Pretty much all Azure services seem to be down. Their status page says it's only the portal since 16:00. It would be nice if these mega-companies could update their status page when they take down a large fraction of the Internet and thousands of services that use them.
Same playbook for AWS. When they admitted that Dynamo was inaccessible, they failed to provide context that their internal services are heavily dependent on Dynamo
It's only after the fact they are transparent about the impact
I'm not sure that the USA has ever been in such a low standing with the rest of the 'democratic world' in the last 100 years. That's not saying the rest of the world has their stuff together, but it seems that fundamentally un-American ethos is the new nationalist American one that a 1/3 of the country wants.
The people who benefited from those who sacrificed for rights and equality over the past century got complacent and lazy.
The current rhetoric is exactly the same as was used to discriminate against my ancestors 100 years ago. The only substitutions are the different slurs. Everyone who wants to talks about race and immigrants should be required to listen to 8 hours of radio programs from the early 1900s saying the exact same thing about them and their ancestors.
"It is the common fate of the indolent to see their rights become a prey to the active. The condition upon which God hath given liberty to man is eternal vigilance; which condition if he break, servitude is at once the consequence of his crime and the punishment of his guilt." -- John Philpot Curran, 1790
You fight or you lose. Every time; all the time. Politics is a contact sport and you don't get to opt out.
It is a mass killing event which the Chinese government pretends never happened and/or suppresses the information of. Phrases will be banned/filtered from all digital services in China relating to it. From Wikipedia:
> The Tiananmen Square protests, known within China as the June Fourth Incident, were student-led demonstrations held in Tiananmen Square in Beijing, China, lasting from 15 April to 4 June 1989. After weeks of unsuccessful attempts between the demonstrators and the Chinese government to find a peaceful resolution, the Chinese government deployed troops to occupy the square on the night of 3 June in what is referred to as the Tiananmen Square massacre. The events are sometimes called the '89 Democracy Movement, the Tiananmen Square Incident, or the Tiananmen uprising.
> Between 200 and 10,000 civilians were killed. The Red Cross states that around 2,600 died and the official Chinese government figure is 241 dead with 7,000 wounded. Amnesty International's estimates puts the number of deaths at several hundred to close to 1,000. As many as 10,000 people were estimated to have been arrested during the protests.
> Phrases will be banned/filtered from all digital services in China relating to it.
Google was complying with, what I assume is the law in, China and censoring searches for things China doesn't want talked about. Google has since left China, apparently bowing down wasn't enough.
> and set up import controls to prevent people from importing guns bought abroad.
In this example 4chan is 'importing' it's content to the UK. I agree though, Ofcom should just go straight to banning these websites that won't comply, rather than this silly and pointless song and dance. Ultimately that's the only real enforcement tool they have. For certain websites that will be enough (Facebook, etc.) for them to follow whatever law for the regions they want to be accessible in.
> In this example 4chan is 'importing' it's content to the UK
No, UK ISPs are importing 4chan into the UK. At no point is 4chan involved in the importing of it's content. It could even be argued it's not involved in exporting it either.
> It could even be argued it's not involved in exporting it either.
It is providing content to IPs located in the UK, therefore, it's knowingly exporting content. If the user bypasses controls using VPNs or proxies, it's a different thing, but I would expect 4chan to make a reasonable effort on their side in order to prevent a sitewide block.
I don't know if you know this, but when you put a website online there isn't a big switch that says "TURN ON TO SERVE TO UK"
When a resource exists on the internet, it is available to everyone. That's how the internet works. There is no mechanism by which to exclude any given country. You can try to geolocate the IP for every individual visitor, but that's a ridiculous burden for website operators and it also doesn't even work.
Ofcom is trying to censor the entire global internet. If they want to censor the UK internet, they have much, much better tools.
They're trying to enforce extrajudicial law by way of threats and bullying instead of actually taking proactive steps to "protect" UK citizens from dangerous memes.
Ofcom has the right to censor the internet within the UK. They do not have the right to an opinion about what private entities do in other countries.
> I don't know if you know this, but when you put a website online there isn't a big switch that says "TURN ON TO SERVE TO UK"
No, but it's a relatively trivial setting to block IP ranges, especially for a service the size of 4chan.
> You can try to geolocate the IP for every individual visitor, but that's a ridiculous burden for website operators and it also doesn't even work.
It's not a ridiculous burden (the ranges are easy to obtain - I did it before) and it's not expected to be 100% effective against a dedicated user because proxies exist.
It is a strange definition of relatively trivial to ask each and every person on the planet who has served content to be aware of all constantly changing local judicial content restrictions, to identify the location of their users, and to identify which specific bits of the content they are serving is problematic.
