>As a good faith question - if you were an American, how would you create a site or service for a domestic audience without insulting the rest of the world?
First I would say that I don't think I've been, or particularly seen others, be offended by sites that are clearly targeted at a US/North American audience while still being more widely accessible. Usually I am happy that being an English speaker gets me access to a wider set of things on the internet than would otherwise be specifically targeted for where I live. I'd say this is fairly true up until the scale of a company with international presence and operations.
Yes there is going to be some vocal minority who behave in an entitled manner and loudly complain that something didn't meet their personal expectations, but this is a small minority and not representative of the wider English-using-international audience.
If a site is open and upfront about what they are doing then I wouldn't have any issue. Examples might be using geolocation to restrict access or just having some note making clear that 'this service is for X, use it elsewhere at your own risk'.
A good example of this is the range of approaches different sites have taken to GDPR compliance (or that awful cookie law compliance!) following its implementation by the EU and the non-EU countries that have adopted it.
Some non-EU sites (possibly based in the US but also plenty of others elsewhere) have used geolocation to restrict access from the EU, others have implemented those consent banners, others have done nothing. However I don't think it is reasonable to blame a company doing any of these, ultimately we are benefitting from the protections the new law provides - if we don't like the wider implications of that then we need to take that up with our lawmakers, not a foreign company located somewhere with their own set of data protection laws.
The change for me occurs when a company is an international entity. I realise this is a bit of a grey line as to what defines this, but hopefully we'd all agree that FAANG meets this definition. When you're actively engaged with international markets and generating significant revenue in countries around the world I think it is a reasonable expectation that you either: a) make services culturally and linguistically localised; or b) more carefully target a service to some specific regions.
TLDR - at a small scale, if you are open & clear about your intentions I don't think you need to worry about 'insulting the rest of the world' - if you get significant traction in another country you should probably open a dialogue with that user base to understand their views.
>And I’ll ask you how in the world a visitor to my website is supposed to know or care whether my site is hosted in the US or EU. I’m not even 100% sure myself.
Pretty sure we'll see indicators for that in browsers in the foreseeable future. The internet will be a much more zoned-space in the future, so much seems obvious.
> You do realize the vast majority of websites don’t even have customers, right?
Those should only apply to users accessing from those nations
It is a complex issue for a global company for sure, but I do not want the internet to be censored down to the lowest common denominator of Government regulations.
A Person in nation X should not have to be censored under the laws of nation Y
> But consider the implications. Firms hosting content from a particular country would be subject to court orders from every country. That would not end well.
They already are if they target users in a given country. Lack of international enforcement just means that they might escape enforcement. See also GDPR, the US case against Mega, a company run by a NZ resident and incorporated in Hongkong IIRC. See also how Twitter blocks certain tweets in certain countries lest they’re blocked completely. Same holds true for Facebook. Google censors certain autocomplete and searches in some countries. They also adhere to the EU “right to be forgotten” regulations - despite being an US company.
>If I run, say, a porn site, hosted in the US, as a US company, is it my responsibility to prevent users in a country where pornography is illegal from using my sit
Actually you have in most cases as trade agreements and various treaties usually provide the framework to extend laws and regulations between countries.
Gambling sites for example wether they are run from the UK, Malta or CAR explicitly block US users due to US laws which prevent online gambling.
If you are running a gambling site even in some 3rd world non extradition country if you do not respect the UIGEA you'll be sanctioned and an arrest warrant will be issued faster than you can say poker stars.
> If so, does it mean that, as a hypothetical website owner, I need to understand and be compliant with every law in every possible country, or risk fines / imprisonment?
This has literally always been the case. Some nations have legal statutes that they will not enforce a foreign judgement against their own citizens (such as the US shield against UK libel judgements) but you're on your own if you leave your country of residence. Plenty of US newspapers still block access to the UK of stories they feel legal risk from for example, because their owners would like to go on holidays sometimes.
