←back to thread

E.U. Prepares Major Penalties Against X

(www.nytimes.com)
139 points dotcoma | 3 comments | 06 Apr 25 17:47 UTC | HN request time: 0s | source
Show context
rcpt ◴[06 Apr 25 18:37 UTC] No.43603786[source]
The DSA violation was news in 2024

https://arstechnica.com/tech-policy/2024/07/eu-says-elon-mus...

And the EU is right. Elons blue check boosting logic absolutely violated those laws. Other companies played by the rules and made their systems DSA compliant. Elon did not, now he needs to pay.

replies(3): >>43603872 #>>43604085 #>>43604187 #
marris ◴[06 Apr 25 18:46 UTC] No.43603872[source]
I am not familiar with the DSA.

1. Are companies permitted to charge for badges under DSA?

2. Is there an example of another social media that EU officials have identified as being compliant with DSA?

replies(1): >>43604180 #
immibis ◴[06 Apr 25 19:26 UTC] No.43604180[source]
You can read the text: https://eur-lex.europa.eu/eli/reg/2022/2065/oj/eng

If English isn't your native language, that's okay - these are translated into every European language and you can select a translation here.

Article 25, clause 1:

> Providers of online platforms shall not design, organise or operate their online interfaces in a way that deceives or manipulates the recipients of their service or in a way that otherwise materially distorts or impairs the ability of the recipients of their service to make free and informed decisions.

These EU regulations tend to specify policies, not mechanisms to achieve them. Mechanisms to enforce the policy, however, are specified.

They are written like that precisely so you won't try to weasel your way around a requirement. If they had said "verified badges may not be sold" then you would try to say "this isn't a verified badge but a they-paid-us badge." By wording it vaguely, it cannot be weaseled.

And indeed, it is a they-paid-us badge... but it's designed to look identical to the verified badge, on purpose, because Elon knew verified badges were something people wanted, and people wanted them because they were a status symbol, and they were a status symbol because they indicated your account was in some sense more trustworthy than average. And Elon knew that.

I don't know whether people still see the badges that way today. Probably not, because all the sane people deleted their accounts and don't care. But it was the case, when the badges were introduced, that they were designed to trick people who didn't know they were now pay badges. You might think everyone knew that, but that's just because everyone in your bubble knew that because they're very online people. Would your grandmother know it?

replies(1): >>43604297 #
1. gruez ◴[06 Apr 25 19:41 UTC] No.43604297[source]
>They are written like that precisely so you won't try to weasel your way around a requirement. If they had said "verified badges may not be sold" then you would try to say "this isn't a verified badge but a they-paid-us badge." By wording it vaguely, it cannot be weaseled.

It also means enterprising prosecutors and regulators can use it as a cudgel against their opponents. As others have mentioned, the checkmark already meant very little when it came to whether the poster was trustworthy or not. It's like fining Chrome and Firefox for accepting letsencrypt certificates, because previously there was a $10 cost to having a lock appear on your site, and letsencrypt making it free misleads users.

replies(2): >>43607527 #>>43613055 #
2. Incipient ◴[07 Apr 25 04:00 UTC] No.43607527[source]
It's the age old argument of "letter of the law" vs "spirit of the law".

Neither approach is perfect. Personally I prefer the spirit approach as companies will generally do more harm than regulators given some rope.

3. immibis ◴[07 Apr 25 16:10 UTC] No.43613055[source]
It does. I don't think this example is as good as you think, though. You used to have to give out your full legal name and address and have them verified to get an SSL certificate and the lock icon. When any random website could get the lock icon, this did indeed lead to more people typing their passwords into phishing sites, thinking they were real because they had the lock icon, and this was indeed a real problem.

They could have chosen to only show the lock for EV certificates, and show something else, or no icon, for DV certificates, but instead they made a choice that was misleading. Google probably should have been fined for that, but not very much, because it wasn't foreseen. I think Mozilla was still a non-profit at the time.