for years, and now lawmakers are riding that wave for political points. It's "think of the children" built on top of the current moral panics.
wartywhoa23
> Abstract ideas about banning kids from social media or porn sites are weirdly very popular even here
It's absolutely not weird. HN is the propaganda outlet for the geeks.
mvdwoord
Maybe the desire is always there, but somehow the momentum is just in an upswing now?
2ndorderthought
They finally have the tools to mass read everything aka LLMs. Does that make sense?
verdverm
Heritage Foundation, Meta, and generally the Oligarchy
Guestmodinfo
My guess is bots. Govts and law makers are afraid of the barrage of bots DDOSing them so they are slowly and surely tightening the noose around the internet. I'm all for net neutrality and anonymity on the internet and I don't like the age laws one bit, but I too am afraid of the bots scorching the internet. I still hate these growing dystopian laws but I also want the bots to be driven away from the "human internet" .
bilbo0s
It's the inevitable culmination of their plan.
Pretend to be anti-censorship. Get voted in. Fast track all of the censorship and surveillance through congress.
When I saw certain billionaires talking up anti-censorship and anti-surveillance a few years ago, I knew we would be screwed. (I knew the same billionaires had large positions in censorship and surveillance tech.) No one ever talks against their own book unless they're planning on screwing you.
wartywhoa23
Easy: from the fascist psychopaths at the whelm of the world.
People started to understand too much about who's the real enemy, and are not willing to kill and die in meatgrinders of the new world order for the interests of the unelect 0.001%.
deknos
> What will we end up with? Only attested modems / endpoints in the home?
you might laugh/cry, but there was a time in germany, when the telephone at home was owned by the state (the "Post") and you were NOT allowed to tinker with it.
personally, i guess, things like sneakernet, lorawan and hamradio will become a lot more popular over time.
butvacuum
Same for the US- until the feds broke up Bell between 1974 and 82. but, there were no technical hurdles. Anybody have a toy whistle?
rationalist
My understanding is that the phone company owned the phone, not the state.
redman25
Doesn’t ham radio not allow transmissions to be encrypted by law? That rules out most of the internet.
tardedmeme
That is true. They can be authenticated, though. I don't think it should be read as ham radio specifically, but (illegal, pirate) amateur use of radio more generally.
undefined
mvdwoord
Same in NL... we used to rent our telephones from the "PTT".
mr-wendel
My pet theory is that network protocols will evolve to require some kind of certificate-based signing to uniquely identify individuals and groups. Hardware and operating systems will have legal mandates to enforce this. Penalties for carrying unsigned traffic will be stiff.
The “upsides” will be plentiful! User verification schemes will be streamlined like never before. If you think there are downsides… well, just think of the kids, damn it!
pseudosavant
When discussing Utah, you shouldn't ignore the role that Mormonism's theocratic authoritarian culture and embrace of the MAGA movement has had. Human rights, like right to privacy, will always be trampled by their desire to legislate their morality. The Utah territory was literally founded as a theocracy.
Barrin92
exactly, there's an entire commercial ecosystem for this too, so called 'shameware' (or in their own parlance 'accountability software') apps that exists to put you under religious surveillance (https://archive.ph/RkgYn)
I really hate this tinfoil hat nonsense you see here every day now, Utah is not censoring online content because of tech bros in California lol.
rapnie
> I am completely baffled by this wave of new laws and proposals... they feel dystopic
Baffled? The whole country's democracy is diving off this cliff, seems to me.
martin-t
It's not just the US though, EU too.
I don't like far fetched conspiracy theories but I really want to know where all this is coming from. Did politicians suddenly all get the same idea or are there groups lobbying for this who benefit in terms of money/power?
tardedmeme
The EU has different norms. Bafflingly to me, it feels like the EU had an existing expectation of linking everything you do to your full name and address and then trusting the police to stop you getting swatted. I don't understand this attitude myself but you can see it in impressum laws for example, business registrations, needing your personal info to give feedback to parliaments, it's clearly a pervasive social norm over there. I suppose the reason they don't get swatting is that the police will verify the ID of the person who calls in the report.
wartywhoa23
It's the whole world.