It is a massive global undertaking involving untold collective man hours developing, implementing, and updating. They may as well be adding an invisible 1/2 pent tax on every man woman and child like some sort of hidden global sovereign.
This is a war they lost long ago and they keep trying to take power to which they are not entitled. The correct answer is like the Boston tea party dumping their imperial assumptions into the ocean.
If they want to block content they should take the responsibility to do so themselves. Even just blocking advertisers who fund problem sites would probably take care of whatever problem they are trying to solve.
Not all people who serve a website need to be aware of that - I don't think my personal blog will be declared illegal anywhere, for instance. If a post is, I might just spare myself the pain and remove it. If a country wants to notify me, I'm pretty easy to find.
Now, for a relatively high-profile website such as 4chan, who deliberately dodges responsibility for the content it knowingly hosts, I'd say it is not a huge effort. They have the staff for that kind of thing. If they decide they aren't complying, then the UK government might order UK-based ISPs to block access and they will comply - as they did many times before. The people in charge of the company might face charges if they ever set foot in the UK, but that's a risk they need to balance.
And, in the light of legislation that sanctions whoever does business with sanctioned companies, sanctioning advertisers can go a long way to force compliance.
> It is providing content to IPs located in the UK, therefore, it's knowingly exporting content
This is not true. There are many steps before the content is provided to IPs in the UK, with the pertinent ones being after it reaches the ISP from the backbones.
If I order something from AliExpress shipped from China, I’m importing it, and the vendor exporting it. They’re not importing it to me, and I’m not exporting it to myself.
Same thing if I make a web request for content on a server overseas.
With Alibaba it gets complicated. There are things like duty free warehouses where things can be on US soil but legally have not yet been imported. But that does not apply in the UK. 4chan does not have servers or proxies in the UK. If it did, Ofcam can go after those local entities and I would not bat an eye.
That might be the case. However, we should not invent new things where old things suffice. Maybe it is as simple as importing digital content, and all that is different in this case is the medium. It's already illegal to import DVDs that contain illegal content into the UK. The person or company that is doing the importing is on the hook. Apply that logic to the the internet medium and we're all set.
As was mentioned in another thread, it is simpler to go after the companies abroad than to build out measures that would prevent such import. Those measures would probably take the form of some sort of firewalls. They would be noticeable to the British people, and the British people, being sensitive about their civil liberties, would not like that. It's easier for Ofcam to go after a couple bigger companies, impose no cost on the British public, and tramp national sovereignty into the ground a bit along the way.
I think the premise of this is simple, and a lot of people seem to not be understanding this...
The UK can make a law and apply it however they see fit. 4Chan is providing a service to UK people (a website you can access) and is not implementing the law. Ultimately the UK cannot enforce this law until money destined to/from 4Chan passes through the UK or people associated with the site visit UK territories.
In practicality this law for the most part will just mean either websites block the UK or UK ISPs are forced to block websites.
But this law was designed for the websites and platforms that will not be willing to do that as they make money off of UK citizens, such as Amazon/Facebook/Youtube/etc.
If a website blocks UK users then the law doesn't apply as it is only concerned with protecting UK citizens. If a foreign company was shipping drugs or guns to UK children, or your choice of obvious contraband, then why wouldn't it have the power to hold that entity accountable? This is how it has always worked and I am not seeing why this is a problem just because it's in the digital space.
Putting the burden on site operators to geoblock UK users is not only placing an incredible burden on individual operators, it doesn't even work.
It is not the responsibility of foreign companies to enforce or even acknowledged the UK's laws. If the UK has a problem, they have tools to solve it on their own soil. If they want to enforce their laws they need to pay for it.
The UK is trying to bully and scare foreign website operators regardless of scale or type of business into paying to enforce UK laws outside of the UK.
If they want a website blocked, the only way to make that work is to block it and pay for it themselves.
Relevant here is that 4Chan appears to explicitly target the UK users for commercial purposes, and potentially (via subcontract to Cloudflare) serves to UK customers from equipment located on UK soil.
Whether one agrees with the policy aims of the OSA or not, there are some complex jurisdictional and enforceability issues at play here. Unfortunately it’s not as simple as you make out.
> […] and potentially (via subcontract to Cloudflare) serves to UK customers from equipment located on UK soil.
Still, not quite.
Servers in the UK ≠ targeting the UK – courts on both sides of the pond will ask whether the operator directed activity at the forum. Merely serving content from UK edge nodes because a CDN optimises latency is usually incidental and does not, by itself, show a «manifest intent» to engage with UK users. There is an established precedent in the US[0].
If a UK-established CDN processes personal data at UK nodes, the CDN itself may be subject to UK GDPR. That does not automatically drag a non-UK website operator into UK GDPR unless it offers services to or monitors people in the UK. Accessibility or passive CDN caching alone is insufficient. And modern UK statutes mirror this; for example, the Online Safety Act bites where a service has a significant number of UK users or targets the UK – not simply because a CDN happens to serve from UK equipment. From the horse's mouth: https://www.ofcom.org.uk/online-safety/illegal-and-harmful-c...
