The idea that a state court in one particular state can enforce such an absurd law against a company that likely has no business operations or servers in the state is ridiculous. I don't care if you like the porn site in question or not, or condone or endorse its content. This is a slippery slope towards every regional tinpot dictator legislature attempting to censor the internet by having an entity's domain name revoked.
.com in particular has also been well proven over the past 5 to 10 years to be vulnerable to federal court orders to seize domains at the registrar level. That's not really anything new. It's a known risk for anyone building a corporate brand/identity around a specific .com domain name. What's new is this is being done from the state court level. (Edit: To be clear, in my opinion, a US State court completely lacks jurisdiction on this matter).
> The idea that a state court in one particular state can enforce such an absurd law against a company that likely has no business operations or servers in the state is ridiculous.
I agree. California has been doing this since 2022 [1][2] and it's equally indefensible.
States should not be allowed to wield their size and influence as a cudgel against other states and jurisdictions.
Interestingly if you browse American-hosted online internet firearms accessories websites (and FFLs who will sell you something online to ship to your local FFL), for the most part, it's just a basic HTML popup of "Are you over 18? Click Yes, okay, proceed". I haven't seen a single one that actually attempts to implement age verification. It seems that the Internet-based vendors, the same general cohort of companies that are exhibitors or attendees at the annual SHOT trade show, are not very scared of the Californian AG yet.
I'm unaware of the Californians attempting to seize anyone's domain name over this issue. But indeed this also seems like an overreach, California doesn't get to regulate what an Internet gun accessory store in Idaho advertises or publishes on the Internet. State to state transfers of serialized items go through a well defined federal government regulated process, such as if a person in Nebraska buys a Zastava M70 online from a dealer in Montana.
The ID (and therefore the age) is checked when one goes to pick up their firearm at the local FFL dealer, so an age check on the site doesn't add anything useful.
Correct, I was referring to the websites that have implemented only the most basic fig leaf of legal compliance (ca. 2001 era HTML popup of "are you over 18?") to be able to browse the product selection, even of items that aren't serialized/FFL 4473-requiring firearms receivers. Like, yes, I totally need to confirm that I'm over 18 to look at this Streamlight flashlight.
> I'm unaware of the Californians attempting to seize anyone's domain name over this issue.
They may not be attacking the domain but they're attempting to leverage the US Legal system to shut down operations. Arguably that's even worse- they can't move to another domain/tld.
But you see, guns aren't harmful to small children. It's that damn pornography. Seeing a gun doesn't traumatize you for life, but man, seeing a private area? Life ruined.
Of course, once the number of years since you were born reaches exactly 18, your brain automatically shuts off the part of you that is impossibly traumatized by private areas, so it's suddenly completely okay and normal.
Oh, and when you reach exactly 16, somehow you're only impossibly traumatized by private areas on the screen, not in-person. Everyone knows this is true.
(I don't mean to be genuinely insensitive about the real harms that adult content can pose. I just think there's a difference between calling content harmful simply because it's adult and content causing harm because the viewer isn't ready for it)
It also makes complete and total sense that you can sell your body by joining the Marines as an 0311 MOS rifleman/grunt on your 18th birthday, but you're going straight to hell if you have an alcoholic drink before you're 21. I don't know if I've ever met a European who doesn't think the US's alcohol age laws are weird.
I have a cousin who lives in Illinois and joined the Marines. He's 20 now. He can shoot fully automatic weapons in the military and has won awards for handgun precision and skill.
But he can't buy a handgun in his home state or drink a beer.
Honestly I think the legal age for drinking could be lower if only society treated it better. A lot of drinkers are not only reckless but brought up to be reckless by how society treats them, what society expects of them, peer pressure, etc.
Similarly to how I'm salty about having to obtain LSD from black markets instead of having a known safe supply from a pharmacy. I trust my vendor, but the skill to not only find the market but to find the vendor and actually execute the ordering process is not easy to come by.
A lot more things could be available if people were properly informed and not just fed propaganda about how they're waay too dangerous. It's completely possible to be responsible about substances, it's called harm reduction. Also prescriptions are a thing -- even if I had to get a prescription from my doctor, I would even be fine with that as long as I'd get to take it at home.
One of the reasons I keep my .in domain up and running as my backup email (and just for personal use). That .com domain, if taken down/away from other jurisdictions (the ones that can easily do it) for whatever reason (including a “mistake” or slip) would mean it’s gone for good (because I neither have the capacity nor resources to appeal/fight that in foreign lands).
Your .IN domain is probably one of the worst possible choices of all ccTLD to claim that you can publish things on it without fear of reprisals or censorship, be assured that something bad would happen to it or you personally if you happened to run afoul of any powerful people in the Indian government (or oligarchs).
Something like .NL (you do not need to be a Dutch national to register) or .IS would be much more legally resilient.
> The idea that a state court in one particular state can enforce such an absurd law against a company that likely has no business operations or servers in the state is ridiculous.
Two things of note regarding this.
First, note the office of origin: Texas Attorney General, which is currently occupied by Ken Paxton who is running for a tightly contested seat in the US Senate.
Second, a state court does not have jurisdiction beyond its borders for entities not operating within same.
> .com in particular has also been well proven over the past 5 to 10 years to be vulnerable to federal court orders to seize domains at the registrar level. ... What's new is this is being done from the state court level.
Which is why any attempt to enforce this ruling would be subject to removal to Federal court.
Unenforceable and meant strictly for political theater IMHO.
> This is so much state overstepping bounds and irony aside, so much for independence and rights by a state that proclaims personal agency comes first.
When a political party declares we are in a "post-truth" era and fully embraces nihilistic "the ends justify the means" tactics, the result is inevitable;
Take, hold, and increase power by any means necessary.
For if one does not hold oneself to a standard of ethical behavior, where the actions of others do not affect one's adherence to the rule of law, where the temptation to indulge in vendettas is not renounced, and where there is no accountability for engaging in any of the aforementioned, then there is no motivation for seeing those one disagrees with as anything more than an irritant to be dispatched forthwith.
