Mastodon Says It Doesn't 'Have the Means' To Comply With Age Verification Laws (techcrunch.com) 67
Mastodon says it cannot comply with Mississippi's new age verification law because its decentralized software does not support age checks and the nonprofit lacks resources to enforce them. "The social nonprofit explains that Mastodon doesn't track its users, which makes it difficult to enforce such legislation," reports TechCrunch. "Nor does it want to use IP address-based blocks, as those would unfairly impact people who were traveling, it says." From the report: The statement follows a lively back-and-forth conversation earlier this week between Mastodon founder and CEO Eugen Rochko and Bluesky board member and journalist Mike Masnick. In the conversation, published on their respective social networks, Rochko claimed, "there is nobody that can decide for the fediverse to block Mississippi." (The Fediverse is the decentralized social network that includes Mastodon and other services, and is powered by the ActivityPub protocol.) "And this is why real decentralization matters," said Rochko.
Masnick pushed back, questioning why Mastodon's individual servers, like the one Rochko runs at mastodon.social, would not also be subject to the same $10,000 per user fines for noncompliance with the law. On Friday, however, the nonprofit shared a statement with TechCrunch to clarify its position, saying that while Mastodon's own servers specify a minimum age of 16 to sign up for its services, it does not "have the means to apply age verification" to its services. That is, the Mastodon software doesn't support it. The Mastodon 4.4 release in July 2025 added the ability to specify a minimum age for sign-up and other legal features for handling terms of service, partly in response to increased regulation around these areas. The new feature allows server administrators to check users' ages during sign-up, but the age-check data is not stored. That means individual server owners have to decide for themselves if they believe an age verification component is a necessary addition.
The nonprofit says Mastodon is currently unable to provide "direct or operational assistance" to the broader set of Mastodon server operators. Instead, it encourages owners of Mastodon and other Fediverse servers to make use of resources available online, such as the IFTAS library, which provides trust and safety support for volunteer social network moderators. The nonprofit also advises server admins to observe the laws of the jurisdictions where they are located and operate. Mastodon notes that it's "not tracking, or able to comment on, the policies and operations of individual servers that run Mastodon." Bluesky echoed those comments in a blog post last Friday, saying the company doesn't have the resources to make the substantial technical changes this type of law would require.
Masnick pushed back, questioning why Mastodon's individual servers, like the one Rochko runs at mastodon.social, would not also be subject to the same $10,000 per user fines for noncompliance with the law. On Friday, however, the nonprofit shared a statement with TechCrunch to clarify its position, saying that while Mastodon's own servers specify a minimum age of 16 to sign up for its services, it does not "have the means to apply age verification" to its services. That is, the Mastodon software doesn't support it. The Mastodon 4.4 release in July 2025 added the ability to specify a minimum age for sign-up and other legal features for handling terms of service, partly in response to increased regulation around these areas. The new feature allows server administrators to check users' ages during sign-up, but the age-check data is not stored. That means individual server owners have to decide for themselves if they believe an age verification component is a necessary addition.
The nonprofit says Mastodon is currently unable to provide "direct or operational assistance" to the broader set of Mastodon server operators. Instead, it encourages owners of Mastodon and other Fediverse servers to make use of resources available online, such as the IFTAS library, which provides trust and safety support for volunteer social network moderators. The nonprofit also advises server admins to observe the laws of the jurisdictions where they are located and operate. Mastodon notes that it's "not tracking, or able to comment on, the policies and operations of individual servers that run Mastodon." Bluesky echoed those comments in a blog post last Friday, saying the company doesn't have the resources to make the substantial technical changes this type of law would require.
Re: Unplug the menstrual cup. (Score:2)
Where "the cause" is defined as jacking off?
Re: (Score:2)
Do you enjoy watching gay porn?
I used to, but then the Republican leaders in my state had to go and ruin it with those fucking age checks.
Re:Unplug the menstrual cup. (Score:4, Insightful)
The courts have NO power to order the president around.
So Biden DID have the authority to forgive student loans.
Re: Unplug the menstrual cup. (Score:2, Insightful)
"You can't sign documents if you're demented."
So everyone who voted for drumpf did so illegally, because their voter registrations were invalid?
Re: (Score:2)
About that autopen fixation... https://www.cbsnews.com/news/w... [cbsnews.com]
Mr. Trump has also used an autopen, telling reporters on Air Force One in March that he'd used the device "only for very unimportant papers."
Re: Unplug the menstrual cup. (Score:2)
You can't sign documents if you're demented.
Filing this under every accusation is a confession, Demented Don.
