Podcasting Chat Community

@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox One solution to the ills of verify-by-card, but also a reason I don't think the powers that be will let verify-by-card persist, is that I could just make a credit card with a $0 limit and share the number publicly for everyone to use until the card gets canceled, then repeat or have someone else do the same, until everyone who needs to get verified has done it.

@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox What are you going to do with existing users who don't have credit cards? And can't get them? Or who have credit cards but whose safety might be put at risk by having their legal identity tied to their account and past writings?

Yes, for capitalist services that are going to obey age verification mandates, they absolutely should be offering "charge my credit card" as an option. I would even pay a one-time $20+ fee for this, anything to be able to continue using the service without submitting to face scanning or ID.

But non-capitalist things like Mastodon instances treating this as a harmless way to obey is NOT a good idea. It will exclude exactly the people we need to be including.

@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox Making all your users dox themselves or share their biometrics with an face scanning provider quietly affiliated with Palantir is not going to help you at all if you're not targeted, and not going to save you if you are.

All it's going to do is fuel fascism.

If you're not clear on this you shouldn't be running a service of this sort, but leaving it to folks who can make responsible decisions.

@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox The is absolutely what folks like me are talking about when we say "obeying in advance".

There will ALWAYS be a conceit to go after you if you're a target.

Kissing their asses 10 years in advance hoping it will not happen is a stupid strategy.

You either do the civil disobedience openly, or you mitigate the risks as best you can.

@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox If you're a server with 20 accounts, it's probably not open registration anyway. In this case, the main "opsec" you should be doing is not publicly identifying who runs the server and what jurisdiction it's under.

The case I was thinking of is more when you have a medium-sized, semi-open (e.g. by request/invite) instance with maybe 1000 or so users, which suddenly finds itself under threat of a being required to verify ages for its users. If you're not comfortable doing civil disobedience and just refusing to do that, the responsible thing is to restructure ownership outside of the jurisdiction. Whether that involves a "shell company" or real transfer of operations to trusted people elsewhere.

@benroyce @vervain @ariarhythmic @Mastodon @mellifluousbox You're trying to deal with defeat before it even happens. Governments DGAF about your Mastodon instance. But they're happy to have you complying in advance.

@benroyce @ariarhythmic @Mastodon @mellifluousbox You just make it so it's no longer you running it. It's been passed off to an entity legally incorporated someplace else, and your involvement is as a volunteer or contractor working with a foreign entity for which you have no authority to implement the type of "age verification" your government wants them to impose.

@benroyce @ariarhythmic @Mastodon @mellifluousbox None of that contradicts what I said. You don't run it as a citizen or resident of the hostile jurisdiction. You pass ownership to an entity in a safe location, and you put the fronting IP in a safe location. Physical servers can be somewhere else, but shouldn't be somewhere under the hostile jurisdiction unless you're confident there's no trail to them.

@benroyce @ariarhythmic @Mastodon @mellifluousbox No, they cannot get shut down by a government they're not operating under. If there's a threat, move legal operations & hosting out of the jurisdiction and obfuscate physical location of servers behind VPNs. Don't fucking comply.