Then there is a nuance – explictly configured Cloudflare (1) vs automatic «nearest-edge» (2) selection:
1. Explicit UK-favouring config (for example, rules that prioritise UK-only promotions, UK-specific routing or features tailored for UK users) is a relevant signal of targeting, especially when combined with other indications such as UK currency, UK-specific T&C's, UK marketing or support. In EU/UK consumer cases the test is whether the site is directed to the state – a holistic, fact-sensitive enquiry where no single factor is decisive.
2. Automatic «nearest-edge» selection provided by a CDN by default is a weak signal. It shows global optimisation, not purposeful availment of the UK market. US targeting cases say much the same: you need directed electronic activity with intent to interact in the forum; mere accessibility and generic infrastructure choices are not enough.
I was delineating a particular nuance – that the mere utilisation of Cloudflare does not, by itself, render 4Chan subject to the classification of «targeting UK users», save for the instance in which they issue a distinct monthly remittance to an entity denominated «Cloudflare UK» for the edge node services provided during the preceding period.
I.e., if a machine (the Cloudflare control plane) elects to route traffic through an edge node within the UK as an optimisation measure, such an act does not, in itself, constitute the possession of equipment within that jurisdiction — nor would it be readily ascertainable before a court of law.
Historically speaking, the Ofcom/UK approach is orthodox rather than novel. Ofcom’s sequence – information notices, process fines for non-response, then applications to court for service-restriction and access-restriction orders that bind UK intermediaries – is a modern, statute-bound version of a very old playbook. If a service has no UK presence and refuses to engage, the realistic endgame is to pressure UK-based points of access rather than to extract cash from an foreign entity.
What is new is the medium and the safeguards, not the underlying logic: regulate the domestic interface with out-of-jurisdiction speakers.
I was merely citing use of Cloudflare as evidentiary, not determinative.
I am not so sure about the relevance of billing entity. I suspect that how Cloudflare chooses to bill is as much driven by tax (especially transfer pricing) as anything else. I also think there are as-yet-unanswered questions about the role of CDNs and similar “global” infrastructure providers, and the impact of using their services as subcontractors (cf intermediaries), in interpreting jurisdiction. These services are obviously different to the “traditional” autonomous systems (routed networks). I am not sure that the law has caught up with this yet. But that is a tangent.
Likewise, thank you for a meaningful and civilised discourse.
To expand upon your observations regarding the role and the function of global infrastructure providers — what I find most disquieting is the manner in which the Internet has degenerated from a realm of open discourse, at times resembling the untamed frontier, into a labyrinthine construct of proliferating legislation and extrajudicial interference by a multitude of states.
The result is a regulatory morass so burdensome that, in certain instances, it proves more expedient to disregard an entire jurisdiction than to endeavour compliance with its statutory dictates. Even when such legislative efforts are conceived without malice, their consequences are seldom benign — the attendant escalation in implementation costs can be considerable. By way of illustration, conformity with the EU’s GDPR must now be accounted for at the very architectural level of a solution, with financial implications that are far from negligible.
> why wouldn't it have the power to hold that entity accountable?
Literally because the entity is not under the jurisdiction of the UK. The UK can force domestic companies to block the website but they cant force the website itself to do anything. The claims of fines against 4chan are therefore nonsensical. Probably just part of the legal proceedings prior to blocking the site I guess but still strange to see.
It does have 'jurisdiction' because it applies to the citizens: it is offering a service to UK citizens.
If I had a website operated outside of the US, where you can download US citizens private medical records and phone conversations, I would be liable to breaking US law.
If you do not want to be held accountable to a regions laws, then you do not offer a service to or deal with data that relates to that regions citizens.
I don't think this is a hard concept to grasp.
Jurisdiction does not imply enforceability. There are laws from your country that you can break while not even being in that country and be held accountable.
Simply offering a service to UK citizens isn't enough to provide jurisdiction. If I run a lemonade stand, and a UK citizen walks up a pays a dollar for a glass of lemonade, then that doesn't give the UK jurisdiction over the lemonade stand.
That's what's happening here - a webserver is operating entirely out of the UK, with no nexus. UK citizens send requests to it - just like all other countries citizens do, so either the website would be covered by all laws or just the places where it has nexus.
This is especially true in the US, where speech is strongly protected - making Ofcom's assertion that its regulation overrides the first amendment especially egregious. The UK government's behavior here is a bit shameful.
> If I run a lemonade stand, and a UK citizen walks up a pays a dollar for a glass of lemonade, then that doesn't give the UK jurisdiction over the lemonade stand.
