> Why can any scammed just create a website without any traceability?

because jurisdictional challenges.

Not to mention that this very same traceability would be abused by some other authoritarian gov't to track down dissidents for example.

There's no real way to systematically have good security, if the human element is the weakest link tbh. Securing windows is not a technical problem, but a social and educational one.

More like no will.

Does the domain/server implements required level? No? Block connection. Dtto email with automatic response.

Is your IP in a botnet? Cut it off.

Edit: I already get blocked connection (on target site) because EU regulation is too onerous. I get reminded on basically every Google search I am being censored (Some results may have been removed under data protection law in Europe).

Completely doable.

> I already get blocked connection (on target site) because EU regulation is too onerous

More like "we want to track every single user coming to our website without giving them the option to not be tracked".

You can serve consent form only to the connections from EU.

I have been part of se several GDPR compliance projects and it's the other stuff that's the problem.

Data protection officer (recurring cost, even though it is only a part of a job, not full time position) , user data deletion and user data take-out. Compliance is not free. If system wasn't designed from the beginning, it's really expensive to add it.

Restore from backup after disaster recovery - make sure you anonymize/delete people who were deleted after backup was made.

BTW, IP address is PII, so...

Honestly, it would be cheaper to buy everyone in EU VPN.

It's actually very simple & cheap to be compliant: stop tracking EU citizens.

> You can serve consent form only to the connections from EU.

Why? While I get that, if tracking is part of someone's business model, they want to track as many people as possible, I doubt it would be illegal to give also people that aren't in the EU the option to not be tracked. If it really would be so expensive to be compliant while also differentiating between users connecting from the EU and users connecting from outside the EU, why not just give everyone the option to choose if they want tracking as a measure to cut compliance cost?

What do you suggest? Bomb even more countries?

You don't need to bomb anyone.

Add IP rules at cables inside and out of let's say EU and block it there.

Same way we deal with any non-compliance thing. You can't import it.

Your server/domain doesn't satisfy requirments. Either the originator complies or not (e.g. through trusted third party).

No geolocation is needed. And even if it was, these are technical problems, inherently solve able.

So far, we are building walls and replacing mortar with a new one, while attackers bombard us with complete impunity. This is never going to work.

This would of course need new extensions /protocols (even simplest would require authentication envelope around encrypted traffic).

The problem is that you think a societal problem can be solved technically.

The whole point is to move from technical solution (i.e. current approach) to legal one.

Not a single response had anything to do with either problem ITA or my comment.

I am not sure if you are troll, 10 y/o or gpt1, but have a nice day.

Quite humble of you to presume anyone who disagrees with your "brilliant" idea has something wrong with their brain.

Do you think people should have to get permission to host a server on the internet?