https://lobste.rs/s/ukosa1/uk_users_lobsters_needs_your_help_with Active Recent Comments Search Login Login 1. 335 UK Users: Lobsters needs your help with the Online Safety Act announce pushcx avatar authored by pushcx 1 month ago | 184 comments 184 Hey folks, The UK's Online Safety Act is scheduled to take effect on March 16, 2025. Lobsters can't comply with it and needs your help to avoid having to geoblock the UK. The Online Safety Act regulates most sites where users can interact with each other. The law explicitly claims authority over all forums with visitors located in the UK, regardless of where they are hosted or the nationality of their owners. As a practical matter, Lobsters can't comply. The OSA is written for commercial sites far bigger than this non-commercial, hobbyist forum. The regulator's statements include many long, cross-referenced legalese documents (an incomplete sample, because I can't find a directory): 1 2 3 4 5. Sites are required to produce lengthy documentation about their features, practices, and risks - both up-front and as they moderate. Attempting to understand which sections apply and how to comply would be a huge project. Doing so correctly would require legal advice we can't afford. The cost in time and money to implement the bureaucratic processes it demands also outstrip a hobbyist forum. There's also an ideological matter, that Lobsters is not a UK entity or operated in its jurisdiction. The OSA isn't written to directly regulate the UK's occupants, it exerts authority over non-UK maintainers of sites that UK occupants read. Even if the OSA was proportionate and reasonable, complying would encourage every jurisdiction to write similarly broad laws. The OSA's civil penalties run up to $22 million USD, and it includes also criminal penalties. While poor and despotic countries have written laws to curtail freedom of speech internationally online (usually a broadly over-enforced "no criticizing the rulers"), as a practical matter those have been vanishingly unlikely to be enforced against Western citizens. Because the UK is wealthy, powerful, and threatening large penalties, I can't ignore the risk that the UK attempts to enforce the law against Lobsters, perhaps to make a political point against American Big Tech as promised by the regulator. So the current, bad plan is that Lobsters will geoblock the UK before the law takes effect on March 16. While the inaccuracy of IP databases and availability of VPNs mean that this can't be perfectly accurate, unambiguously blocking UK occupants as effectively as we can is the only course I see to substantially reduce the risk the OSA is enforced against the site. UK users, we need you to please help improve this situation. You have the local knowledge and political representation needed to address the OSA. I can see a couple courses of action that would sufficiently mitigate the risk: * Some kind of guidance or waiver from the implementing regulator Ofcom that this law won't apply to Lobsters individually or as a class of non-UK, small, and/or noncommercial forums. * Delay or cancellation of the Parliamentary approval required for the regulator's guidance to be adopted into legal effect, at least until something like the previous option can happen. * Legal advice from a UK lawyer that the law does not apply to Lobsters for some plausible reason. * A statement from the US Department of State that it does not believe the law applies to American entities and a commitment to defend them against it. * Something else I haven't thought of that would greatly reduce the risk the OSA is enforced against Lobsters. I'm reaching out to people I know who also run sites that will be affected by the OSA, in and out of the UK, to ask how they're handling this. I'm also reaching out to organizations that focus on online rights like the EFF and ORG. I'll post update in the comments below so this story will be the best single resource to watch for news. There's more background info and thoughts in the story on LFGSS shutting down, previous and today's office hours streams, which include searchable transcripts. There are a lot of distracting off-topic rabbit holes here like recent political events, international diplomacy, defining "free speech", pretending to practice UK law, and many more - please do try to stay focused on the existential problem at hand. Thanks for your help, * Peter [ ] [ ] [ ] [ ] 1. [ ] [Post] Preview 2. 