eSafety wants X to block VPN users from seeing stabbing video – Security – Software


The eSafety Commissioner has said that visual depictions of the Wakeley church stabbing should be blocked for users connecting to X via a virtual private network (VPN).



X Corp’s San Francisco headquarters. Source: Elon Musk’s X account.

The solution was raised in documents filed to the Federal Court two weeks after an interim content ban requiring the US-based company to remove the video from its entire global platform was lifted.

Although, the judgment on how eSafety’s order should be enforced during the lead-up to the injunction rejected that in “the circumstances of the present case” X must remove the content from “every country where its servers are located”, it did not rule on the restriction measures X must comply with if the court ultimately rules the footage is illegal.

Making the content “not available to end users… who appear to be using a VPN” [pdf] was another step that X could take to restrict the content from Australians, the new submission said. 

The content restriction measure was noted to demonstrate that X did not take all reasonable steps to comply with the order by geofencing the content.

The submission added further “reasonable steps” that X could have taken.

This included “restricting the material to prevent it being accessed by a user who is not logged into the X platform.”

The court filing also flagged that eSafety will argue at the injunction that X must “restrict the discoverability of the material from appearing in any search results or on any X feed on the X service.”

Crucially, between now and the July 24 injunction hearing, the court will go through the discovery process. eSafety will argue that X must release documents that shed light on its blocking architecture and capabilities. 

In defining the new “reasonable steps” to complying with the removal notice, eSafety states that the material must be blocked when “on the basis of information reasonably available to X Corp” the user is connected to the platform via a VPN: “further details of which are to be provided following discovery.”

The extent to which the VPN-resistant restriction would impact X’s users outside of Australia depends on how much data X has about its users.

If X cannot determine a user’s location without their IP address, X users outside of Australia who want to hide their IP address would be forced to log off their VPN if they also want to view the content banned in Australia. 

X may have enough geolocation data about its users to only enforce the VPN-based block on Australian users by identifying them by their account rather than their IP address; provided they are not a pseudonymous account holder that has only ever accessed the platform through a VPN. 

However, assuming X has retained the user data required to implement the geographic VPN-block, it could make every effort to argue that the scale and categories of its data holdings are exempt from discovery on security, commercial confidentiality or other grounds. 



Source link