And we then find ourselves with elected officials wildly exceeding their mandate, such as here.
Two quotes from the writ filed support my position.
The court finds that the following domain name is
owned by Defendant ...
Defendant is not a resident of this state and is
a foreign corporation.
> You're going to have give us the "explicit" quotation ...
The aforementioned does so. Until and unless you can show how the Defendant has an established presence within the State of Texas, such that its jurisdiction is applicable, it is difficult for me to consider your position considered and/or informed.
To be fair, only some of "us" are unwilling to read a two-page document to be informed about a topic under discussion. The words you're looking for are "Defendant is not a resident of this state and is a foreign corporation."
Nice try, that's not the same as not doing business in the state. Most businesses are incorporated in Delaware, they get sued in every state of the union.
> Nice try, that's not the same as not doing business in the state.
Again, until and unless you can show how the Defendant has an established presence within the State of Texas, such that its jurisdiction is applicable, it is difficult to consider your position considered and/or informed.
Why do you think that is necessary for jurisdiction? It's doing business with TX customers every time it serves an ad to someone there. The law governing sufficient contacts for internet companies has been pretty well established since the 2000s.
> It's doing business with TX customers every time it serves an ad to someone there
By this same logic if my web server physically located in Canada, the USA or Iceland serves LGBTQ content to people in Uganda I should be held liable or dragged into a Ugandan court under some of Uganda's anti-LGBTQ laws?
Uganda would certainly issue a judgement against you. The difference would be their inability to enforce it because none of the relevant parts of the DNS operate in Uganda.
It's now well-established on the Internet that a court may force anyone in the path to enforce their decision. ISPs are regularly forced to block foreign websites, without any implication of liability on the ISP's part, simply because the ISP has the technical ability to block them and the court has the ability to enforce an order on the ISP. This is the case when Spanish ISPs have to block Cloudflare. The same applies to the DNS, which is based in America. Thanks to Texas for publicizing this DNS vulnerability which must urgently be fixed.
I'm not sure what your point is. Courts generally follow precedent, not your opinion about what is or isn't logical. Do you want me to explain to you the nature of extraterritorial jurisdiction, extradition treaties, etc., distinguishing your hypothetical from this case? I don't have a dog in this fight. If you really want to understand what's going on I would suggest you simply look up the complaint this AG filed, which will give the basis for jurisdiction, which the court evidently accepted.
There's also more than ample legal precedent that only the US federal government has the authority to regulate inter-state commerce, which is clearly what .COM is as an entity run by VeriSign, and internet traffic/telecommunications traffic that crosses state borders. There's such a vast body of law in telecom law that the federal government regulates long distance telecommunications traffic that I could paste citations to dozens of court cases going back 75 years. International internet traffic from an entity whose servers aren't in Texas isn't subject to Texas jurisdiction.
I worry about it about as much as I worry about getting extradited to Thailand to face court for violating a law insulting the Thai king. I am unaware of even a single person of my nationality who has been extradited to Europe to face some kind of GDPR tribunal.
If I were running a business that had any operations or clients whatsoever in Europe my opinion on this topic would be different (in terms of legal liability to the corporation, and necessity of compliance to ensure ongoing revenue from European customers, etc), but I am not.
The GDPR doesn't try to remove anything from the global internet. You're free to not serve your site in the EU. Texas is free to block sites in Texas. But Texas trying to remove the ability of Europeans to access European websites is a completely different matter.
There is no difference in principle. That is equally unacceptable.
There is a difference in kind, because it becomes impossible for the global internet to exist if thousands of local jurisdictions are being given their way, with conflicting local legislation resulting in global takedown when it is impossible to comply with two different jurisdictions. So this is noteworthy as an escalation of an already existing problem into an even worse direction.
---
Rate-limit edit:
> Which is why the Internet hasn't been global in a long time, and looks pretty different in China vs EU vs Russia.
China and Russia aren't part of the global internet because they have national firewalls and segregated themselves. The EU very much is, and with limited exceptions the internet doesn't look much different from the US, the EU, Japan, Canada, Australia, Mexico, Thailand, Brazil, or South Africa. It seems absurd to suggest that the internet isn't global when I'm in all likelihood talking to you from the opposite side of the world and this is the norm. And what is the point you're making? That we should embrace the China/Russia model and give not only every country but also every state/province/city its own Great Firewall?
"That we should embrace the China/Russia model and give not only every country but also every state/province/city its own Great Firewall?"
I actually don't have much of an opinion about what it should be, I was only discussing this from a descriptive legal standpoint. My guess is what will happen is companies will voluntarily target their sites to different regions and different legal regimes (like many big US sites do for their foreign versions, or gambling sites do here). That's kind of what's happening here, Verisign is complying probably so they can still have the TX market.
The major architectural difference is that through enforcement of their own domestic legislation, China and Russia both force their ISPs to run all international internet traffic through certain choke points (chinese great firewall, russian "SORM" traffic interception boxes and similar).
Whereas this is for the most part not the scenario for major IP transit providers in Europe, the USA, Canada (top 50 by size CAIDA ASRank scale/scope ISPs ranked by ASN which are not Russian or chinese).
GDPR Article 17 expressly requires the removal _of your personal data_ from the internet _upon your request_, which is very different from a US state trying to remove a website hosted in and run by a company incorporated in another country.
And geo blocking may be functionally impossible but the law cares about intent and actions, not if you prevented someone who used a VPN or lied about their location from using your service.
> GDPR Article 17 expressly requires the removal of things from the global internet
...as part of compliance with GDPR, if you choose to be compliant. Please name one instance of the EU suing and successfully removing an American website from the internet under this article, or any part of the GDPR? Considering we're talking about an actual case of the US seizing the domain of a European website, whataboutting a hypothetical with the GDPR which has never done the reverse despite being in force for 10 years is incredibly disingenuous.