1. [ ] 75 skade avatar skade edited 1 month ago I'm now a bit unhappy that I did actually read the documents last time this came up, but didn't write down my off-the-cuffs assessment. For context, I've done some GDPR-Compliance related stuff before. The first thing to look for in those documents is the thresholds and IIRC, lobste.rs is below all thresholds. Below those, a lot of things become relatively tame or already exist. E.g. you need to have a content policy (lobste.rs has one) and you need to present that you can remove illegal content on need. All of those exist. It's similar to the GDPR: a lot of the things look daunting until you figure out that you're actually out of scope. All that being said, no one is helped with 5 40 page PDFs for running an international service, so I would totally understanding if you just blocked the UK. I did a quick review as a refresher. This is the most important document for you: https://www.ofcom.org.uk/ siteassets/resources/documents/online-safety/ information-for-industry/illegal-harms/ illegal-content-codes-of-practice-for-user-to-user-services.pdf? v=387711 Note that "recommended" does not mean all of them need to be implemented. However, at a quick glance, lobste.rs is neither a large service, nor a multi-risk service (none of the content deemed a risk is discussed here), so a lot of the heavy-hitters do not apply. We do have a content policy, and we do have a legally responsible person and a path to report illegal content. There's no need for documenting all this at a higher level. 1. [ ] 31 mordae avatar mordae edited 1 month ago I thought so as well, having worked for a MEP. Well, I've started to read the actual law and OH MY GOD, what a mess! Are all UK laws written in this impenetrable style? With multiple levels of outlining and gotos that criss-cross the document? GDPR can be read and grokked in a day. But this? Like this for instance: (1) Subsections (2) to (4) apply to determine which of the duties set out in this Chapter must be complied with by providers of regulated search services. (2) All providers of regulated search services must comply with the following duties in relation to each such service which they provide-- Why the hell do you include (1) if you scope (2) to (4) appropriately anyway? Was it an actual intention to make this into as long as possible read? Was author paid by word? (3) Additional duties must be complied with by providers of particular kinds of regulated search services, as follows. Oh god, kill me now. Yes, captain obvious, that's what legislation is supposed to do. I am holding my breath, I am literally reading the law here, the suspense is killing me, do tell, what are the duties of various kinds of search service providers? (4) All providers of regulated search services that are likely to be accessed by children must comply with the following duties in relation to each such service which they provide-- (a) the duties about children's risk assessments set out in section 28, and (b) the duties to protect children's online safety set out in section 29(2) to (8). Another GOTO? Are you kidding me? I give up, just block UK. 1. [ ] 22 yawpitch avatar yawpitch 1 month ago Writing laws like this is a post-Brexit cottage industry, and ensures the perpetual employment of both civil servants and lawyers. 1. [ ] 4 mordae avatar mordae 1 month ago Ah, because they are not spending their time harmonizing, they must do something. I understand. Sigh. 2. [ ] 18 lim avatar lim 1 month ago Oh yeah, strong agreement from me. The ethics module in my CS undergrad had us reading both British and EU legislation. The British was no doubt the most confusing -- worse than the ancient French texts we were reading (in French). 3. [ ] 7 teymour avatar teymour edited 1 month ago I think that a lot of what the Online Safety Act implements is overzealous and there's a big mismatch between the stated aims, and what the legislation will achieve. I'm not sure the quality of the drafting is really the issue. GDPR can be read and grokked in a day. I think this is a misconception and possibly a case of Dunning Kruger - just because you read a legal text and think it means X doesn't necessarily mean that other people will, or (worse) that a judge will believe your interpretation. Further, these acts tend to be pinned down in case law, which is important to understand and can materially change the nature of what certain acts mean. For example, EC261 provides for compensation for cancellations (and doesn't specify that it applies to delays in the act, iirc), but EU case law has clarified that it also applies to delayed flights. Why the hell do you include (1) Why do papers have abstracts? Clarity is imperative (even if it feels like stating the obvious), and prevents further issues from cropping up down the line. It's like how "experts write baby code" (rather than big soups of OOP). I also think as a general writing principle that providing an outline of the structure of your content is pretty important. It's like how a technical book will say "in this chapter, we look at how to solve X problem" so that you know what it's trying to do, rather than just having to guess. Another GOTO? Are you kidding me? It's not that surprising that legislation is drafted in clauses; you can point to the clause, instead of typing things out lots of times. It also allows people to verify that the clauses are correct by looking in one place, rather than having to search all over the document. 