GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Best way to geo block Texas for Wordpress?

Wautier · 04-30-2024, 12:38 PM

Practically impossible to do so, at least on a technical level, and I will (attempt to) explain why.

Very few ISP's (irregardless of US based or not) will use correct geo locations for their subnets, so for example, if you were to cook up a solution based on MaxMind's data, you would *ONLY* be partially compliant since many ISP's, especially on phone, will assign you an IP address from any subnets, many of which are *NOT* correctly located, and this is true for IPv6 as well, not just IPv4. It takes a while to fix, especially with smaller ISP's who resell, or forget to update geodata.. etc.

Best case scenario here is to have a lawyer draft you a warning page text where the visitor will agree that they are *NOT* accessing the site from within the said jurisdiction(s) and to leave if they do not want to verify their age, but if they already verified their age through something like Onfido, then they would just input a token of some sort, or however you would set it up to work like. This would have to be served for every page view, not just the homepage, otherwise you can't be compliant.

It's worthwhile to check if it would hold any merit, legally speaking..

This is an extremely tricky situation, and it CANNOT be solved through IPv4/IPv6 data alone... so you could (and would) still be fined if the solution isn't implemented properly (relying on IPv4/IPv6 data would leave for a decent amount of cases where the access would still be provided, and if you only serve the warning for the homepage, you would need to make sure it will always show, even if it's a returning visitor.. or someone from TX on a VPN -- you would potentially still be covered legally if they chose to ignore the terms of use).

Other soluton if you don't want to verify the visitor's age would be to move the website from the US and use a foreign virtual office for domain WHOIS and contact info, simply pretending to be a foreign entity.

04-30-2024, 12:38 PM
Wautier Confirmed Pervert Industry Role: Join Date: Feb 2019 Posts: 154	Practically impossible to do so, at least on a technical level, and I will (attempt to) explain why. Very few ISP's (irregardless of US based or not) will use correct geo locations for their subnets, so for example, if you were to cook up a solution based on MaxMind's data, you would ONLY be partially compliant since many ISP's, especially on phone, will assign you an IP address from any subnets, many of which are NOT correctly located, and this is true for IPv6 as well, not just IPv4. It takes a while to fix, especially with smaller ISP's who resell, or forget to update geodata.. etc. Best case scenario here is to have a lawyer draft you a warning page text where the visitor will agree that they are NOT accessing the site from within the said jurisdiction(s) and to leave if they do not want to verify their age, but if they already verified their age through something like Onfido, then they would just input a token of some sort, or however you would set it up to work like. This would have to be served for every page view, not just the homepage, otherwise you can't be compliant. It's worthwhile to check if it would hold any merit, legally speaking.. This is an extremely tricky situation, and it CANNOT be solved through IPv4/IPv6 data alone... so you could (and would) still be fined if the solution isn't implemented properly (relying on IPv4/IPv6 data would leave for a decent amount of cases where the access would still be provided, and if you only serve the warning for the homepage, you would need to make sure it will always show, even if it's a returning visitor.. or someone from TX on a VPN -- you would potentially still be covered legally if they chose to ignore the terms of use). Other soluton if you don't want to verify the visitor's age would be to move the website from the US and use a foreign virtual office for domain WHOIS and contact info, simply pretending to be a foreign entity.