---
Rate-limit edit:
> Are you saying that you don’t think that the GDPR text is written to apply outside of the EU, or that it does say that but it’s not relevant because it’s not viable for anybody to enforce that?
The GDPR is European legislation, written for the territory the EU has legal jurisdiction over. Why would anybody think it's meant to apply outside of the EU? Plenty of businesses choose to operate by two sets of privacy policies, one where they continue fucking over their American users and one where they adhere to the GDPR for European users, and that is perfectly acceptable. There is no "think" about it, the legislation obviously does not apply outside the EU, nor is it intended to.
Are you saying that you don’t think that the GDPR text is written to apply outside of the EU, or that it does say that but it’s not relevant because it’s not viable for anybody to enforce that?
Common complaint is that government enforcement of laws is insufficient, i.e. fines are only x% of their worldwide revenue. Sounds like this way has teeth and might force companies to actually obey the law?
Default judgement, absolutely meaningless at this point as to how a court would rule against a plaintiff that actually showed up, respected the court’s authority, and defended itself.
Why should a Netherlands based company that publishes content on the internet entirely outside of this state's borders and jurisdiction be required to show up or respect its authority? By this logic if I'm sued in Turkey for publishing content on my web server hosted in California insulting Erdogan, I should have to go show up and defend myself in some kangaroo court.
But does a US State control a TLD, really? Is that even something that's within the legitimate legal power of an individual state? Previous .com seizures have been done at the federal court level. The federal government reserves the authority to regulate all inter-state commerce. The entire history of how the .com TLD is run by Verisign is federal government related.
Doing this at the state court level is as nonsensical as an individual state deciding it doesn't like a law or regulation that's part of the jurisdiction of the FAA or FCC, and wants to do its own unique weird local thing.
Any state can issue a warrant and extradite Americans from any other state. Something to do with catching runaway slaves. It's gonna catch up with us when California starts charging me with a crime for something about age verification or when Texas tries to extradite abortionists
Individual states have already been attempting to extradite people from other states for the crime of mailing early term abortion medication across state lines, for example:
So if I don’t do business in Texas, have no operations in Texas or otherwise deal with Texas in any way a state court should just be able to order a company to suspend my whole domain?
I’m Canadian and Texas courts have zero authority over me so they can f*ck off.
But they do have authority over the domain registrar, so you’re vulnerable there no matter where you live.
I don’t agree with the premise of age verification, but of course a prosecutor would go after the assets they can reach if enforcing local laws. They’ve done this for years when it comes to copyright infringement.
It's a huge overreach to say that any individual US state has authority over a domain registrar, and even more specifically over .COM as a TLD, given its history with VeriSign and the US federal government.
There exists a well defined process, precedent and prior case law in US federal court to seize a .COM domain name by a court order issued to VeriSign. Doing this at the state level is entirely new.
Honest question: what is the ultimate end game if at some point a court in another country orders a domain be reinstated? Do we end up with a domain registration system per country?
I think given the history and "ownership" of the specific TLD of .com by verisign and verisign's relationship with the US federal government, it then proceeds to ignore any court orders to reinstate the ownership issued by a court in any other country that is not the USA.
The winner of that battle will be wherever the DNS is hosted. Which is the USA. Even several ccTLDs are hosted in the USA and must obey USA law above the law of that country.
> Stuart Lawley, the CEO of ICM Registry--the company behind the XXX top level domains, says XXX sites should help empower parents to keep their kids away from adult content.
Well that's kinda the whole idea of having an "adult content" tld; it's so you can block all .xxx domains instead of having to create a blocklist of sites. Like an opt-in nsfw flag for the internet, basically.
Sure but that doesn't really work with the existing age verification laws. Unless .xxx is requiring domains to implement age verification or there's some sort of global redirect to a verification portal, that site is back in the same legal jeopardy of having Texas confiscate their domain again.
I took a quick look at the Texas law. Like a few other such laws it allows sites to use an external service to do the check, as long as the service uses a "commercially reasonable" method of doing that. That basically means it has to be based on government ID or by inference based on certain types of transaction records they can get access to (e.g., if you have a mortgage they can reasonably infer you are an adult).
As far as I can tell it would be possible to build an age verification service based on an open source ZKP implementation such as Google's Longfellow [1] that would be acceptable to these laws, but would allow anonymous age verification. It would be similar to the system the EU is now trialing, except not limited to iOS and to Android devices with Google Play. Longfellow should be able to work with those but also most modern smart phones running any OS the supports the phone's secure element, and also desktop computers that have secure elements, and devices like YubiKeys.
You would have to verify your age with the age verification service to set things. The easiest way to make it so that is not a privacy risk is for the age verification service to be offered by some entity that already has your ID documents. In the EU that would be the governments themselves, but I don't think any US state governments are ready to do that.
The age verification service doesn't necessarily need to store copies of whatever ID you present. It just needs to know you are when it issues its ID documents that get bound to your device's secure element. If this service was offered by some entity that has a widespread physical presence (a bank would be perfect) you could go in, show ID in person, and get your device enrolled.
Even better would be for a trusted non-profit to run this, like the EFF or the ACLU. Yes, I know they don't want age verification to happen at all, but they are going to lose that one, and it would be prudent to try to make it so that people have a privacy preserving way to do it that can be used anonymously when that happens.
Anyway, once your device is set up verifying your age to a website would involve a protocol between your device in the website the uses a ZKP (Zero Knowledge Proof) to demonstrate to the website that the identify information the age verification service bound to the secure element on the your devices says your age is acceptable. The ZKP doesn't disclose anything else from your identidy information. (The web server sees your IP address of course, but they would see that without age verification too). Note that the age verification service has no idea when, or were, you age verify at a website.
So basically this whole thing is a ploy to get rid of porn: basically, censorship that vaguely tries not to look like censorship.
1. Instigate a completely impractical, rights-violating scheme for age verification that nobody in their right mind wants to implement.
2. Then, enforce it against whatever porn sites land in your jurisdiction at all, knowing that they, like everyone else, don't do the verification.
Am I close?