You are allowed to sell lemonade to British tourists. But if you're shipping lemonade to the UK, you are subject to UK lemonade regulations. That doesn't mean that the UK has jurisdiction over your business and can shut it down or anything like that, but if you travel to the UK or UK banks handle your transactions, they have the right to seize funds and shipments, close your accounts or detain you if you set foot in the UK. Your choice are: follow UK regulations; stop shipping lemonade to the UK; or continue as you were, never go to the UK, and know that the UK can always ban shipments from your stand.
The US does the same thing all the time, and even worse[1]. Lots of piracy sites located in jurisdictions where US copyright laws don't apply are seized by US federal agencies and replaced with a notice about piracy. Those sites haven't broken any laws in the countries they're hosted in, they have no legal presence in the US, and yet the domains are banned/seized and administrators detained if they ever step foot on US soil. The UK is not threatening to seize anyone's site.
Why is it the website operators job to figure out where people are from? It isn't even generally possible for them to do correctly. A better analogy would be that a british person hired someone who looked and sounded american to go to the us to buy some lemonade and have it shipped to the uk where having it breaks the law, and then blaming the lemonade stand.
> Why is it the website operators job to figure out where people are from?
Why not? It's their responsibility to comply with UK laws if they want to keep serving British customers and making money off of them. Just because the service is provided online doesn't mean it can go on unregulated. You're acting like this is something new that websites haven't had to do for decades.
> > Why is it the website operators job to figure out where people are from?
> Why not?
Because laws vary from location to location, and it's an unreasonable for a [UK] agency to make demands from an exclusively [US] group under the assumption that they are aware of every possible law in existence. Someone in the [US] can't expect to have reasonable influence over the laws in the [UK] that they're now required to follow? That's a blatantly unfair system. That's why not.
But actually why? You confidently assert that because it has happened before, that's the way it should always be!
You're still trying to apply rules for jurisdiction, that don't map well to the Internet. If I was sending someone to the UK to buy and sell, I think your arguments would make sense. But that's not the analogy that applies here. The better analogy is, people from the UK are traveling across jurisdictional lines, and buying from my shop, based exclusively in my country. My country feels privacy and anonymity are important fundamental rights, and my business exists to that end. Here, instead of trying to control UK citizens, and making it illegal for them to travel to the US to do something they want to prevent, they instead are trying to force the US group to attempt to doxx every user and exclude some of them.
That feels insane to me, what's your take on that examplev
Also, I feel it's important to note, part of the reason they're using this specific tactic, is because they're aware how impossible and intractable their demands actually are. To call internet geolocation complex or error prone would be an understatement. So based exclusively that they're demanding someone other than them should tackle a near impossible task, should be enough of a reason to reject the demand. Legal or not, unreasonable demands deserve rejection.
> under the assumption that they are aware of every possible law in existence
That's why Ofcom started the correspondence, to inform 4chan of laws it may not have been aware of.
> Someone in the [US] can't expect to have reasonable influence over the laws in the [UK] that they're now required to follow
UK companies comply with US laws all the time if they want to continue serving US audiences. I wish this wasn't the case, but this isn't new. Similarly, lots of US news websites aren't available in the EU/UK because they don't comply with GDPR. None of this is new, there's lots of precedent for it.
> You're still trying to apply rules for jurisdiction, that don't map well to the Internet
Sure they do. When I go to boards.4chan.org, the server recognises my request, including where it's coming from, and returns some content. Similarly, when I buy lemonade from a company, they see my shipping address and ships the lemonade. Seems to me like it maps pretty well.
> To call internet geolocation complex or error prone would be an understatement
All other service providers have imposed IP-based limits and that has satisfied Ofcom, so no need to make it more complex than necessary.
> Legal or not, unreasonable demands deserve rejection.
Of course, 4chan is free to reject the demands, just like The Pirate Bay (based in Sweden) have rejected demands from the US government, that was always an option. Ofcom is making the demands to then be able to enforce the OSA, for example by blocking 4chan, without 4chan saying they were not aware of the demands.
> Sure they do. When I go to boards.4chan.org, the server recognises my request, including where it's coming from, and returns some content. Similarly, when I buy lemonade from a company, they see my shipping address and ships the lemonade. Seems to me like it maps pretty well.
How do you suspect a given IP address maps to a geographical location?
Does ofcom supply a list of IP addresses based in the UK? What if it's a US resident using a VPN or other anonymizing tool such as Tor?
If you don't understand exactly what the parameters are, how can you 1) be sure you're doing it correctly, and not still in violation i.e. has ofcom publicly stated they've reviewed it and agree it's acceptable, or have they just moved on while ominously stating they'll be watching? Seems like a needless risk to hope ofcom doesn't decide they did it wrong and demand retroactive fines. 2) defend the action if they do later to continue or change their mind about if any action is enough?