Extra territorial enforcement is a lot more muddy than people think, but it's never, ever been the case that you're fine if you're incorporated in a different territory. If they can demonstrate that there's a body of people in their country accessing the site, then generally you are liable. It's just if the legal system considers that to be too much of a pain to worry about.
> But if the US starts demanding data localization, the Internet is fucked.
Not... really? The internet (defined as the infrastructure and non-commercial websites) will be fine.
Corporations that collect and monetize data will just have to jump through more hoops (and many already do this because of the GDPR and Europe's general feelings about personal data). So they'll be fine too, even if they gripe a bit about it.
The only folks who would really be hurt would be small developers, because their potential audience will be limited until they take advantage of foreign hosting and segmenting their user's data. In the end, they'll probably be fine to, even if their growth is stunted while they comply with laws (and ultimately, the wishes of their customers).
> It seems strange to me to have this enforcement of policies from countries that are not my own just because my website is accessible from those countries.
If you open shop in a different country, you follow their laws. Your website being accessible in a country is seen as the same thing. It's not hard to implement geo blocking if you want to show best effort and thereby opt out of it.
> If you accept one connection from a user in some country, you are doing business in that country.
I disagree with this. I have an open port at 80 and 443 and whoever wants to connect to it can do so. If my server is physically in the US, it only needs to obey US laws. If someone is violating their country's (weird) laws by visiting the server, that's that person's problem.
It's not my job as a developer, website host, or business owner, to for example ink out photos of women because Saudi law requires that. It's not my job to remove references to the Tiananmen incident. Those countries can, if they would like to, censor my website at their borders with a firewall, I don't care. It's not even my job to track down where your IP address is physically located. I couldn't care less about your IP. You could be using a VPN, for all I know.
Iran or China has issues with my website? They'll block it. Problem solved. I don't have to think about it too much. They do the work for me.
EU has beef with my website? Go ahead, you block it too, I don't care. I'll grab some popcorn and sit back and watch how your citizens react. (hee hee)
> And much more uncontroversially, if you are accepting payments from someone in another country, then you are definitely doing business in that country.
I disagree with this, as well, if those payments are coming from individuals and not businesses. If an individual in Germany flies over to the US and buys something from me, they are subject to US laws in that transaction. They are subject to German laws when they take that thing back. But in NO part of the entire process am I subject to German laws.
That doesn't change if "flies with an international flight" changes to "travels virtually via an international TCP connection".
> We need to have a conversation about jurisdictions in the digital age. The way governments have decided that having a website accessible in a country makes you liable to respect the law of this country is a convulted and hacky notion that has been accepted way too fast.
You know if you turn that around and say "How come we have to respect the laws of every country we do business in?" it sounds a lot more self serving.
Nobody said your website had to serve Californians. Nobody said your iPhone game has to be accessible in North Korea. Nobody said your movie has to be viewable in China.
If you're intending to serve any product to an entire planet composed of nations, states, societies all pulling from different experiences, different cultural attitudes, I think expecting a completely friction-free experience in doing so is more than a little unreasonable.
And more to the point that this particular discussion is about, these are principles that pretty much every society could reasonably get behind. Sorry that means mining data isn't a solid business model anymore, but I'm also not even remotely sorry. Adtech should die. It's a blight on our society.
> Don't you consider a website in German, accessible from Germany, which looks totally legal for most Germans as some kind of legal presence in Germany?
No.
The site is created in some set of locations, and is hosted on servers in some set of locations. If none of those locations is in Germany, Germany has no personal jurisdiction.
(At least under US law, which is what counts when it comes to enforcing judgement against someone in the US.)
> If said company only does business in Canada i see no reason for them to be accountable to the US, Germany or China.
So, to be clear, you are explicitly arguing for the case where the internet should be siloed on a country-by-country basis unless participants are willing and able to establish a legal business presence in every country they’re accessible from? That’s what “doing business” means on the internet.