Suppose the porn site tries to implement it. How many people are going to hand over their personal info to a shady porn site? Most visitors are there anonymously for whatever free stuff they can watch.
Either way, the porn site is ... screwed. Implement age verification: 99% visitors now back-button out and find another porn site. Don't implement it: blocked or shut down.
The USA controls ICANN and IANA, who together control the DNS root, as well as controlling all so-called "generic" TLDs through ICANN. Only some country TLDs are actually outside of US jurisdiction, as many of the delegate to USA-based registry providers. ICANN/IANA still control whether or not those countries even get to have domains, so the USA could decide that if the Netherlands wouldn't block motherless-dot-nl then .nl shall no longer exist.
DNS being centralised in the USA was potentially problematic when they weren't abusing their power. Now that they are actually abusing their power, it is actually problematic.
ARIN is also a US non-profit corporation, located in Virginia, but the people who run RIPE and APNIC and AFRINIC might disagree that the Internet is entirely "controlled" by Americans.
So a state (or municipality or anyone capable of making laws) has the ability to say, "You don't meet our local laws, take down your URL" now?
This is going to be a real problem when states start nuking whole parts of the internet from orbit. A state has a law against conversion therapy and starts to remove sites with that? A state has a law against trans people? Or abortion? Or medical misinformation? Suddenly we just start purging sites back and forth?
Battlegrounds end up as torn up, muddy, desolate places. Turning the domain registry into a battleground is a bad idea. Over the long term, no one wins if we choose to fight there.
In the US, if you used a US domain or registrar, this is possible. If you are Dutch and registered a .nl domain with a Dutch registrar, this is not possible.
I mean the US works like this, it isn't suprising a US state also does.
If someone from the US does something illegal on your site (which is legal in your country), depending on how much they want you will end up in a US prison.
Before the US decided that betting online was OK, betting sites had travel advisories for their employees not to travel to the US.
Wrong. Porn is considered protected speech unless it is considered “obscene” (which is an incredibly difficult bar to meet), and even possession of obscene material in one’s home is protected.
You wrote this in the passive voice; it doesn't say who is doing the blocking.
Pornhub itself is doing the blocking; it uses geolocation and denies services to IP addresses from jurisdictions with age verification laws. The laws are usually not structured so as to require a third party such as an ISP to block noncompliant sites; instead, the governments of the states with those laws can sue the porn sites and their service providers (Verisign in the case of .com domains).
> The explicit tube site Pornhub is now blocked in 25 U.S. states
I had assumed that the states were blocking Pornhub but reading between the lines in the linked article it does imply it's not the states are not applying technical blocks.
Well the site does not present Texas in a good light. Their .gov site presents me with this. Looks like they need to worry about their own site instead of worrying about out of state sites.
>Warning: Potential Security Risk Ahead
> Firefox detected a potential security threat and did not continue to www.texasattorneygeneral.gov. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.
There's no such thing as "reasonable age verification measures". Its lie spread by fascists like Ken Paxton, the Heritage Foundation, and ton of other evil people.
> obtained a court-ordered writ directing Verisign, the company that maintains the “.com” domain registry, to place the domain “motherless.com” on a registry lock, hold, or similar status.
So they're using the fact that Verisign is a US company and can therefore be leaned on.
I'm not sure how I feel about this. What do other countries do who don't have Verisign to lean on? US companies really don't like being told what to do by governments of other countries, but when the shoe is on the other foot...
But that, more appropriately, only affects internet users in that country (ignoring the cloudflare network blocking that causes various other sites to also be blocked).
This appears to basically wipe the site from the entire internet, for all countries.
When you create the infrastructure, you make the rules. If a party doesn't like those rules, they are free to create their own replacement infrastructure and obtain global buy-in.
ccTLDs already exist and their respective countries have sovereignty over those TLDs: the UK can disappear any .uk domain name it wants from the global internet.
The .com TLD is American, and is therefore subject to American legal proceedings.
> The .com TLD is American, and is therefore subject to American legal proceedings.
Ample precedent and prior case law exists that the US Federal government can obtain court orders to seize .COM domains. Going back 15 years now.
State government that's another question entirely. When people say "American legal proceedings", the distinction between state courts and federal courts have two very different regions of responsibility and authority.
> The .com TLD is American, and is therefore subject too American legal proceedings
This is not an "American" proceeding so much as a Texan one, and it's not clear that the State of Texas should have any jurisdiction over the .com TLD.
That's the correct way, because it applies only to residents of that jurisdiction. Texas should be able to prevent their local ISP's from showing illegal content, but not control what people see in other parts of the country/state.
It's not confusing and you should understand what's happening for your own safety. This has been happening for a couple of decades internationally and now with USA states.
This result means that Texas can take various means to block motherless. But more importantly no motherless employees should travel to Texas without risk of arrest. Same for abc/youtube/facebook employess traveling to India.
You should be aware of this and monitor it in your industry.
I'm sure there are friendly and generous humans also living in North Korea and Iran. Doesn't mean I want to risk subjecting myself to their government's authority.
The friendly, generous humans who resoundingly endorse the corrupt Ken Paxton's actions and will overwhelmingly vote for him to serve them in the senate this year? Actions speak louder than words. With friends like Texans, who needs enemies?
> The Office of the Attorney General will continue to use every available legal mechanism, including writs of attachment against domain names, to enforce Texas law and ensure that no company, regardless of where it is incorporated, can profit from exposing Texas children to harmful content.
And Kick Online Entertainment S.A. appears to be incorporated in Luxembourg. The "S.A." is a mostly European thing, kind of like a "limited" company.
> I won’t lose any sleep at the loss of such scum but the general principle seems a bit strange.
That's generally key in making a precedent. The first case is someone nobody really cares for, but it's built a precedent where the next case must follow suit.
> In March 2012, the U.S. government declared that it has the right to seize domains ending in .com, .net, .cc, .tv, .name, and .org if the companies administering the domains are based in the U.S. The U.S. government can seize the domains ending in .com, .net, .cc, .tv, and .name by serving a court-order on Verisign, which manages those domains.
