Decentralized social network Mastodon says it can’t comply with Mississippi’s age verification law — the same law that saw rival Bluesky pull out of the state — because it doesn’t have the means to do so.
The social non-profit explains that Mastodon doesn’t track its users, which makes it difficult to enforce such legislation. Nor does it want to use IP address-based blocks, as those would unfairly impact people who were traveling, it says.
The situation does seem quite desperate. I’d like to heed your call. Please advise on most critical systems I should have ready right now today please. I know have a lot of work to do and must stay efficient
If the internet were fully controlled, you’d need mesh networks - DIY, decentralized networks using radios, local connections, or other alternative infrastructures. I don’t know all the details, but Yggdrasil is a promising modern project that functions as an alternative “internet” for mesh networks, while also working over the regular internet.
Within the normal internet, the most resilient solution against heavy censorship is probably Shadowsocks. It’s widely used in mainland China because it can bypass full-scale DPI (deep packet inspection) by making traffic look like normal HTTPS. There are ways for authorities to detect it, and there are counter-methods, but it remains one of the most reliable tools for evading state-level traffic filtering.
Next in line are Tor and I2P. Both are very resilient, and blocking them completely is difficult. It’s a continuous cat-and-mouse game: governments block some bridges or entry nodes, but new ones appear, allowing users to reconnect.
Finally, regular VPNs are useful but generally less resilient. They’re the first target for legal restrictions and DPI filtering because their traffic patterns are easier to detect.
Overall, for deep censorship resistance, it’s a hierarchy: mesh networks > Shadowsocks > Tor/I2P > standard VPNs. You can ask chatbots about any of these and usually get accurate, practical advice because the technical principles are public knowledge.
Couldn’t the US hypothetically put a clause in some ‘online safety’ law conveniently deanonymizing Tor given they own most of the exit nodes?
Owning a lot of Tor exit nodes doesn’t automatically deanonymize users. Exit nodes only see the traffic as it leaves Tor toward the clearnet, not the original sender. To actually identify someone, you’d need to match their traffic entering the network with the traffic exiting - a correlation attack - which requires visibility on both ends. The US doesn’t “own most exits” either; the network is run by many independent operators, and the Tor community actively monitors for malicious relays. Even if a law forced US exit operators to log everything, that alone wouldn’t deanonymize anyone unless combined with large-scale surveillance of entry traffic, which is extremely resource-intensive and not guaranteed to work. In practice, governments can make running exits legally risky, but they can’t just legislate Tor anonymity away.