> Why should foreign companies be entitled to enter a country and break said countries laws?
Sending packets over the internet isn’t “entering a country”.
> The absolutely first thing I do at every company and on every project is ask if I can block russia, china and belarussian IP space
Sorry for the language, but fuck that attitude. I don't live in any of these countries, but I used to live in a large European one that still regularly gets blocked by US sites for no fathomable reason.
Maybe you should try using the internet from a VPN location outside the US to see how fun that is as a paying customer of the sites that are blocking you for your crime by association (if temporary physical presence can even be called that).
One time I couldn't even unsubscribe from a VOD streaming service that I had been subscribed to while on an assignment in the US once I was back in Europe because their entire website was just a big geoblocked mess, including account/subscription management. Of course they were still happy to take my money! Less egregious but still infuriating: OMNY, New York's open-loop transit payment system, just outright blocks me when trying to access my account from Europe. Have the people ever considered the scenario that a visitor might use their service and later need the receipts for e.g. an expense report? Sure enough, London's TfL does the same thing for the US.
I can't wait for the day that the decision makers responsible for this insanity get stuck on a business or holiday trip like that and realize how annoying this is – or even better, realize that things like VPNs and botnets exist and can obscure the source of any Internet traffic...
> Am I correct in assuming this is only a US problem?
Yes and no. The direct effect is on US consumers, but because of how much of the money made from internet content and online services is from US consumers, it likely has a very significant indirect effect on global competition.
> in most parts of the world people trust their local ISPs more than giant US corporations
On what is this assertion based on?
I'm part of this world and I'm not a US citizen. I do not trust my local ISP, because they log and report traffic to local security agencies. It's bening at this point, tracking illegal activities, but they can connect whatever I do with my real name and address.
If I were to guess, in most parts of this world people don't have freedom of speech and fear repercussions from their government for their online activity.
The profiling that US companies do for serving better ads is essentially a first world problem, and a pretty irrelevant one for most people.
Also if we had such deep mistrust in US companies, first of all we shouldn't be using devices and operating systems built by US companies.
Why US only? Are there significant challenges into opening this platform to internationals? I always thought it was simpler (less taxes to deal with, etc).
First I would say that I don't think I've been, or particularly seen others, be offended by sites that are clearly targeted at a US/North American audience while still being more widely accessible. Usually I am happy that being an English speaker gets me access to a wider set of things on the internet than would otherwise be specifically targeted for where I live. I'd say this is fairly true up until the scale of a company with international presence and operations.
Yes there is going to be some vocal minority who behave in an entitled manner and loudly complain that something didn't meet their personal expectations, but this is a small minority and not representative of the wider English-using-international audience.
If a site is open and upfront about what they are doing then I wouldn't have any issue. Examples might be using geolocation to restrict access or just having some note making clear that 'this service is for X, use it elsewhere at your own risk'.
A good example of this is the range of approaches different sites have taken to GDPR compliance (or that awful cookie law compliance!) following its implementation by the EU and the non-EU countries that have adopted it.
Some non-EU sites (possibly based in the US but also plenty of others elsewhere) have used geolocation to restrict access from the EU, others have implemented those consent banners, others have done nothing. However I don't think it is reasonable to blame a company doing any of these, ultimately we are benefitting from the protections the new law provides - if we don't like the wider implications of that then we need to take that up with our lawmakers, not a foreign company located somewhere with their own set of data protection laws.
The change for me occurs when a company is an international entity. I realise this is a bit of a grey line as to what defines this, but hopefully we'd all agree that FAANG meets this definition. When you're actively engaged with international markets and generating significant revenue in countries around the world I think it is a reasonable expectation that you either: a) make services culturally and linguistically localised; or b) more carefully target a service to some specific regions.
TLDR - at a small scale, if you are open & clear about your intentions I don't think you need to worry about 'insulting the rest of the world' - if you get significant traction in another country you should probably open a dialogue with that user base to understand their views.
reply