Comment by nerdile
4 months ago
Summary: The UK has some Online Safety Act, any websites that let users interact with other users has to police illegal content on its site and must implement strong age verification checks. The law applies to any site that targets UK citizens or has a substantial number of UK users, where "substantial number" is not defined.
I'm going to guess this forum is UK-based just based on all the blimey's. Also the forum seems to have been locked from new users for some time, so it was already in its sunset era.
The admin could just make it read only except to users who manually reach out somehow to verify their age, but at the same time, what an oppressive law for small UK forums. Maybe that's the point.
IANAL
> any websites that let users interact with other users has to police illegal content on its site and must implement strong age verification checks.
But I believe you only need age verification if pornography is posted. There's also a bunch of caveats about the size of user base - Ofcom have strongly hinted that this is primarily aimed at services with millions of users but haven't (yet) actually clarified whether it applies to / will be policed for, e.g., single-user self-hosted Fediverse instances or small forums.
I don't blame people for not wanting to take the risk. Personally I'm just putting up a page with answers to their self-assessment risk questionnaire for each of my hosted services (I have a surprising number that could technically come under OSA) and hoping that is good enough.
I believe you only need age verification if pornography is posted
But if you let users interact with other users, you're not in control of whether pornographic material is posted, so it's safer to comply beforehand.
I commend you for keeping your site up and hoping for the best. I don't envy your position.
> Ofcom have strongly hinted that this is primarily aimed at services with millions of users but haven't (yet) actually clarified [...]
This has echoes of the Snooper's Charter and Apple's decision to withdraw ADP from all of UK.
It is not enough for regulators to say they won't anticipate to enforce the law against smaller operators. As long as the law is on the books, it can (and will) be applied to a suitable target regardless of their size.
I saw this this same bullshit play out in Finland. "No, you are all wrong, we will never apply this to anything outside of this narrow band" -- only to come down with the large hammer less than two years later because the target was politically inconvenient.
I geo-block UK visitors on all of my websites. It's sad but the safest solution.
why? if you're located elsewhere you can literally just ignore UK/EU law. they don't have jurisdiction over you; worst-case scenario is probably them ordering ISPs to block your site.
7 replies →
What if a large number of brits access your websites from a different country? :-/
It's for 7 million active UK users per month. https://www.ofcom.org.uk/siteassets/resources/documents/onli... - definition on page 64.
That's quite sizeable. How many sites can you name have 7 million monthly active UK users? That's over one-in-ten of every man, woman and child in the UK every month using your site.
Yes, the actual draft doesn't really add many requirements to non "large" services, pretty much having a some kind of moderation system, have some way of reporting complains to that, and a filed "contact" individual. I note it doesn't require proactive internal detection of such "harmful" content that many people here seem to assume, just what they already have 'reason to believe' it's illegal content. Even hash-based CASM detection/blacklisted URLs isn't required until you're a larger provider or a file share product.
It just seems like an overly formalized way of saying "All forums should have a "report" button that actually goes somewhere", I'd expect that to be already there on pretty much every forum that ever existed. Even 4chan has moderators.