1. [ ] 14 mordae avatar mordae edited 1 month ago I am sorry, but this specific piece of legislation sucks. Normally sets are defined first, then clauses that apply to those sets are introduced, grouped topically. This law used sprawling if-else and repetitive vacuous clauses. It is objectively hard to read, not easier. Imagine being reprimanded for braking the law. What did I do? You are breaching paragraph X, section Y, clause Z. Oh, does that apply to me? Yes, section C says so. Nope. Just nope. Sane law can be read from the bottom, looking up if you fall in the set from the consequences. Good luck here. 1. [ ] 1 teymour avatar teymour 1 month ago I have to say I don't really understand your issue with the chapter? As far as I can tell, chapter 3 is set out roughly along the lines of 1. an explanation as to who has which duties of care 2. an explanation of what the scope of each of the duties of care is 3. an explanation of what each duty of care entails Seems pretty straightforward to me. My objection is more to the actual aim of the bill rather than whether it was drafted for a mathematically-minded person. 2. [ ] 2 Teckla avatar Teckla 1 month ago The Dunning-Kruger effect has been debunked for a long time. 2. [ ] 21 pushcx avatar pushcx 1 month ago Thanks for trying to help run down the OSA's scope and effects. With the reminder that I don't get much confidence from non-lawyers interpreting the law, I'll post some more of my open questions. I'm pretty sure Lobsters is categorized as a multi-risk service (section 5.6 on page 78 of that PDF) but can't assemble a coherent definition between the vague terms, foreign legalisms, and bottomless well of cross-references. My primary open question is whether the OSA considers these categories to apply because all of them are possible in a textarea, only if a service doesn't write policies opposing them and variously track its compliance (ICU A1-A7), or only if a service demonstrates a consistent pattern of being used for them. A couple relevant facts: Our search engine doesn't search multiple sites, but we do have direct messaging and image uploads (and do not currently have access to databases of CSAM URLs or image hashes). Moderation is reactive rather than proactive screening. We do not attempt to identify individuals (except in cases of specific abuse like sockpuppeting) and do not attempt demographic measurement like age or location. This vagueness informs where we land on the Risk Level Tables (pages 58-68), which cautions in bold "we expect providers to err on the side of caution and select the higher risk level"). With the endless ambiguities in these documents and that warning, the safe thing to do is geoblock the UK at least until Ofcom makes a clarifying statement or demonstrates for a couple years that it's not going to demolish hobbyist forums. Because software has permeated every aspect of life, including relationships, we have regular mentions of listed topics like gambling, sex, pornography, suicide, drugs, crimes, and various kinds of abuse. I'm reasonably sure Ofcom is capable of use-mention distinction here, but it's worth being aware of the topics if the OSA doesn't make that distinction somewhere (especially likely around the four horsemen) or if there's room for a political appointee to decide to make an example. I'd really like to see an explicit distinction on this in the OSA. Also I swear I saw a page on Ofcom acting as a table of contents and listing all their current OSA PDFs but I can't find it again. Does anyone have a link like that? I am more than a bit lost in a mazy of twisty PDFs, all alike, as I try to cross-reference these documents and run down the many vague terms. As I noted in another comment, none of this addresses jurisdiction. While the UK and USA share legal history and culture, I also have to look down the road to when much less compatible countries (or administrations) attempt to enforce similar laws. 1. [ ] 16 c12 avatar c12 1 month ago From spending a few days this week researching the act, I now believe it has been intentionally made broad and vague so as to allow Ofcom the flexibility to reinterpret it as technology changes. This is so that they don't have a similar cat and mouse game that they do with legal highs. Ofcom for their part are currently in consultation on implementing fees and penalties under the Online Safety Act 2023, their report on the progress can be found here https://www.ofcom.org.uk/siteassets/ resources/documents/consultations/category-1-10-weeks /consultation-online-safety---fees-and-penalties/ main-documents/ consultation-online-safety---fees-and-penalties.pdf?v =383849 Interestingly, under section 3.3 (pg.30) they propose to "exempt providers whose UK referable revenue is less than PS10m in a qualifying period" from paying fees. I do wonder if this includes penalties. Ofcoms enforcement of the act must be entirely self funded via fees and penalties, their own rules dictate that penalties must be considered reasonable and one can consider fining an individual many times the amount they could earn in a lifetime to be unreasonable. Due to this, and the fact that they are to be self funded I suspect that they are going to focus entirely on entities that earn more than PS250m revenue in a year because it does not make economic sense to spend hundreds of thousands of pounds going after an individual where you might at best collect a few thousand in a "reasonable" fine. It is my hope that in the coming months we see the published result of this consulation and