I'm sorry to tell this, but everyone will soon realize that the far-fetched conspiracy theories are in fact severly underestimated conspiracy practices.
If they still have any remaining gut to face the reality, that is.
altairprime
One could infer that they’re trying to make porn illegal in their legislature’s desire to build the United and Puritanical States of America, which itself stems from the hope that increasing the internal sexual pressures in men will reverse the growing trend of intolerance for misogyny among both men and women. That reversal most benefits today’s adherents of misogyny, a population that is strongly represented in Utah, and comes at a cost — viewed as a net transfer of control from women to men — that is societally acceptable for them to make subservient women pay. (If this were various other states like South Carolina or Oregon, I’d point out the usual labor-economics connection to replacing more-illegal race-based slavery with less-illegal gender-based slavery now that the former’s illegal, but Utah’s home to a large religious group that has and remains focused on the gendered form first, so it doesn’t seem applicable here.)
Spooky23
The people making these decisions are religious fanatics. They don’t care.
This is one of the reasons why the purge of the federal government and military has happened. Surveillance state stuff was pretty scary from day 1… doubly so now that the leadership is all toadies who will remain embedded for decades.
bigbadfeline
> I am completely baffled by this wave of new laws and proposals...
I'm not surprised in the slightest, the direction's been clear for more than 20 years now, so I've stopped looking for technical solutions, they will always be stop-gap measures if politics isn't fixed.
davideg
EFF has a similar article: https://www.eff.org/deeplinks/2026/04/utahs-new-law-regulati...
The bottom line:
> if a website cannot reliably detect a VPN user's true location and the law requires it to do so for all users in a particular state, then the legal risk could push the site to either ban all known VPN IPs, or to mandate age verification for every visitor globally.
Clearly anyone slightly sophisticated can bypass restrictions like this. A quick search reveals https://github.com/shadowsocks. This only harms regular users who might benefit from privacy. The dystopia levels continue to rise...
bloppe
There's tension between this law and the 14th, 5th and 1st amendments.
Due process doctrine from the 5th and 14th establish unconstitutional vagueness. A law cannot be so vague as to be impossible to comply with. This law requires websites to enforce a ban based on information they don't have access to. Without explain how they might possibly achieve that aim, it can be considered unconstitutionally vague.
The 1st amendment requires that a law restricting free speech use the least restrictive means possible to achieve it's aim. Due to the vagueness of how to comply on a technical level, the only possible way to comply would be to require global identity verification based on Utah's standards. I don't think that would pass a least restrictive means test.
Nifty3929
I'm not convinced. I use a VPN basically always, and frequently get blocked by VPN detectors. It's not perfect - sometimes switching VPN servers/providers gets me past it, but websites can employ VPN-detection technology. Then they just block you, which is what this is all about. Force companies to start blocking VPN traffic. It'll be at the individual site level for a while, then at the ISP level in a few years.
docjay
In a single sentence you explained how trivial it is to get around the current technology, then said they can just use the same thing. It’s so simple, just make it perfect and use it?
Nifty3929
VPNs are on their way toward being banned and/or heavily regulated. I imagine what will happen is a requirement for VPN providers to "know your customer" just as banks do, and for them to be able to tie a particular traffic stream back to a specific human.
mrbluecoat
How will they ban self-hosted VPNs? https://mrbluecoat.blogspot.com/2025/08/self-hosted-vpn-opti...
nunez
Easily.
Host them on the cloud providers? You get banned.
Host them in your homelab and the ISP finds out? You get your Internet cut.
How will either of them find out? IP addresses and/or DPI.