Donald couldn't even pass a US citizenship test. Quick, without cheating, how many amendments to the US Constitution are there? How many states do we have? How many Justices are on the U.S. Supreme Court?
Would you stake your life on Donald J Trump accurately locating Alaska on a map? Which ocean is Hawaii in? Nope. We both know it. So of course you have to throw "demented" at other presidents, because you know you have one and it makes you fee
Re: (Score:2)
No, the Supreme Court was quite particular on that point. It want like district courts were trying to stop him.
Re: (Score:2)
Wasn't
Re: (Score:2)
Nope sorry.
The intent of the constitution is clear.
The courts have held that questions of major political or economic significance may not be delegated by Congress to Democratic executive agencies absent sufficiently clear and explicit authorization.
The GOP is not Democratic, so executive agencies get to do whatever the fuck they want.
Computer trespass and identity fraud (Score:4, Interesting)
Some state needs to pass a law to enforce unauthorized computer access/computer trespass against people who fraudulently lie about their ages to gain access to a website. Websites should put up 'No minors allowed' and if a minor ignores that, there should be a law to penalize the minor/parents for trespass or unlawful computer access.
Re: (Score:3)
That's already a law federally. CFAA.
Re: (Score:2)
Justice Brett Kavanaugh, a member of the court’s conservative wing, wrote a brief concurrence asserting that the Mississippi law is “likely unconstitutional” but said that the internet companies who sued had not “sufficiently demonstrated” that they would be harmed by a temporary order in favor of the state.
Re:Computer trespass and identity fraud (Score:4, Interesting)
The obvious answer is to simply disconnect regions that impose internet-breaking restrictions. If a region believes the rest of the world is responsible for parenting their dumb children, and in particular they're willing to sue when someone else fails to live down to the standards they think their little sheltered idiots need to engage the world and that they're too incompetent to provision themselves, then merely politely tell them their entire region is insufficiently sophisticated to interact and pull their plug.
We really need a FOSS maintained "Gilead regions" IP block list, v4 and v6, for independent operators and national ISPs and DNS providers engaged to banlist those regions from interacting with the an internet that doesn't work for them. They have every right to decide for themselves, but not for anyone else.
Re: easy (Score:1, Troll)
Itâ(TM)s not going to fly. The law is telling them to change their software or get the fuck out. Saying âoeour software doesnâ(TM)t support itâ wonâ(TM)t get you anywhere. No oneâ(TM)s software supported it, but they changed their software because of the law, thatâ(TM)s the point.
Re: easy (Score:5, Insightful)
How can they get out if they're not even there? Mastodon runs a few servers of their own, and those could be blocked, but anyone in Mississippi could spin up their own server instance. At that point it would be a cat and mouse game between the government and it's own citizens. Not to speak of others outside of Mississippi running their own servers...
Re: (Score:2)
Re: easy (Score:2)
Yes, and that means that mastodons protocol is fundamentally incompatible with states that implement this kind of draconian law. Thatâ(TM)s what I mean about the court just saying âoeweâ(TM)ll change your softwareâ. They wonâ(TM)t say âoewell okay, since you explained how your protocol works and how other people can run servers without verification you get to ignore the lawâ, theyâ(TM)ll say âoewell donâ(TM)t write and use software that does that if that vi
Re: (Score:3)
Even with Rootstock, Bitcoin would be a terrible solution for age verification. It's slow and feature-poor by modern standards. You could probably use inscriptions but that would be slow and gum up the blockchain making transactions insanely expensive (again).
Re: (Score:2)
"a Bitcoin block chain based identity layer could allow users to cryptographically prove they are above a certain age"
No. Because the problem is not if someone can retroactively forge a block, but because nobody can guarantee that what someone wrote into the block first time is true. Your problem is not making something hard to forge, but to verify it at all.
ultimately govt regulation gets you (Score:2)
This reminds me of the early days of wifi when the idea was that everyone should just share their wifi with everyone else. You could provision guest wifi or a shared wifi ssid on your local router.
In the end that all failed because the govt could come after your for some stranger using your wifi to do something illegal.
So in the end it all becomes centralized and managed by big companies that have the resources to comply with all the different regulations and we pay the cost of all the employees that have
Re: (Score:2)
This reminds me of the early days of wifi when the idea was that everyone should just share their wifi with everyone else. You could provision guest wifi or a shared wifi ssid on your local router.
It failed because WiFi routers started coming with passwords pre-installed.
For me personally, I eventually added a password because people watching movies on my WiFi was eroding my ping time in online games.
Re: (Score:3)
This reminds me of the early days of wifi when the idea was that everyone should just share their wifi with everyone else.