confirmation that they will be excempting small communities such as Lobsters much in the same way as GDPR does. 1. [ ] 4 southclaws avatar southclaws 1 month ago This gives me hope, thanks for sharing. I was worried I'd have to block my own country for my own product (a forum SaaS thing) and I clearly need to do some research. Similarly, hobby-adjacent projects like mine, while revenue generating aren't anywhere near the numbers matching these lawyers and penalties. We'll see... as someone who grew up on forums and they are the sole purpose I even have a job designing/coding this whole thing disappoints me. But it flew under the radar for me and I regret not reaching out to my representatives when I had the chance. While my plans to leave this country are largely due to things like this, it does feel like a "frying-pan-fire" situation as the sentiment reflected in the OSA seems to be cropping up in a lot of countries, including where I'm heading... I do miss the old internet. (grumpy old man moment) 1. [ ] 1 Student avatar Student 1 month ago Where are you moving to? 1. [ ] 4 southclaws avatar southclaws 1 month ago Canada, for better or worse! 1. [ ] 3 Irene avatar Irene 1 month ago speaking as someone who immigrated to Canada a few years ago, good luck! it's a country with many challenges but it's a functioning democracy, and remains a very good place to live. 1. [ ] 3 southclaws avatar southclaws 1 month ago thanks! I'm looking forward to it, and looking at the options a few years ago, everywhere has its issues so its a tradeoff, canada struck a nice balance for myself and my partner as a similar-to-the-us-but-not-as-insane kind of vibe, plus natural beauty ticks a lot of boxes! 1. [ ] 2 Irene avatar Irene 1 month ago it truly is gorgeous and full of nature 2. [ ] 6 skade avatar skade 1 month ago Thanks for trying to help run down the OSA's scope and effects. With the reminder that I don't get much confidence from non-lawyers interpreting the law, I'll post some more of my open questions. I agree on this. However, as service providers and people that do need to create compliance, I also find interaction with peers useful. To be honest, I have drafted and killed a few replies to this. I think your assessment of lobste.rs as a multi-risk service is overly negative, but given the poor communication of Ofcom particularly towards lay-people, I would just engage in trying to nail pudding at the wall together with you and reading tea leaves. So I'll leave it at the gut-feeling and be honest about that being the only thing I can address. 3. [ ] 3 pushcx avatar pushcx 1 month ago This is the Ofcom page I was thinking of as a table of contents. It's a little confusing because some early links are repeated, but Ofcom's guidance totals 2,426 pages, with a further 7+ guides forthcoming. Plus, of course, the 350 page act itself. 1. [ ] 6 pushcx avatar pushcx edited 1 month ago They added 295 pages of material this morning. It is not linked from the page I thought was a table of contents, so I guess that is not intended to be complete. It seems likely there is more than the 3,071 pages I'm aware of that Ofcom expects sites to comply with. The first document says "From today, these services have three months (by 16 April 2025 at the latest) to complete their children's access assessment." and then another doc says "To establish whether a service, or part of a service, is likely to be accessed by children, service providers must first complete a children's access assessment." which is this doc which depends on section 37 of the OSA which defines the "Meaning of 'likely to be accessed by children'" as "possible for children to access the service or a part of it" and "the child user condition is met", where (to skip several dereferencing steps) that is defined in the OSA chapter 4, section 35, subsection (3), clause (b) which says "the service, or that part of it, is of a kind likely to attract a significant number of users who are children" which is all the definition available and also hinges on the infamously undefined term "significant number". I know learned to program as a child and that most children are capable of reading, and a quick search shows the UK has promoted many programs encouraging children to learn programming. So perhaps Ofcom also demands Lobsters perform intrusive checks of visitors' private personal information ("highly effective age assurance") like demanding a state-issued identification document and live selfie. And of course to document the hell out of that decision and implementation. Or perhaps not. There's really no way of knowing. 4. [ ] 1 timruffles avatar timruffles 1 month ago Just in case you've not seen it, Ofcom are publishing a compliance checker https://www.ofcom.org.uk/ Online-Safety/check-how-to-comply/ 'in early 2025'. 