The only thing slightly redeem about about them economic wise is their gas reserves. The way they run their state is very similar to a corrupt nation as well. They still want to break away from the US.
So he managed to block the site globally for not forcibly violating the privacy of its users with mandatory age verification.
The US court system really needs to do something about this, and overturn Free Speech Coalition v. Paxton in favour of Reno v. American Civil Liberties Union.
FWIW, the site isn't blocked globally. They just moved to a new domain.
I do generally agree that local governments trying to forcefully exert their influence beyond their jurisdiction is deeply problematic. It wouldn't even be possible to host a website on the internet if this becomes normalized, due to being held to thousands of contradicting standards. At most Texas should have the authority to tell Texas ISPs to block traffic.
It operates in Texas if it is serving Texas users.
> Kick Online, which openly describes itself as a “moral free” company, ignored the lawsuit and refused to comply with the court’s order. It continued publishing and distributing harmful sexual material that was accessible to minors in Texas.
This is the same website with a forum with millions of users trading information on how to assault their partner.
Does this mean Texas can shutdown other websites in other states that provide abortion support? I’m sure there are those who would argue such to be harmful to children…(not to mention the fetus)
Right, that's why speech by white Christians males should be protected, and not any of those Muslims or gay people.
Now, I say this mockingly, my neighbors (yes I live in Texas) say such things with a steadfast belief. Which is really weird to me because they keep electing adulterers and rapists.
I don't see the disconnect you do - they are voting for white Christian men to protect white Christian men. The rape and adultery was hurting women (or gay guys).
> It operates in Texas if it is serving Texas users.
What do you mean "serves"? Does that just mean not actively blocking users from Texas? Allowing your web site to be accessible regardless of user location is, and always has been, the default way to run a web site. Your assertion would mean that web site operators are beholden to the laws of all jurisdictions on the planet if they don't actively block those users.
Think about what a bad precedent that would be. Some countries criminalize promotion of pro-LGBT+ content. What if those countries suddenly demand extradition of people who run pro-LGBT+ blogs because the web sites are available there?
Also, keep in mind that geolocation isn't actually part of the Internet - it's an overlay that private companies have cobbled together that usually works. But it's not perfect, especially at the subnational level. Many times I've connected to public Wi-Fi and I get an alert that I've signed into something from across the country, because that's where the Wi-Fi provider's IPs are located. Are you sure that every jurisdiction in the world will accept that if gelocation gets it wrong, you're off the hook? Utah has already claimed that companies are responsible for complying with their laws even if the user masks their location with VPN. https://www.privacyguides.org/news/2026/05/11/utah-targets-v...
My other comment in this thread has citations demonstrating SCOTUS support and approval for Texas to enforce these laws, as well as links to statue trackers showing where states and countries have implemented these age validation requirements for social media and adult content sites.
It was a choice by Motherless and their holding company, Kick Online, to egregiously ignore Texas law; the law has been found sound by the US Supreme Court, and enforceable by Texas. These are the facts of the situation. Everything else to discuss on this is feelings and opinion, unless there are relevant facts not yet shared or discovered.
The problem is that Paxton is attempting to do the same thing to every site that doesn't forcibly violate user privacy with mandatory age verification. Its part of Project 2025 and the Heritage Foundations goals, and its incompatible with privacy rights.
Definitely bad overall and opposed to the principle by which this is being done, but I am at least glad it happened to motherless. The last I saw of that site it had terrible moderation and hosted quite a bit of dubious material.
I guess by default all .com's have US jurisdiction? Because even if it's a default judgment, and the registrar is based out of the US, which seems to the case here, any court order from the US is able to take a domain down.
The Ninth Circuit held that the U.S. court had jurisdiction to proceed because VeriSign—the registry for all .com domains—was located in the United States.
Every TLD that is not a ccTLD is effectively a US ccTLD. This has always been the case, and perhaps the US has tricked us into becoming complacent. If the world was fair they would all be underneath .us.
I want to see other countries start rejecting the ICANN root and forcing all the US domains under .us, but it will never happen. It would break their vhosts for one thing. Doing it at the browser level could avoid that.
.com in particular has also been well proven over the past 5 to 10 years to be vulnerable to federal court orders to seize domains at the registrar level. That's not really anything new. It's a known risk for anyone building a corporate brand/identity around a specific .com domain name. What's new is this is being done from the state court level. (Edit: To be clear, in my opinion, a US State court completely lacks jurisdiction on this matter).
I agree. California has been doing this since 2022 [1][2] and it's equally indefensible.
States should not be allowed to wield their size and influence as a cudgel against other states and jurisdictions.
[1] https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...
[2] https://oag.ca.gov/news/press-releases/ghost-gun-crackdown-a...
I'm unaware of the Californians attempting to seize anyone's domain name over this issue. But indeed this also seems like an overreach, California doesn't get to regulate what an Internet gun accessory store in Idaho advertises or publishes on the Internet. State to state transfers of serialized items go through a well defined federal government regulated process, such as if a person in Nebraska buys a Zastava M70 online from a dealer in Montana.
They may not be attacking the domain but they're attempting to leverage the US Legal system to shut down operations. Arguably that's even worse- they can't move to another domain/tld.
Just shows what priorities are.
Of course, once the number of years since you were born reaches exactly 18, your brain automatically shuts off the part of you that is impossibly traumatized by private areas, so it's suddenly completely okay and normal.
Oh, and when you reach exactly 16, somehow you're only impossibly traumatized by private areas on the screen, not in-person. Everyone knows this is true.
(I don't mean to be genuinely insensitive about the real harms that adult content can pose. I just think there's a difference between calling content harmful simply because it's adult and content causing harm because the viewer isn't ready for it)
But he can't buy a handgun in his home state or drink a beer.
Make it make sense.
Similarly to how I'm salty about having to obtain LSD from black markets instead of having a known safe supply from a pharmacy. I trust my vendor, but the skill to not only find the market but to find the vendor and actually execute the ordering process is not easy to come by.