It's a mistake to ignore the problems and realities of some solution, or half solution, caused a legal demand from without a reasonable claim of jurisdiction.
Honestly, It's a wild take to assert that an ip based geoblock that's guaranteed to be buggy is fine or acceptable just because ofcom hasn't figured out how buggy it actually is yet. Just as it is equally insane to suggest that a foreign government should be able to compel, (or willing to demand) some action by anyone.
A good start would be to use geoip. It's not perfect, but it will almost certainly be enough to make UK happy (the same happens when detecting European for GDPR purposes).
Lmao, why would a web server operator need to care where their clients send requests from? Imagine if half the countries in the world required this, each with distinct requirements on how to handle traffic from their jurisdictions. Insane. Relieve us of the misery of acting as though OFCOM’s requests are reasonable- they are not.
> But if you're shipping lemonade to the UK, you are subject to UK lemonade regulations.
I was with you up until here. Shipping to a physical address, where if you don't specify the country name, it won't arrive. Is very different than shipping to an Internet address, which has no "reasonable" connection to a physical location.
> Your choice are: follow UK regulations [give up the core gimmick of your entire site]; stop shipping lemonade to the UK [the shipping analogy really breaks here, how? and what about vpns? what if the other endpoint is in the UK but the address isn't?]; or continue as you were, never go to the UK, and know that the UK can always ban shipments from your stand.
I don't disagree that [country] can make laws that make society worse... But I don't think it's reasonable to defend them as if these actions aren't egregious. There's the armchair arguments that I enjoy as a thought experiment, but it's still important to point out how antisocial this behavior is.
> The US does the same thing all the time, and even worse [...]
There's an argument to be made they're using a domain registratar in the US, which is subject to those laws (obviously). But what about [other disappointing behavior] because it's worse. Is exactly the example you're arguing against. Precedence of bad stuff is still bad, ideally everyone would point out it's bad, and suggest alternatives to the bad thing, no?
> But I don't think it's reasonable to defend them as if these actions aren't egregious
I'm not defending the Online Safety Act, I think it's a horrible and stupid law. On the other hand, I will defend GDPR, which uses a similar legal framework of enforcement. My argument is that the UK is within its rights to implement and enforce laws as they see fit, not that the laws are good.
> My argument is that the UK is within its rights to implement and enforce laws as they see fit, not that the laws are good.
The argument you are making, is that the laws, and the behavior they're enabling is reasonable.
That may not what you meant to convey, but to abuse an analogy, it is fruit from the poisoned tree. You can't defend some action, without by proxy defending the source. Either the law is reasonable, and ofcom is acting reasonably, or the law is unreasonable, and ofcom is acting unreasonably trying to enforce it. Correct or not, or technically legal in the UK or not.
You can defend the actions of ofcom, as not illegal, but that's not what you're doing, and not the context of this thread.
Countries claim juristiction for thing outside their borders all the time. however they place a much higher bar on what they claim. Lemonaid stands are likely safe, but even if it is legal where you live the US will claim pedopillia laws aganst you they can get you.
part of the high bar is claiming juristriction requires sending your army. (Sanctions are often used too which might or might not work). That is why the threat is if the directors travel to the uk - that gives them sone power - but still expect US government to do 'things' if the arrest any US citizen on this.
> If I run a lemonade stand, and a UK citizen walks up a pays a dollar for a glass of lemonade, then that doesn't give the UK jurisdiction over the lemonade stand.
It does... to correct your example, the UK citizen is paying a dollar for the lemonade while in the UK.
Are you saying that if I had a website hosted in Russia that pretended to be your bank and stole all your money from phishing that is perfectly legal?
>Are you saying that if I had a website hosted in Russia that pretended to be your bank and stole all your money from phishing that is perfectly legal?
Website hosted in US publishing truth about Ukraine war - even calling it a war is already a felony in Russia - is it legal or illegal?
I'm personally against stealing money, and i'm for calling a war a war, yet how do we formally codify that into law - there are 200 countries and at any given moment, especially while online, you're probably violating some law of some country. Before internet globalization, the geography based jurisdiction was such an objective approach. Now it is more like "catch me if you can" which is obviously not a solid foundation to build on. Like that plane that had emergency landing in Minsk, and the Belorussian dissident flying on that plane was arrested by the Belorussian police. And many here on HN were critical of MBS when Khashoggi was killed in the Saudi embassy in Istanbul - what if our plane has to make an emergency landing in Riyadh ...
> Website hosted in US publishing truth about Ukraine war - even calling it a war is already a felony in Russia - is it legal or illegal?
