Utah SB 73 (effective May 6) bars age-verified sites from discussing VPN workarounds and requires enforcement against Utah users regardless of virtual location.
Key Takeaways
Sites covered by Utah’s age verification law face two bad options: gate all users or block VPN IP ranges, both costly and technically incomplete.
Blocking VPN IPs is an arms race; providers rotate addresses, so enforcement requires continuous re-blocking with no stable resolution.
Forbidding websites from even explaining VPN use is a probable First Amendment violation, though litigation will decide.
The liability hook is geolocation-agnostic: if a Utah minor bypasses via VPN and a site grants access, the site is liable.
A Wisconsin total-VPN-ban proposal failed, but Utah’s indirect approach achieves similar chilling effects without crossing that line explicitly.
Hacker News Comment Review
Commenters question jurisdictional scope: which sites are actually “subject” to the law – Utah-hosted, Utah-ISP-served, or any site accessible in Utah?
Skepticism runs high that enforcement is technically feasible at all; VPN traffic can be disguised as regular HTTPS, making IP blocklists easy to circumvent.
Some commenters favor a hardball response – sites voluntarily geoblock Utah entirely – arguing coordinated refusal would kill these laws faster than litigation.
Notable Comments
@jmclnx: argues sites should block Utah entirely; already dropping services that added age gates without legal pressure.
