Comment by owisd

You don't get it. The law is completely different for people and corporations. A corporation has the resources to figure out how exactly the law applies to them and defend that at trial. An individual does not.

It is plainly insulting to say that "adding a report button" is enough, obviously that is false. And investigating how to comply with this law is time consuming and comes with immense risk if done improperly. The fact that this law is new, means that nobody knows how exactly it has to be interpreted and that very well you might get it completely wrong. If a website has existed for 20 years with significant traffic it is almost certain that it has complied with the law, what absolutely is not certain is how complying with the law has to be done in the future.

I do not get why you have the need to defend this. "Just do X", is obviously not how this law is written, it covers a broad range of services in different ways and has different requirements for these categories. You absolutely need legal advice to figure out what to do, especially if it is you who is in trouble if you get it wrong.

But in 2025 the law will change. It is this reason that the site will shut down the day before the law comes in.

I doubt it. While it's always a bit of a gray area, the example for "medium risk" is a site with 8M monthly users who share images, doesn't have proactive scanning and has been warned by multiple major organisations that it has been used a few times to share CSAM material.

Cases where they assume you should say "medium risk" without evidence of it happening are if you've got several major risk factors:

> (a) child users; (b) social media services; (c) messaging services; (d) discussion forums and chat rooms; (e) user groups; (f) direct messaging; (g) encrypted messaging.

Also, before someone comes along with a specific subset and says those several things are benign

> This is intended as an overall guide, but rather than focusing purely on the number of risk factors, you should consider the combined effect of the risk factors to make an overall judgement about the level of risk on your service

And frankly if you have image sharing, groups, direct messaging, encrypted messaging, child users, a decent volume and no automated processes for checking content you probably do have CSAM and grooming on your service or there clearly is a risk of it happening.

That scanning requirement only applies if your site is:

• A "large service" (more than 7 million monthly active UK users) that is at a medium or high risk of image-based CSAM, or

• A service that is at a high risk of image-based CSAM and either has more than 700000 monthly active UK users or is a file-storage and file-sharing service.

> do CSAM scanning if you accept images, CSAM URL scanning if you accept links

Which really should be happening anyway.

I would strongly prefer that forums I visit not expose me to child pornography.

The general risk of being sued is always there regardless of the various things laws say.

I think there’s a pretty decent argument being made here that OP is reading too far in the new rules and letting the worst case scenario get in the way of something they’re passionate about.

I wonder if they consulted with a lawyer before making this decision? That’s what I would be doing.

OP uses they/them pronouns.

Exactly. Adding punitive governance hurdles hinders the small and/or solo.

Those that do whist not seeking financial gain are impacted the most.

Regulatory capture. https://en.wikipedia.org/wiki/Regulatory_capture

>the repercussions for bad actors are fines relative to revenue, 10% if I read correctly, given that the OP has stated that they work off a deficit most of the time, I can't see this being an issue.

From another commenter:

Platforms failing this duty would be liable to fines of up to £18 million or 10% of their annual turnover, whichever is higher.

Part of the issue is that you have to spend time and money to defend an accusation.

Thanks for all your work buro9! I've been an lfgss user for 15 years. This closure as a result of bureaucratic overreach is a great cultural loss to the world (I'm in Canada). The zany antics and banter of the London biking community provided me, and my contacts with which I have shared, many interesting thoughts, opinions, points of view, and memes, from the unique and authentic London local point of view.

LFGSS is more culturally relevant than the BBC!

Of course governments and regulations will fail realize what they have till it's gone.

- Pave paradise, put up a parking lot.

Which of these requirements is, in your opinion, unreasonable?

> The vast majority of the risk can be realised by a single disgruntled user on a VPN from who knows where posting a lot of abuse material when I happen to not be paying attention (travelling for work and focusing on IRL things)... and then the consequences and liability comes. This isn't risk I'm in control of, that can be easily mitigated, the effort required is high, and everyone here knows you cannot solve social issues with technical solutions.

I bet you weren't the sole moderator of LFGSS. In any web forum I know, there is at least one moderator being online every day and much more senior members able to use a report function. I used to be a moderator for a much smaller forum and we had 4 to 5 moderators any time with some of them being among those that were online every day or almost every day.

I think a number of features/settings would be interesting for a forum software in 2025:

- desactivation of private messages: people can use instant messaging for that

- automatically blur post when report button is hit by a member (and by blur I mean replacing server side the full post by an image, not doing client side javascript).

- automatically blur posts when not seen by a member of the moderation or a "senior level or membership" past a certain period (6 or 12 hours for example)

- disallow new members to report and blur stuff, only people that are known good members

All this do not remove the bureaucracy of making the assessments/audits of the process mandated by the law but it should at least make forums moderable and have a modicum amount of security towards illegal/CSAM content.

What agenda do you think the OP is following, and why do you think they'd do so now after their long (~3 decades!) history of running forums? There has been many other pieces of legislation in that time, why now?

I tried to think of an agenda, but I'm struggling to come up with one. I think OP just doesn't want to be sued over a vague piece of legislation, even if it was a battle they could win (after a long fight). Just like they said right there in the post.

It's kind of rude to imply that this is performative when they gave a pretty reasonable explanation.

> or is pretending to feel for some agenda

Assume good faith.

https://news.ycombinator.com/newsguidelines.html

The actual rules are vulnerable to this attack. https://www.legislation.gov.uk/ukpga/2023/50

If you think the attack won't be attempted, you've never been responsible for an internet forum.