That's illegal in Russia. Russia has fined Google more money than exists in the world. It doesn't mean anything, but you bet the CEO of Google isn't going to visit Russia. Russia can choose to block any websites that hurt their feelings. Much like the UK and 4Chan.
> what if our plane has to make an emergency landing in Riyadh ...
Then you hope to God that the people with the bone saws don't read hackernews.
> Website hosted in US publishing truth about Ukraine war - even calling it a war is already a felony in Russia - is it legal or illegal?
Try hosting one of those sites and then fly to Russia and let us know. I think you’ll find it’s quite illegal and will be enforced to the fullest extent of the law the second you enter their jurisdiction.
It turns out it doesn’t actually matter whether you or I think the law in question is BS. We don’t run Russia or determine what laws they enact.
So, my original point was that a business is not under the jurisdiction of the UK just because it offers a service to UK citizen - I probably should have mentioned I'm not in the UK.
Whether the website is illegal or not would depend on Russian law in your example. I'd also suspect that other laws might apply, like wire fraud. Some of those would likely be enforceable in other countries.
"Offering to" is a nonsense term. The website exists on the open internet regardless of jurisdictional borders. A UK citizen must actively go to the website, initiating a connection from within the UK and requesting data from an IP address that may or may not have some kind of relationship with geography.
4Chan isn't popping up unbidden on people's phones. Wither a UK citizen chooses to visit a website is no business of the website operator.
To say that 4Chan is somehow responsible for the actions of unknowably many private citizens is absurd. If the UK wants to enforce internet censorship within their borders, that's their own business. Putting pressure on wholly independent foreign businesses for the crime of existing is not reasonable. This is just as bad as US credit card companies censoring adult material from the entire global online economy.
They're trying to censor large parts of the global internet for everyone, not just their citizens. If they cared about UK citizens so much, they'd do something like proactively blocking noncompliant websites to force them to immediately either comply or fuck off. They should be trying to protect their citizens instead of trying to bully foreign companies they have no jurisdiction over. It's their responsibility to enforce their laws, not the US courts.
Jurisdiction only applies within a sovereign country. If there's some dispute that crosses national lines, you don't call the International Bureau of Investigations to send International Agents in to drag the perp before the Planetary Supreme Court.
> why wouldn't it have the power to hold that entity accountable?
If I transmit insults of dear leader Kim Jung Un on amateur radio, then those radio waves will reach DPRK. I likely would be breaking DPRK law.
Why wouldn't they have the power? Same reason my decree that guns are now banned in the US is not even refuted, but ignored.
4chan has no obligation or even reason to even respond to the UK except as entertainment (this reply was entertaining), and to send a message to the US that (in its opinion) the US government cooperating with the UK on this would be illegal by US law, the only law that matters to the US legal system. Other countries laws only matter insofar as they are allowed by US law. Foreign laws will not get US constitution bypass unless the US constitution itself allows it.
It's as if DPRK demanded to have a US citizen extradited in order to be executed for blasphemy. All that US citizen cares about is to give a heads up to the US that "if these people come knocking, tell them to go fuck themselves".
What is the UK government going to do, send bobbies over to attack 4chan owners with nerve gas on US soil?
What's the alternative? I'm sure there are countries where it's illegal for women to show their faces on TV. Why wouldn't that country have the power to hold any website where women's faces are shown accountable?
On a more depressing note, as is super clear in the US lately, crime is perfectly legal, if your friend (or POTUS you bribed) orders you to not be prosecuted. Or pardons you for being a drug kingpin and mobster ordering murders of innocent people (Ross Ulbricht).
Power ultimately comes from the exercise of violence. The UK cannot exercise state violence on US soil. That's a US monopoly under very harsh penalty. On US soil only US law (or in the case of Trump, lawlessness) can de facto be exercised.
Also, from their reply:
> The infinite character of that power was most famously summed up by English lawyer Sir Ivor Jennings, who once said that “if Parliament enacts that smoking in the streets of Paris is an offence, then it is an offence”. This line is taught to every first-year English law student.
Why should parisians care? Why would France cooperate with enforcing such laws?
If POTUS orders that taking $50k in cash as a bribe is not to be prosecuted, then you won't be prosecuted.
I think you are confusing breaking a law, and enforceability. I agree with the gist of your argument though, the UK cannot _force_ a US only company, but it doesn't change the fact it is breaking UK law.
> I likely would be breaking DPRK law. Why wouldn't they have the power?
They do as a sovereign nation. But what most people seem to be missing is that you're not going to DPRK and the US Government doesn't care so you can go about your life breaking DPRK law as much as you want.
> UK users are accessing US servers to get service.
That's called offering the service to UK users. I don't host my blog in 165 times in each country in order to let people to access my content/services.
> > > UK users are accessing US servers to get service.
> That's called offering the service to UK users.