A lot more things could be available if people were properly informed and not just fed propaganda about how they're waay too dangerous. It's completely possible to be responsible about substances, it's called harm reduction. Also prescriptions are a thing -- even if I had to get a prescription from my doctor, I would even be fine with that as long as I'd get to take it at home.
Something like .NL (you do not need to be a Dutch national to register) or .IS would be much more legally resilient.
https://en.wikipedia.org/wiki/Internet_censorship_in_India
Two things of note regarding this.
First, note the office of origin: Texas Attorney General, which is currently occupied by Ken Paxton who is running for a tightly contested seat in the US Senate.
Second, a state court does not have jurisdiction beyond its borders for entities not operating within same.
> .com in particular has also been well proven over the past 5 to 10 years to be vulnerable to federal court orders to seize domains at the registrar level. ... What's new is this is being done from the state court level.
Which is why any attempt to enforce this ruling would be subject to removal to Federal court.
I wonder what was the value of the domain on the open market, its quite a famous domain and probably had high lead generation..
But I agree with the parent comment.
This is so much state overstepping bounds and irony aside, so much for independence and rights by a state that proclaims personal agency comes first.
> And third, there was a default judgement.
Unenforceable and meant strictly for political theater IMHO.
> This is so much state overstepping bounds and irony aside, so much for independence and rights by a state that proclaims personal agency comes first.
When a political party declares we are in a "post-truth" era and fully embraces nihilistic "the ends justify the means" tactics, the result is inevitable;
For if one does not hold oneself to a standard of ethical behavior, where the actions of others do not affect one's adherence to the rule of law, where the temptation to indulge in vendettas is not renounced, and where there is no accountability for engaging in any of the aforementioned, then there is no motivation for seeing those one disagrees with as anything more than an irritant to be dispatched forthwith.And we then find ourselves with elected officials wildly exceeding their mandate, such as here.
It does not, as explicitly stated in the court's decision found here[0].
https://www.texasattorneygeneral.gov/sites/default/files/ima...
The aforementioned does so. Until and unless you can show how the Defendant has an established presence within the State of Texas, such that its jurisdiction is applicable, it is difficult for me to consider your position considered and/or informed.
To be fair, only some of "us" are unwilling to read a two-page document to be informed about a topic under discussion. The words you're looking for are "Defendant is not a resident of this state and is a foreign corporation."
Again, until and unless you can show how the Defendant has an established presence within the State of Texas, such that its jurisdiction is applicable, it is difficult to consider your position considered and/or informed.
Hosting out of the netherlands. Kick their owners are globally headquarted in Australia, their US operations are out of SFO, CA.
By this same logic if my web server physically located in Canada, the USA or Iceland serves LGBTQ content to people in Uganda I should be held liable or dragged into a Ugandan court under some of Uganda's anti-LGBTQ laws?
https://www.google.com/search?client=firefox-b-d&q=uganda+an...
It's now well-established on the Internet that a court may force anyone in the path to enforce their decision. ISPs are regularly forced to block foreign websites, without any implication of liability on the ISP's part, simply because the ISP has the technical ability to block them and the court has the ability to enforce an order on the ISP. This is the case when Spanish ISPs have to block Cloudflare. The same applies to the DNS, which is based in America. Thanks to Texas for publicizing this DNS vulnerability which must urgently be fixed.
If I were running a business that had any operations or clients whatsoever in Europe my opinion on this topic would be different (in terms of legal liability to the corporation, and necessity of compliance to ensure ongoing revenue from European customers, etc), but I am not.
I fail to see the difference in principle from the federal government doing this for copyright violations.
There is a difference in kind, because it becomes impossible for the global internet to exist if thousands of local jurisdictions are being given their way, with conflicting local legislation resulting in global takedown when it is impossible to comply with two different jurisdictions. So this is noteworthy as an escalation of an already existing problem into an even worse direction.
---
Rate-limit edit:
> Which is why the Internet hasn't been global in a long time, and looks pretty different in China vs EU vs Russia.
China and Russia aren't part of the global internet because they have national firewalls and segregated themselves. The EU very much is, and with limited exceptions the internet doesn't look much different from the US, the EU, Japan, Canada, Australia, Mexico, Thailand, Brazil, or South Africa. It seems absurd to suggest that the internet isn't global when I'm in all likelihood talking to you from the opposite side of the world and this is the norm. And what is the point you're making? That we should embrace the China/Russia model and give not only every country but also every state/province/city its own Great Firewall?
I actually don't have much of an opinion about what it should be, I was only discussing this from a descriptive legal standpoint. My guess is what will happen is companies will voluntarily target their sites to different regions and different legal regimes (like many big US sites do for their foreign versions, or gambling sites do here). That's kind of what's happening here, Verisign is complying probably so they can still have the TX market.
Whereas this is for the most part not the scenario for major IP transit providers in Europe, the USA, Canada (top 50 by size CAIDA ASRank scale/scope ISPs ranked by ASN which are not Russian or chinese).
GDPR Article 17 expressly requires the removal of things from the global internet
> You're free to not serve your site in the EU
Geoblocking is functionally impossible
And geo blocking may be functionally impossible but the law cares about intent and actions, not if you prevented someone who used a VPN or lied about their location from using your service.
If you say so
...as part of compliance with GDPR, if you choose to be compliant. Please name one instance of the EU suing and successfully removing an American website from the internet under this article, or any part of the GDPR? Considering we're talking about an actual case of the US seizing the domain of a European website, whataboutting a hypothetical with the GDPR which has never done the reverse despite being in force for 10 years is incredibly disingenuous.
---
Rate-limit edit:
> Are you saying that you don’t think that the GDPR text is written to apply outside of the EU, or that it does say that but it’s not relevant because it’s not viable for anybody to enforce that?