1. [ ] 1 pushcx avatar pushcx 1 month ago I believe that's the tool discussed in these comments, though it's difficult to be sure given the structure and organization of the site. 1. [ ] 2 timruffles avatar timruffles 1 month ago They look different to me? = https://www.ofcom.org.uk/online-safety/ illegal-and-harmful-content/check/ was published Feb 2024, and is about applicability (i.e. whether you need to comply) = https://www.ofcom.org.uk/Online-Safety/ check-how-to-comply/ announced a tool to come in 'early 2025' in Dec 2024, and is about compliance (i.e. how to comply) 1. [ ] 8 pushcx avatar pushcx Sysop edited 1 month ago You're correct, they made a new tool available today. As long as I'm writing, I'll include a small update I mentioned on yesterday's office hours: I've started an email conversation with Ofcom and gotten a human response about routing my inquiry to the right office. I recently talked with the owner of a US small, noncommercial forum who asked Ofcom about the OSA and received a demand that all services, no matter how small, undertake the enormous task of evaluating against their thousands of pages of vague guidance. So I didn't bother re-asking that and only asked them to explain their legal basis for claiming global jurisdiction. I'm also reaching out to the US Embassy of the UK to see if they can help with the jurisdictional overreach. 1. [ ] 3 timruffles avatar timruffles 1 month ago <3 sorry for the pain. Good luck with the Embassy! 2. [ ] 2 c-- avatar c-- edited 1 month ago Well, my optimism in that other thread is beginning to look pretty foolish. FWIW, which I concede will likely turn out to be very little, I did write to my MP. One of their caseworkers wrote back a couple of days ago to say that they had raised my concerns with the Culture Secretary for "a formal response in writing". I look forward to receiving it. 3. [ ] 15 gerikson avatar gerikson edited 1 month ago Speaking of the GDPR, there's surprisingly little online furor over the OSA compared to the frankly almost hysterical coverage of the GDPR back in the day. For instance, if lobste.rs is in scope, than HN is, and I don't think they're gonna take any action blocking UK users. But I might be wrong. The fediverse also seems to be shrugging off the OSA, even if many instances probably are in scope. 1. [ ] 46 skade avatar skade edited 1 month ago TBH, I'm a fan of the GDPR. Having run affected web services for years, GDPR was mainly a slap on the wrist e.g. to providers that (already illegally) didn't practice double-opt-in for mailing list. GDPR was a massive "we've had it, there's fines now, and we note down the best practice here". Like, a lot of the stuff the GDPR bans were already illegal, but all the large services ignored it, because the laws were toothless. So people who were already quite conscious around privacy, which most self-hosters are, were pretty fine. Also, there are clear indicators in the GDPR should be easy to comply for small services and the first reaction is a stern warning. The OSA documents are hard to track and even finding the definitions of what a large service is always takes me 5 minutes, because it's hidden somewhere. 1. [ ] 44 gerikson avatar gerikson edited 1 month ago To be honest I think a lot of the furor was from online marketers who saw a credible dent appearing in their cash flow and who tried to astroturf some opposition in the US. Even now the maliciously compliant "accept all cookie" banners are being blamed on the EU, not on the advertisers who implement them. 1. [ ] 45 edk- avatar edk- 1 month ago I rather think those banners are maliciously noncompliant. 2. [ ] 2 pkolloch avatar pkolloch 1 month ago I disagree. It introduces tons of regulations with often marginal effect. Big service companies can be mostly happy about the regulatory capture effect. But basically most interesting services are in non-compliance with a strict reading. E.g. from the text of law (I am not a lawyer), I cannot see how it is allowed that I can check my emails from a non-compliant country. It also applies to non-online services like doctor's practices. Theoretically requiring doctors to call people by something other than the names that is not PII. Rather than imposing all this churn on so many, one should focus on penalizing big abuses. 1. [ ] 5 gerikson avatar gerikson 1 month ago The GDPR has been effect for years now. If the weird edge cases you mention were actually an issue, we'd have heard about it. You can see the fines imposed by member countries' data inspection authorities here: https://www.enforcementtracker.com/ 1. [ ] 4 pkolloch avatar pkolloch 1 month ago I did hear about them :) My comment included quite different points, though. One was that it applies to a lot of small businesses - yes, I did here about concrete absysmal effects there about creating extra costs but I did not hear about persecutions of small businesses for violations. The second one was about the hypothetical cases with the email. If I read your comment right, you focus on violations for which there have been actual fines. I don't think that this is the full picture. Law, in the best case, should make clear what is allowed and what is not. If it fails to do that, the ambiguity creates unnecessary work. In the case of small businesses, a lot. And I am not even talking about primarily online businesses. I think that I am connected to a bubble of small business owners that actually want to comply with the law (in Germany), and it is very annoying and creates extra costs. Try to get a lawyer sanction your GDPR compliance and tell me what the bill is... And that is only a fraction of the costs. Also please don't mistake this as me being in favor of keeping all of this unregulated. It can't be. Many companies would just do things to their own advantage. E.g. disallowing shady double opt-outs is not a problem for me. But the GDPR does so much more... I do beleive that the GDPR is not a problem for many best-practice online services. But that is only a small fraction of business in total to which the GDPR applies. 