It is not – not under US law, not under common law (in the UK/Commonwealth).
Under US law and in common law systems generally, a website being merely accessible from country XYZ does not, by itself, constitute «offering a service» into XYZ. Courts look for purposeful targeting of, or meaningful interaction with, users in that place. Mere accessibility is not enough. See [0] for a precedent.
1. The US approach in a nutshell.
a) Personal-jurisdiction basics: a court needs «minimum contacts» that the website operator created with the forum. The US Supreme Court has previously stressed that the plaintiff’s location or where effects are felt is not enough if the defendant did not create forum contacts.
b) The «Zippo sliding scale» test distinguishes passive sites from interactive, commercial ones. Passive presence online generally does not create jurisdiction. See [1] for a landmark opinion.
c) The Fourth Circuit’s ALS Scan test says a state may exercise jurisdiction when the defendant directs electronic activity into the state, with a manifest intent to do business or interact there, and that activity gives rise to the claim. Simply putting content on the web is not enough. Again, see [0] for an established precedent.
2. The common law/European «targeting» idea
a) UK and EU courts apply a similar targeting notion in various contexts. The CJEU in Pammer/Alpenhof held that a site must be directed to the consumer’s member state; mere accessibility is insufficient. UK cases on online IP use also examine whether activity is targeted at UK users. See [2] for an established precedent on the other side of the pond.
b) Data-protection law is also explicit: the GDPR applies to non-EU operators when they offer goods or services to people in the EU or monitor them. Recital 23 and the EDPB’s guidelines list indicators such as using a local language or currency, shipping to the territory, local contact details, and targeted ads. Accessibility alone does not trigger the rule.
To recap, if a US-hosted site simply serves content that UK users can reach, that alone does not mean the operator is «offering a service» to the UK or its citizens under US law or general common-law principles. Liability or regulatory reach typically turns on targeting and purposeful availment, not mere availability. Circle back to [0] for details again.
It's as if DPRK demanded to have a US citizen extradited in order to be executed for blasphemy
Not really. It's more like DPRK messaging a private US citizen directly, repeatedly and incessantly, that they will be executed for blasphemy. Ofcom is not using proper diplomatic channels here.
Why should parisians care? Why would France cooperate with enforcing such laws?
Everyone here seems convinced that Parisians should care about this, because the majority opinion seems to be that it's perfectly acceptable for the UK government to arrest Parisians for having ever smoked a cigarette in Paris, should they set foot on UK soil. I do not agree that this is a defensible application of law.
The question is will France stand for arresting people for smoking in Paris if they travel to the UK. The gonernment of France can allow that or they can retaliate in various ways. Just a diplomatic message is likely enough to make the UK back down - but who knows maybe the two won't agree and go to war.
Perhaps their advice needs expenditure up front - for example if they suggested using blue photocopiers and you only have pink ones. You would have to spend the money on blue photocopiers before you see the return, and before they see their services fee paid?
Per the parent's update, they're overthinking things like how earnouts or how capital budgeting cycles work.
e.g., complaining about having to provision an FTE to manage the earnout doesn't make sense because that should be in the business plan considered for approval. You'd only approve if your NPV is positive, including the FTE overhead.
They had standards for a variety of stuff, including how you architect your own systems to protect against data loss due to a variety of different causes.
Companies big enough will lay the fibre. 50-100 miles of fibre isn't much if you are a billion dollar business. Even companies like BlackRock who had their own datacenters have since taken up Azure. 50 miles latency is negligible, even for databases.
The WTC attacks were in the 90s and early 00s and back then, 50 miles of latency was anything but negligible and Azure didn’t exist.
I know this because I was working on online systems back then.
I also vividly remember 9/11 and the days that followed. We had a satellite dish with multiple receivers (which wasn’t common back then) so had to run a 3rd party Linux box to descramble the single. We watch 24/7 global news on a crappy 5:4 CRT running Windows ME during the attack. Even in the UK, it was a somber and sobering experience.
For backups, latency is far less an issue than bandwidth.
Latency is defined by physics (speed of light, through specific conductors or fibres).
Bandwidth is determined by technology, which has advanced markedly in the past 25 years.
Even a quarter century ago, the bandwidth of a station wagon full of tapes was pretty good, even if the latency was high. Physical media transfer to multiple distant points remains a viable back-up strategy should you happen to be bandwidth-constrained in realtime links. The media themselves can be rotated / reused multiple times.
I’ve covered those points already in other responses. It’s probably worth reading them before assuming I don’t know the differences between the most basic of networking terms.
I was also specifically responding to the GPs point about latency for DB replication. For backups, one wouldn’t have used live replication back then (nor even now, outside of a few enterprise edge cases).