All it'll take is an executive order or an act of Congress.
bloppe
Truly enforcing this kind of ban would require a level of control over the internet much greater than China's. They actually do ban VPN use, yet plenty of Chinese people still use them, and not due to lack of trying on the part of the enforcers. You can basically never plug all the holes without essentially shutting off the whole internet.
China spends roughly $6.6B censoring their internet every year [1]. Much of that probably goes to "guiding" public opinion as opposed to simply removing undesirable content, but factoring in purchasing power parity of labor and parts, let's assume the US would spend roughly the same amount just to enforce a VPN ban mostly effectively. That doesn't sound like a position that will win elections.
[1]: https://jamestown.org/buying-silence-the-price-of-internet-c...
semiquaver
"IP from a datacenter" doesn't work in practice to detect VPNs.
At work we set up a compliance-related service recently and used the AWS WAF rules to block known datacenter ranges with the goal of blocking bots and VPNs.
We had to disable that rule almost immediately because a large majority of VDI (Virtual Desktop Infrastructure) solutions are hosted in or at least egress from big cloud providers.
It wasn't possible to block AWS/GCP IP ranges without also blocking legit usage from real customers.
mycall
There are plenty of other ways to virtual data without a VPN, e.g. sockpuppets, ipfs, etc. Since data tends to drift towards being free, it is a game of wack-a-mole.
ozlikethewizard
You'd also need to ban VPNs in other countries, which you cant, so short of stripping all access to the internet outside of America there's not a lot you could realistically do.
thfuran
Ban them, demand GitHub et al take down the illegal repos, hit up Microsoft for records of everyone who ever downloaded them, hosting providers for customer records, and ISPs for lists of customers with VPN-shaped traffic between themselves and their hosting provider. Or if they’re lazy, just demand that the hosting providers sort it out.
ozlikethewizard
This assumes US citizens using exclusively US based VPNs. You'd have to block all outside internet access as well, or you cannot stop someone in the US using a VPN based in another country (short of IP whackamole).
bethekidyouwant
What are you talking about what? What illegal repo? SSH? Socks? That doesn’t make any sense dude
lokar
The question is not how will they ban it, they just pass a law.
The question is how and when will they enforce it. When they get access to your devices for some other reason, they will see it. It will give them another easy to prosecute law to use against you.
quietsegfault
Right. The arbitrary nature of enforcement is a feature.
leshenka
Easy:
- know ip ranges of popular cloud providers and deny service. Not bulletproof but enough to make it a pain in the ass so people don’t bother
- make it illegal to offer this kind of service for the purpose of evading location detection. Put pressure on Apple and Google, force them to remove vpn apps
You guys need to start reading on Russia's war on internet and treat it as a cautionary tale
wilkystyle
"Utah to hold Cloud providers liable for failing to police self-hosted VPNs on their infrastructure"
kiba
Seems like they will do that too.
m463
how will they ban the icloud proxy? Or is it not really a vpn?
or the firefox vpn?
nunez
So they're asking ISPs to build the Great Mormon Firewall, basically. Cool, cool cool, cool, cool.
I'm more scared that there is a push to do this federally, as that will, effectively, be tantamount to establishing explicitly state-controlled media.
y-c-o-m-b
I gather that's what all the sneaky bills introduced over the last decade banning encryption were attempting to do. They absolutely want this at the federal level.
pbasista
What is the motivation for such a measure? In other words, which problem is it trying to solve? And how it is supposed to do so?
I think that we should not carelessly invent laws that just "sound good" to some lawmakers but have no real fact checking done to support them and are not backed by science.
Because, in my opinion, then there is a high risk that these "good intentions" will backfire spectacularly. While not getting even close to achieve the desired effect.
tardedmeme
I believe the perceived problem is that people in Utah are watching porn.
ventana
It is frightening to see how the latest anti-VPN developments in Russia [1] are somewhat replicated by some US states. For those not following, VPNs are widespread in Russia after the government started blocking popular messengers such as Telegram and websites such as YouTube, and a few weeks ago Russian government instructed major Russian websites (banks, VK social network, etc.) to stop serving users if the website detects the user uses VPN. I read this Utah news as something very similar: an attempt to reduce VPN usage by forcing the websites to collaborate. Feels very wrong to me.