The GDPR is European legislation, written for the territory the EU has legal jurisdiction over. Why would anybody think it's meant to apply outside of the EU? Plenty of businesses choose to operate by two sets of privacy policies, one where they continue fucking over their American users and one where they adhere to the GDPR for European users, and that is perfectly acceptable. There is no "think" about it, the legislation obviously does not apply outside the EU, nor is it intended to.
Not sure how this does not violate interstate commerce.
Contact your congress criter: https://www.congress.gov/
BTW: Kick - Melborne, AU. US Operations: SanFran CA. Registar: Verisign - Reston, VA.
otherwise they could just send the texas rangers to canada to go kill the execs in montreal
Or did you mean, like, morally?
Doing this at the state court level is as nonsensical as an individual state deciding it doesn't like a law or regulation that's part of the jurisdiction of the FAA or FCC, and wants to do its own unique weird local thing.
https://www.google.com/search?client=firefox-b-d&q=US+state+...
I’m Canadian and Texas courts have zero authority over me so they can f*ck off.
I don’t agree with the premise of age verification, but of course a prosecutor would go after the assets they can reach if enforcing local laws. They’ve done this for years when it comes to copyright infringement.
There exists a well defined process, precedent and prior case law in US federal court to seize a .COM domain name by a court order issued to VeriSign. Doing this at the state level is entirely new.
https://www.cnn.com/2026/05/08/europe/porn-site-motherless-t...
https://www.cnet.com/news/privacy/man-behind-xxx-domains-say...
As far as I can tell it would be possible to build an age verification service based on an open source ZKP implementation such as Google's Longfellow [1] that would be acceptable to these laws, but would allow anonymous age verification. It would be similar to the system the EU is now trialing, except not limited to iOS and to Android devices with Google Play. Longfellow should be able to work with those but also most modern smart phones running any OS the supports the phone's secure element, and also desktop computers that have secure elements, and devices like YubiKeys.
You would have to verify your age with the age verification service to set things. The easiest way to make it so that is not a privacy risk is for the age verification service to be offered by some entity that already has your ID documents. In the EU that would be the governments themselves, but I don't think any US state governments are ready to do that.
The age verification service doesn't necessarily need to store copies of whatever ID you present. It just needs to know you are when it issues its ID documents that get bound to your device's secure element. If this service was offered by some entity that has a widespread physical presence (a bank would be perfect) you could go in, show ID in person, and get your device enrolled.
Even better would be for a trusted non-profit to run this, like the EFF or the ACLU. Yes, I know they don't want age verification to happen at all, but they are going to lose that one, and it would be prudent to try to make it so that people have a privacy preserving way to do it that can be used anonymously when that happens.
Anyway, once your device is set up verifying your age to a website would involve a protocol between your device in the website the uses a ZKP (Zero Knowledge Proof) to demonstrate to the website that the identify information the age verification service bound to the secure element on the your devices says your age is acceptable. The ZKP doesn't disclose anything else from your identidy information. (The web server sees your IP address of course, but they would see that without age verification too). Note that the age verification service has no idea when, or were, you age verify at a website.
[1] https://github.com/google/longfellow-zk
1. Instigate a completely impractical, rights-violating scheme for age verification that nobody in their right mind wants to implement.
2. Then, enforce it against whatever porn sites land in your jurisdiction at all, knowing that they, like everyone else, don't do the verification.
Am I close?
Suppose the porn site tries to implement it. How many people are going to hand over their personal info to a shady porn site? Most visitors are there anonymously for whatever free stuff they can watch.
Either way, the porn site is ... screwed. Implement age verification: 99% visitors now back-button out and find another porn site. Don't implement it: blocked or shut down.
https://youtu.be/iDbyYGrswtg?si=AL91MHC5q5yg2jnA
DNS being centralised in the USA was potentially problematic when they weren't abusing their power. Now that they are actually abusing their power, it is actually problematic.
This is going to be a real problem when states start nuking whole parts of the internet from orbit. A state has a law against conversion therapy and starts to remove sites with that? A state has a law against trans people? Or abortion? Or medical misinformation? Suddenly we just start purging sites back and forth?
Battlegrounds end up as torn up, muddy, desolate places. Turning the domain registry into a battleground is a bad idea. Over the long term, no one wins if we choose to fight there.
But what people do instead is to disable access for people from that specific state.
If someone from the US does something illegal on your site (which is legal in your country), depending on how much they want you will end up in a US prison.
Before the US decided that betting online was OK, betting sites had travel advisories for their employees not to travel to the US.
Multiple conservative SCOTUS justices openly admit to taking bribes from parties with cases before them.
C’mon, people, these issues are trivial to look up the facts about. There’s no excuse for ignorance here. https://firstamendment.mtsu.edu/article/obscenity-and-pornog...
Obscenity is not speech.
https://mashable.com/article/pornhub-blocked-states-2025
Pornhub itself is doing the blocking; it uses geolocation and denies services to IP addresses from jurisdictions with age verification laws. The laws are usually not structured so as to require a third party such as an ISP to block noncompliant sites; instead, the governments of the states with those laws can sue the porn sites and their service providers (Verisign in the case of .com domains).
I used the language of the link.
> The explicit tube site Pornhub is now blocked in 25 U.S. states
I had assumed that the states were blocking Pornhub but reading between the lines in the linked article it does imply it's not the states are not applying technical blocks.
>Warning: Potential Security Risk Ahead
> Firefox detected a potential security threat and did not continue to www.texasattorneygeneral.gov. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.
Otherwise the general idea seems absurd that an individual state could freeze a domain impacting for the whole Internet…
(EDIT: I won’t lose any sleep at the loss of such scum but the general principle seems a bit strange.)
So they're using the fact that Verisign is a US company and can therefore be leaned on.
I'm not sure how I feel about this. What do other countries do who don't have Verisign to lean on? US companies really don't like being told what to do by governments of other countries, but when the shoe is on the other foot...
They lean on their ISPs, see Spain and the La Liga controversy.
This appears to basically wipe the site from the entire internet, for all countries.
ccTLDs already exist and their respective countries have sovereignty over those TLDs: the UK can disappear any .uk domain name it wants from the global internet.