Snowmobile and its ilk was a hugely expensive service by the way. I’ve spent a fair amount of time migrating broadcasters and movie studios to AWS and it was always cheaper and less risky to upload petabytes from the data centre than it was to ship HDDs to AWS. So after conversations with our AWS account manager and running the numbers, we always ended up just uploading the stuff ourselves.
I’m sure there was a customer who benefited from such a service, but we had petabytes and it wasn’t us. And anyone I worked with who had larger storage requirements didn’t use vanilla S3, so I can’t see how Snowmobile would have worked for them either.
Switching gear was slower and laying new fibre wasn't an option for your average company. Particularly not point-to-point between your DB server and your replica.
So if real-time synchronization isn't practical, you are then left to do out-of-hours backups and there you start running into bandwidth issues of the time.
Plus long distance was mostly fibre already. And even regular electrical wires aren’t really much slower than fibre in term of latency. Parent probably meant bandwidth.
Copper doesn't work over these kinds of distances without powered switches, which adds latency. And laying fibre over several miles would be massively expensive. Well outside the realm of all but the largest of corporations. There's a reason buildings with high bandwidth constraints huddle near internet backbones.
What used to happen (and still does as far as I know, but I've been out of the networking game for a while now) is you'd get fibre laid between yourself and your ISP. So you're then subject to the latency of their networking stack. And that becomes a huge problem if you want to do any real-time work like DB replicas.
The only way to do automated off-site backups was via overnight snapshots. And you're then running into the bandwidth constraints of the era.
What most businesses ended up doing was tape backups and then physically driving it to another site -- ideally then storing it an fireproof safe. Only the largest companies could afford to push it over fibre.
To be fair, tape backups are very much ok as a disaster recovery solution. It's cheap once you have the tape drive. Bandwith is mostly fine if you want to read them sequentially. It's easy to store and handle and fairly resistant.
It's "only" poor if you need to restore some files in the middle or want your backup to act as a failover solution to minimise unavailability. But as a last resort solution in case of total destruction, it's pretty much unbeatable cost-wise.
G-Drive was apparently storing less than 1PB of data. That's less than 100 tapes. I guess some files were fairly stable so completely manageable with a dozen of tape drives, delta storage and proper rotation. We are talking of a budget of what 50k$ to 100k$. That's peanuts for a project of this size. Plus the tech has existed for ages and I guess you can find plenty of former data center employees with experience handling this kind of setup. They really have no excuse.
The suits are stingy when it's not an active emergency. A former employer declined my request for $2K for a second NAS to replicate our company's main data store. This was just days after a harrowing data recovery of critical from a failing WD Green that was never backed up. Once the data was on a RAID mirror and accessible to employees again, there was no active emergency, and the budget dried up.
I don't know. I guess that for all intents and purposes I'm what you would call a suit nowadays. I'm far from a big shot at my admittedly big company but 50k$ is pretty much pocket change on this kind of project. My cloud bill has more yearly fluctuation than that. Next to the cost of employees, it's nothing.
> There's a reason buildings with high bandwidth constraints huddle near internet backbones.
Yeah because interaction latency matters and legacy/already buried fiber is expensive to rent so you might as well put the facility in range of (not-yet-expensive) 20km optics.
> Copper doesn't work over these kinds of distances without powered switches, which adds latency.
You need a retimer, which adds on the order of 5~20 bits of latency.
> And that becomes a huge problem if you want to do any real-time work like DB replicas.
Almost no application would actually require "zero lost data", so you could get away with streaming a WAL or other form of reliably-replayable transaction log and cap it to an acceptable number of milliseconds of data loss window before applying blocking back pressure.
Usually it'd be easy to tolerate enough for the around 3 RTTs you'd really want to keep to cover all usual packet loss without triggering back pressure.
Sure, such a setup isn't cheap, but it's (for a long while now) cheaper than manually fixing the data from the day your primary burned down.
Yes but good luck trying to get funding approval. There is a funny saying that wealthy people don't become wealthy by giving their wealth away. I think it applies to companies even more.
In the US, dark fiber will run you around 100k / mile. Thats expensive for anyone even if they can afford it. I worked in HFT for 15 years and we had tons of it.
DWDM per-wavelength costs are way, way lower than that, and, with the optional addition of encryption, perfectly secure and fast enough for disk replication for most storage farms. I've been there and done it.
Assuming that dark fiber is actually dark (without amplifiers/repeaters), I'd wonder how they'd justify the 4 orders of magnitude (99.99%!) profit margin on said fiber.
That already includes one order of magnitude between the 12th-of-a-ribbon clad-fiber and opportunistically (when someone already digs the ground up) buried speed pipe with 144-core cable.
So that's 5 million bucks for 50 miles? If there are other costs not being accounted for, like paying for the right-of-way that's one thing, but I would think big companies or in this case, a national government, could afford that bill.
reply