[1]: https://www.techradar.com/vpn/vpn-privacy-security/russias-m...
bilsbie
I really miss the 90s. Can someone make a new internet that’s like that?
Nifty3929
Me too! Where is the wild-west? The independent sites and dark corners with weird stuff? Those were fun times. It felt like I was an explorer in a new place helping to also build and contribute to that place. Now it's basically like interactive TV or something.
Are BBS's still a thing?
kstrauser
This is the stupidest idea I’ve heard recently. Way to go, Utah.
My home router has a built in VPN server. When I’m out running around, my iPhone can route traffic through my house. Pray tell, o sage Utah legislature chucklefucks, how is anyone expected to tell that I’m accessing a website from a hotel in Berlin instead of my house in California? (Which is why we used it last time: I configured my travel router to use that same VPN so we could watch American Netflix at night before bedtime when we just wanted something familiar to relax with.)
Honestly, this is the new “pi equals 3” legislation. “Let’s make laws codifying technical ideas we clearly have no freaking clue about”.
Again, way to go, Utah.
jeroenhd
> how is anyone expected to tell that I’m accessing a website from a hotel in Berlin instead of my house in California
Remote attestation in combination with location access as a start. DPI on TCP/UDP timinings/round trip time measurements for distant locations, combined DNS leak detection to catch bad VPNs. Use browser APIs to detect WiFi vs mobile data to let some 2G users through. IPv6 accessibility checks to catch many other VPNs.
There are always technical means, as the more restrictive streaming services like to prove. There are many, many more ways websites can verify that users are not on a VPN that most websites don't bother with, and until they all do and people still use VPNs, legislators will find ways to punish websites.
The real end goal isn't to block content these people dislike within their state, of course. The goal is to go after the existence of adult websites and, in worryingly more common cases, websites discussing basic LGBTQ topics.
kstrauser
No. That’s how someone with pervasive access to Internet infrastructure could tell when I’m on a VPN. It’s impossible for a given website to tell that I’m accessing it over a VPN. Not difficult: impossible. It cannot be done.
jeroenhd
Most of these features can be employed on the website side perfectly fine.
Tools like https://obfusgated.com/tools/vpn-detection-test will use very basic timing tricks to detect VPNs, for instance. Not very reliable, but if you add data points about things like MTU size and WebRTC, and cross-reference that with GeoIP location, you could detect most VPNs. Not without rejecting a small amount of edge cases (Firefox users with JS disabled, weird browsers, and so on), but that's worth the risk if you're held liable for damages if you don't do it.
In practice, nobody really cares. Even Netflix and Disney apply "good enough" VPN detection, mostly by going by IP address, because they don't really care about whether you're using a VPN or not, they just want to make sure they and their shareholders don't allow too much piracy.
With this law, there are significant financial risks, not in an effort to combat a handful of pirates, but because of a "save the children" legal risk. That changes things for website owners.
ijk
So the individual website has to subscribe to the surveillance operator's IP location verification service, or be fined.
lstodd
Technical measures while technically existing failed first in China and then in Russia lately, Russian authorities recently all but admitted that they can not block xray+reality-style VPNs (which were and are developed in China to go over their "great firewall") and now talk about a blanket ban on foreign traffic and basically a whitelist for internet.
The goal is always a perception of control of public narrative. Those people deeply care what "masses" think of them. That they measure mostly by sampling more or less public media (and I actually worked at a company in 2010s which was selling exactly that). And when they don't like what they see, they try to fix that by controlling that media, up to and including banning the whole world.
That is what is happening with all this protecting the children stuff.
jeroenhd
Countries like China and Russia are different, in that they try to catch all communication towards every website, most of them outside of their jurisdiction. They're targeting internet users, and without installing a watchdog on either the server side or the client side, that's hard to pull off on the encrypted internet.
