Bullshit @thenexusofprivacy

It's impossible, a manager woln't fix that which his livelyhood depends upon remaining broken. Go blow smoke up someone else's ass you pearl clutching PR douchbag.

Mastodon says it doesn’t ‘have the means’ to comply with age verification laws

https://techcrunch.com/2025/08/29/mastodon-says-it-doesnt-have-the-means-to-comply-with-age-verification-laws/

Oh dear. In my article I had mentioned that the Fediverse's strategy of flying under the raadar has mostly worked out so far, but going forward it'll depend on how aggressive the regulators get. Saying "we can't comply with your laws" is a good way to get regulators to be more aggressive!

More positively, though, great reporting from @Sarahp on TechCrunch.

@fediversenews

#mastodon #ageVerification #ActivityPub

@thenexusofprivacy @Sarahp @fediversenews the techcrunch article is framed so poorly. "Mastodon" isn't a single entity, nor is the fediverse. Each server operator has "The Means" to comply or not comply, but the developer of the open source software does not have "The Means" to make all instances that run its software comply with this.

@thenexusofprivacy @Sarahp @fediversenews

This article makes as much sense as claiming that IRC, XMPP, or Matrix "cant comply because it doesn't have the means to."

Agreed that the fediverse isn't a single entity, I thought @laurenshof's discussion in https://connectedplaces.online/reports/fediverse-report-131/ was quite good at that. And "Mastodon" isn't a single entity either, but in this case it's a statement about every server running Mastodon software:

"the Mastodon software doesn’t support it"

In other words, the developer of the Mastodon open source software has chosen not to give server operators the means to comply.

@erin @Sarahp

@thenexusofprivacy @laurenshof @Sarahp comply in which way? geo blocking or built in age verification?

To be clear I'm not objecting to Mastodon gGmbH's policies here, or even the choice not to provide the functionality, my concern is really with the framing. It's making it very easy for regulators to go after Mastodon instances they don't like and press the app stores to drop the Mastodon app.

@erin @Sarahp

@erin ask Eugen, he said it not me lolsob. it seems like he might have been talking specifically about age verification but not sure. it doesn't have to be built in, it could be an approach like "if server operators choose to use age verification software we provide the means to store the information" (or whatever)

@thenexusofprivacy IMO that can be handled pretty well. I make registration approval required, and require the person who applies go through some verification process. Then, in the admin panel, I can set admin only notes about that user, like a unique ID for the entry in some other software that stores their verified ID.

Yes, an external tool would be required to store that information, but it seems like everything you need on the Mastodon side exists for it.

Is this great? not at all, but its a process problem not a technical one IMO.

@erin i agree -- it's not clear whether that would be enough to satisfy the Online Safety Act, but the Mississippi law just requires "commerically reasonable efforts" which that probably is for a small site so it might well be okay.

So it's a great example of where Mastodon gGmbH could have said "server operators can apply the mthods of age verification that are right for their situation, we' provide the means for them to record information in the system if they choose to do so, the sites our org runs don't do that." But they didn't!