A few months back I wound up concluding, based on conversations with Ofcom, that aphyr.com might be illegal in the UK due to the UK Online Safety Act. I wrote a short tutorial on geoblocking a single country using Nginx on Debian.

Now Mississippi’s 2024 HB 1126 has made it illegal for essentially any web site to know a user’s e-mail address, or other “personal identifying information”, unless that site also takes steps to "verify the age of the person creating an account”. Bluesky wound up geoblocking Mississippi. Over on a small forum I help run, we paid our lawyers to look into HB 1126, and the conclusion was that we were likely in the same boat. Collecting email addresses put us in scope of the bill, and it wasn’t clear whether the LLC would shield officers (hi) from personal liability.

This blog has the same problem: people use email addresses to post and confirm their comments. I think my personal blog is probably at low risk, but a.) I’d like to draw attention to this legislation, and b.) my risk is elevated by being gay online, and having written and called a whole bunch of Mississippi legislators about HB 1126. Long story short, I’d like to block both a country and an individual state. Here’s how:

A few quick notes for other folks who are geoblocking the UK. I just set up a basic geoblock with Nginx on Debian. This is all stuff you can piece together, but the Maxmind and Nginx docs are a little vague about the details, so I figure it’s worth an actual writeup. My Nginx expertise is ~15 years out of date, so this might not be The Best Way to do things. YMMV.

First, register for a free MaxMind account; you’ll need this to subscribe to their GeoIP database. Then set up a daemon to maintain a copy of the lookup file locally, and Nginx’s GeoIP2 module:

apt install geoipupdate libnginx-mod-http-geoip2

I’ve been wary of Facebook’s privacy settings for a long time. I set mine to the most restrictive possible back when they announced Beacon. Since then they’ve released new features on a regular basis, each of which seems to share information about me without my knowledge or permission. You know what, Facebook? Fuck that.

I even disabled the most recent feature–“instant personalization”, which allowed third party websites to read my information on page load. Yet my friends can still, according to FB, share my info with any third party. Name, picture, gender, city, friend list, pages, and more. I have to explicitly block each and every app that wants my data. I don’t even know how many there are! That “recommend” button? Gives the app access to your data and permission to publish to your feed indefinitely.

Even with instant personalization disabled, CNN.com shows my friends and their profile images on the main page, merged with what CNN stories they liked recently. That’s too much for me.