Laws like these target the website providers. These website providers are in control of infrastructure, they have the private keys, and they don't try to do any transparent monitoring. Browsers and VPNs are very good at protecting communications between you and a third party, but if that third party is trying to spy on you, things change. That's why governments buy data from data brokers: why bother spying on your citizens when they and their computers willingly give a few companies all the information you need.
You can't buy cocaine on the clearnet in most countries. It's not hard to switch to TOR, but only because TOR is legally accepted at the moment. Accessing TOR from China is not all that easy without at least a (government-sanctioned) Hong Kong VPN.
These legal attacks on the free internet won't stop hidden services from hosting porn videos, but they will make it very difficult to make money off of them. MindGeek and friends aren't going to risk illegality by going full dark web and moving their employees to a country that doesn't extradite to the US.
undefined
iLoveOncall
Here's the website of Utah's governor if you want to access it via a VPN: https://www.votecox.com/
abustamam
https://www.votecox.com/fighting-federal-overreach
> Fighting Federal Overreach
"The US govt can't overreach! That's my job!"
Lucasoato
No GDPR banner, even if visiting the website from EU
M95D
What GDPR banner? GDPR doesn't impose any banners. ePrivacy Directive did, and it's actually a choice: use tracking cookies with consent, or don't use tracking cookies and no consent is needed.
ronsor
Realistically domestic US politicians have no reason to care about EU regulations
bradley13
This is happening simultaneously in many Western countries. It is clearly somehow coordinated. You don't need a tinfoil hat to see the conspiracy.
Equally clearly, this is a first step to requiring identity, and ultimately government approval for your activities in the internet.
Somehow, we really must reign in the political class, before we truly land in a dystopia.
hackernews682
This. And the coordinated rollout of digital currencies. It is all a part of the control grid being prepared for us.
One would think this would be obvious to more HN readers, being the supposed technical “systems thinkers” they purport to be.
markus_zhang
I guess this is just to accelerate the preparation for a total war.
wartywhoa23
One can't make all cattle pens fight to total mutual extermination without isolating them first, and blocking all information about the farm owners.
JumpCrisscross
> It is clearly somehow coordinated
Well, yes—parents’ groups are coordinating. Similar to how drunk driving and cigarette rules were passed globally in about a generation. You don’t need reptiles when polling is so strongly against kids on social media.
frm88
I think you might want to zoom out a bit: digital authorianism has been on the rise since (at least) 2022 and is subject to scientific study: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5117399
This chapter explores the defining characteristics of digital authoritarianism as exemplified by countries such as China and Russia, identifying three primary pillars: information control, mass surveillance, and the creation of a fragmented, isolated Internet. Furthermore, this chapter emphasizes that digital authoritarian practices are not confined to authoritarian regimes. Democratic governments and technologically advanced private corporations, especially the dominant tech companies shaping the modern Internet, are also capable of adopting authoritarian tactics.
bradley13
It's much more than parents' groups. This is coming "top down". For example, here in Switzerland the government decided E-IDs would be a great idea. The population killed the proposal the first time, with a referendum. So the government tried again, and we failed to kill it the second time.
JumpCrisscross
> This is coming "top down"
It’s both. This is an unpopular opinion on HN, but most Americans support banning social media for kids younger than 14. The implementation details are not being thought through, which is a problem. But pretending this is a conspiracy is a silly way for technical experts to cede their seats at the table.
Get the top HN stories in your inbox every day.
I am completely baffled by this wave of new laws and proposals... they feel dystopic and can seemingly only lead to brutal restrictions on the internet. What will we end up with? Only attested modems / endpoints in the home? With DPI? And a government issued smartcard to use it? It comes across as if this is what some legislators are actually after... they must have some technical advisors who can explain to them that the solutions they propose will not work and I am a bit worried they will morph the public discussion into enforcing at a lower level otherwise "the bad guys still circumvent"??