Uh, no, the idea was not needing to run CAT5 wires all over the damn place. Everybody who had even the slightest clue of what could go wrong understood the importance of at least enabling basic security on their wireless router. Besides, I'm not paying over half a Benjamin every month for my neighbors to mooch off of my connection.
Re: (Score:2)
> In the end that all failed because the govt could come after your for some stranger using your wifi to do something illegal.
You know that Section 230 that conservatives here want removed because they blame it for... I don't know exactly, but Big Tech likes it so they must oppose it despite the fact Big Tech would become Only Tech if they did?
That law made you essentially liable only for what you do on the Internet, not what other people do. So the government coming for you because someone else download
Jurisdictional question. (Score:3)
This is where we really ought to look into the state of jurisdiction regarding businesses who are not located in a state, do not have offices in a state and do not target users in that state. This has come up before when it comes to taxes and other state laws, and I'm pretty sure it's ended up with binding rulings at the Federal Appeals Court level if not the Supreme Court level.
It made perfect sense to me the first time.. (Score:2)
Re:It made perfect sense to me the first time.. (Score:4, Funny)
Re:It made perfect sense to me the first time.. (Score:5, Informative)
Decentralized may mean many things. But the important one in this case is that it doesn't have a boss who can issue an order and voila, the Mastodon network automatically starts complying with some arbitrary rule. Also, there is not a way someone can force the Mastodon software to start behaving a certain way globally, because every Mastodon server manages its own software.
Re: (Score:2)
Someone enforcing the law would need to force every server separately. Most of the servers are in other legislations ... so they are out of luck.
Re: (Score:1)
Mastodon is decentralized. Please someone post the definition of what decentralized is???
Email is decentralized.
"Mississippi says their new law requires Email to enforce age verification checks on Email"
"We asked Email server operator to turn on age verification for Email, and they made up some excuse about how they don't have access to all of the worlds email servers and this is impossible for them to do."
Note my tenses and abuse of noun spelling is entirely intentional.
The fact that referring to a person, role, and software protocol interchangeably with the same word makes this sound like bro
This should be the new internet (Score:3)
Implanted At Birth (Score:2)
This just means this needs to be done at the ISP level. Logging in? Better show ID. Or just tap your bone chip.
Re: (Score:2)
Nobody would object to ISPs verifying age (In principle they already do, minors can't have contracts). The problem is, that politicians are not happy about adults leaving the device to children so sites should add a secondary verification layer.
Re: (Score:2)
I don't understand 'logging in to an ISP'. My home broadband is always connected to the worldwide Internet. My exercise equipment [slashdot.org] demands it. As do many other gadgets in my home. From that point on, what's to stop my kid from connecting to the router and visiting the world as an already accredited member of my household?
Re: (Score:2)
And this is the thing, my ISP already knows I'm over 18 but I keep having to do this shit.
Hell I have to do it with Steam and Xbox Live, both accounts that are older than 18 years old themselves.
Mississippi says Mastodon cannot be in state (Score:1)
Mastodon says it cannot comply with Mississippi's new age verification law
Mississippi says Mastodon cannot do business in the state.
Re: Mississippi says Mastodon cannot be in state (Score:3, Interesting)
Enforced...how? Individual users download Software and install it. Individual users subscribe to servers run by other individuals.
Conspiracy theory, but isn't it strange how so many Western governments are suddenly simultaneously pushing for the identification of internet users? Dystopian.
Re: Mississippi says Mastodon cannot be in state (Score:2)
Presumably enforced by the ISP blocking the protocol altogether. Some ISPs do this with Torrent already, its no big deal to extend that to other protocols that are problematic.
Re: (Score:2)
You'd have to IP block at the state level every mastodon instance.
You can wait, the UK will probably get there first on that one and discover it's essentially impossible.
Re:Mississippi says Mastodon cannot be in state (Score:5, Interesting)
What business is Mastodon doing?
Re: (Score:2)
They are a gGmbH, they don't do business. The g means for serving the commons as a german nonprofit organization.
Re: (Score:2)
They can't sue the flagship.
The flagship does no business in any US states. It's not a US business. It's a non-profit funded via donations, and at worst they could just block credit cards associated with people with US addresses (and presumably the UK)
The only laws, honestly, that apply to mastodon.social are German and EU ones, and that's just that instance.
To be honest, the bigger problem is that Bluesky caved rather than looking around for workarounds. If their protocols are actually viable, then they sh
instead of watching incest porn on the net (Score:2, Troll)
Someone uses Mastodon in Mississippi? (Score:2)
Certificates? Certificates? Anyone? Bueller? (Score:2)
Simple solotion (Score:1)