| ▲ | aspenmayer 16 hours ago |
| This was all I could find, but it actually may be related? https://www.justice.gov/opa/pr/justice-department-implements... > As explained in NSD’s Data Security Program Implementation and Enforcement Policy Through July 8, 2025, NSD will not prioritize civil enforcement actions against any person for violations of the Data Security Program that occur from April 8 through July 8, 2025, so long as the person is engaging in good faith efforts to comply with or come into compliance with the Data Security Program during that time. These efforts include engaging in compliance activities described in that policy, such as amending or renegotiating existing contracts, conducting internal reviews of data flows, deploying the CISA security requirements, and so on. > At the end of this 90-day period, individuals, and entities should be in full compliance with the DSP. This policy does not limit NSD’s lawful authority and discretion to pursue civil enforcement if entities and individuals did not engage in good faith efforts to comply with, or come into compliance with, the Data Security Program. |
|
| ▲ | rafram 13 hours ago | parent | next [-] |
| > the Data Security Program establishes what are effectively export controls that prevent foreign adversaries, and those subject to their control, jurisdiction, ownership, and direction, from accessing U.S. government-related data and bulk genomic, geolocation, biometric, health, financial, and other sensitive personal data How do you think this could be related? |
| |
| ▲ | aspenmayer 13 hours ago | parent [-] | | >> the Data Security Program establishes what are effectively export controls that prevent foreign adversaries, and those subject to their control, jurisdiction, ownership, and direction, from accessing U.S. government-related data and bulk genomic, geolocation, biometric, health, financial, and other sensitive personal data > How do you think this could be related? I didn't quote that when I said it may be related. I have some ideas of my own, but I just want to be clear so that I'm not being held to account for things I never said. How do you think it may be related? People in other threads on this post were saying that Glitch was being used by bad actors, and if Glitch was aware of this or reasonably should be, then they would likely have issues with complying with audits for compliance with the new order, I would think. | | |
| ▲ | rafram 13 hours ago | parent [-] | | You linked to that announcement. I quoted the most substantive section explaining what the DSP is. Reading that description, it’s pretty clear that it has absolutely nothing to do with Glitch (or Pocket). Glitch isn’t a data broker. | | |
| ▲ | aspenmayer 13 hours ago | parent [-] | | > You linked to that announcement. I quoted the most substantive section explaining what the DSP is. Reading that description, it’s pretty clear that it has absolutely nothing to do with Glitch (or Pocket). Glitch isn’t a data broker. If anonymous people are abusing free tiers on Glitch, it's hard to say if some of those bad actors are also foreign adversaries. People will make C2C infra out of anything these days, and even if they were making a net profit on the whole enterprise, which remains to be seen, perhaps the costs of compliance for Glitch (or Pocket) were not worth paying. I went out of my way to do original research for HN, and made a case for why I think the results are respondent to the original query as asked. I think that it's likely that the new parent company of Glitch, Fastly, is subject to the DSP, and that obligation probably extends to their subsidiaries. Same for Pocket and Mozilla. It's clear to me that this situation deserves further study. | | |
| ▲ | x0xrx 13 hours ago | parent [-] | | I tried to read up on this DSP thing and was immediately lost. How do I know if I need to comply? What does compliance look like? The FAQ is 100+ questions long! It feels likely that it could apply to any company that draws the current administration’s ire. I agree it’s very reasonable to imagine that legal departments across tech are worrying, and might consider shutting down — especially if they are already losing money. | | |
| ▲ | aspenmayer 9 hours ago | parent [-] | | > How do I know if I need to comply? What does compliance look like? These are questions for your lawyer, and if they don't have good answers, questions for your new lawyer. If you don't have a lawyer yet, there's your problem. |
|
|
|
|
|
|
| ▲ | evan_ 13 hours ago | parent | prev [-] |
| If it was a legal compliance thing they wouldn’t wait until the very last day to do it in case something went wrong |
| |
| ▲ | aspenmayer 12 hours ago | parent [-] | | Or, to another reading, they are making every and all good faith effort to comply by ceasing business operations entirely. Why else is this announcement so strangely worded and timed? | | |
| ▲ | evan_ 4 hours ago | parent [-] | | but if they were going to have to pay a fine if they operated past x date they'd want to shut down a week before x date just in case everyone who was in charge of flipping the switch was sick on July 8 | | |
| ▲ | aspenmayer 4 hours ago | parent [-] | | It wasn’t my idea to look into this, I’m just reporting what I’ve found and my thoughts about it, which are speculative in nature. |
|
|
|