The .com TLD is American, and is therefore subject to American legal proceedings.
Ample precedent and prior case law exists that the US Federal government can obtain court orders to seize .COM domains. Going back 15 years now.
State government that's another question entirely. When people say "American legal proceedings", the distinction between state courts and federal courts have two very different regions of responsibility and authority.
This is not an "American" proceeding so much as a Texan one, and it's not clear that the State of Texas should have any jurisdiction over the .com TLD.
This result means that Texas can take various means to block motherless. But more importantly no motherless employees should travel to Texas without risk of arrest. Same for abc/youtube/facebook employess traveling to India.
You should be aware of this and monitor it in your industry.
You know real, friendly, generous humans live in Texas, right?
And Kick Online Entertainment S.A. appears to be incorporated in Luxembourg. The "S.A." is a mostly European thing, kind of like a "limited" company.
That's generally key in making a precedent. The first case is someone nobody really cares for, but it's built a precedent where the next case must follow suit.
(Under "Controversies".)
> In March 2012, the U.S. government declared that it has the right to seize domains ending in .com, .net, .cc, .tv, .name, and .org if the companies administering the domains are based in the U.S. The U.S. government can seize the domains ending in .com, .net, .cc, .tv, and .name by serving a court-order on Verisign, which manages those domains.
However, applying this for violations of _state_ law seems odd.
Where does it end?
What if a law enacted by a single US city’s city council is violated? Would US as a country seize the domain?
"Sorry Meta, but BFE, Nebraska outlawed Farmville and now some guy named Bob owns facebook.com."
The only thing slightly redeem about about them economic wise is their gas reserves. The way they run their state is very similar to a corrupt nation as well. They still want to break away from the US.
The US court system really needs to do something about this, and overturn Free Speech Coalition v. Paxton in favour of Reno v. American Civil Liberties Union.
I do generally agree that local governments trying to forcefully exert their influence beyond their jurisdiction is deeply problematic. It wouldn't even be possible to host a website on the internet if this becomes normalized, due to being held to thousands of contradicting standards. At most Texas should have the authority to tell Texas ISPs to block traffic.
Thank you for your virtue signaling. You're now registered as a lifetime GOP member.
> Kick Online, which openly describes itself as a “moral free” company, ignored the lawsuit and refused to comply with the court’s order. It continued publishing and distributing harmful sexual material that was accessible to minors in Texas.
This is the same website with a forum with millions of users trading information on how to assault their partner.
https://www.cnn.com/interactive/2026/03/world/expose-rape-as...
FAFO.
Does this mean Texas can shutdown other websites in other states that provide abortion support? I’m sure there are those who would argue such to be harmful to children…(not to mention the fetus)
Leftists and trans activists attempting to shut down Kiwifarms comes to mind.
Supreme Court allows Texas to enforce law requiring age verification and parental consent on apps - https://www.scotusblog.com/2026/07/supreme-court-allows-texa... - July 6th, 2026
Supreme Court allows Texas’ law on age-verification for pornography sites - https://www.scotusblog.com/2025/06/court-allows-texas-law-on... - June 27th, 2025
https://mashable.com/article/all-the-states-and-countries-wi...
https://en.wikipedia.org/wiki/Social_media_age_verification_...
Now, I say this mockingly, my neighbors (yes I live in Texas) say such things with a steadfast belief. Which is really weird to me because they keep electing adulterers and rapists.
What do you mean "serves"? Does that just mean not actively blocking users from Texas? Allowing your web site to be accessible regardless of user location is, and always has been, the default way to run a web site. Your assertion would mean that web site operators are beholden to the laws of all jurisdictions on the planet if they don't actively block those users.
Think about what a bad precedent that would be. Some countries criminalize promotion of pro-LGBT+ content. What if those countries suddenly demand extradition of people who run pro-LGBT+ blogs because the web sites are available there?
Also, keep in mind that geolocation isn't actually part of the Internet - it's an overlay that private companies have cobbled together that usually works. But it's not perfect, especially at the subnational level. Many times I've connected to public Wi-Fi and I get an alert that I've signed into something from across the country, because that's where the Wi-Fi provider's IPs are located. Are you sure that every jurisdiction in the world will accept that if gelocation gets it wrong, you're off the hook? Utah has already claimed that companies are responsible for complying with their laws even if the user masks their location with VPN. https://www.privacyguides.org/news/2026/05/11/utah-targets-v...
I didn't know that Texas is supporting and promoting the North Korean government: http://naenara.com.kp/main/index/en/first
I wonder why they aren't being called out for anti-American terrorist groups.
Everyone learns this the hard way, it seems.
Waiting for the day when texas court demands deleting .ee LTD (since estonia is currently only country which has fought agaisnt age verification laws)
It was a choice by Motherless and their holding company, Kick Online, to egregiously ignore Texas law; the law has been found sound by the US Supreme Court, and enforceable by Texas. These are the facts of the situation. Everything else to discuss on this is feelings and opinion, unless there are relevant facts not yet shared or discovered.
https://news.ycombinator.com/item?id=48953591
The other point of view is that they "very reasonably" ignored Texas law because they're not in Texas.
The Supreme Court found that the law was valid, but that ruling doesn't mean it necessarily applies in a situation like this.
Then it's violating the laws of a whole lot of places by serving pornography to adults.
The existence of a web server doesn't feel like enough nexus to seize a domain.
Nonsense.
There is no reliable way to not serve your content to people in Texas. If anything, Texas should compel ISPs to not serve it to their Texas customers.
This is exactly how we lose all our rights.
Found the case, https://law.justia.com/cases/federal/appellate-courts/ca9/07...
The Ninth Circuit held that the U.S. court had jurisdiction to proceed because VeriSign—the registry for all .com domains—was located in the United States.
I want to see other countries start rejecting the ICANN root and forcing all the US domains under .us, but it will never happen. It would break their vhosts for one thing. Doing it at the browser level could avoid that.