1. [ ] 3 gerikson avatar gerikson 1 month ago I can't speak for the situation in Germany. Trying to get a framework that works in all of the EU with the very differing views on privacy is a big job. And if there's a balance between indivdual's privacy and business' costs, then maybe the privacy is worth more. I would expect trade associations for the businesses involved to have at least some guidance in place by now, since the law has been enforced for so long, so that an individual business owner can ask "is this software GDPR compliant", "what is the best practice for this situation", etc. 2. [ ] 1 pkolloch avatar pkolloch 1 month ago BTW, nice web page! 2. [ ] 11 Irene avatar Irene 1 month ago it's worth understanding that the GDPR challenged power, whereas the OSA's primary impact is on already-marginalized groups and local, community-centric undertakings. complying with the OSA will be significantly easier for the big companies than complying with GDPR was and remains, because it simply establishes rules for already-existing enforcement mechanisms to follow. the topics and themes the media chooses to cover are not immune to influence from capital. :/ 2. [ ] 31 FRIGN avatar FRIGN 1 month ago The general consensus in my professional network, even reaching up to EU SME's (!), is to just geoblock the UK given the costs to reach compliance are usually much higher than any business brought in by possible UK customers. This is also in light of other impeding UK legislation. I would also do the same here in this case, if I were you @pushcx. This is a community of tech-literate people who know how to get a VPN. At the same time, the (slight) inconvenience is a constant reminder of this overbearing legislation for all UK visitors, and it might have a stronger effect on the situation than we could imagine. It shocks me time and time again how much of a postmodern cyberpunk surveillance- and police-state the UK has become. The UK's people seems to be content with this development given they voted for it, so who I am to judge? Fortunately I don't have to live there. 1. [ ] 30 david_chisnall avatar david_chisnall 1 month ago The UK's people seems to be content with this development given they voted for it We voted out the government that passed this stupid law. Unfortunately, the new government has not repealed it. 1. [ ] 8 FRIGN avatar FRIGN 1 month ago Just out of curiosity, why haven't they? 1. [ ] 25 dfawcus avatar dfawcus 1 month ago Because they actually believe it is a good thing, and would have passed such an act themselves if it didn't already exist. It is very easy to repeal an Act which has not yet come in to force. The coalition gov quickly repealed the ID card legislation despite it already being in force, with its active database, and cards already issued. So by their deeds (and/or inaction's) you can determine their beliefs. 1. [ ] 30 david_chisnall avatar david_chisnall 1 month ago I suspect it's more that they simply don't understand it. My MP is one of them and he is, uh, not the brightest. I've never had an interaction with him where I felt he understood the legislation that he was voting on at more than a superficial level. His level of reasoning is probably 'child abuse bad, law says child abuse bad, law must be good' rather than having any actual understanding of the impact of the law. 1. [ ] 12 tonyg avatar tonyg 1 month ago Not sure. There's a fair overlap between Labour today and Labour 17 years ago, and you may recall the Terrorism Act 2006, which had similarly vague formulations about what exactly constituted "glorification of terrorism" (which in turn provoked a bunch of SF authors to release a book called "Glorifying Terrorism" in order to see what would happen). It's not unlikely they view having a law that can be inconsistently applied ("oh but we don't mean you, you're one of the good ones", "we know it when we see it") as an actual feature - after all, they don't bear the costs and neither does anyone they care about. 2. [ ] 1 Cuji avatar Cuji 1 month ago To be fair, irrespective of the belief / intelligence of individual MPs, most are backbenchers with very little power within the party and just follow the whip (especially considering how many are new MPs) 2. [ ] 2 recursion avatar recursion 1 month ago In this particular case they probably agree with it but also it's a general fact (I haven't actually checked this - it's just from my experience - so somebody please correct me if I'm wrong - https://en.wikipedia.org/wiki/ Ward_Cunningham#%22Cunningham's_Law%22 !) that governments repeal almost nothing. They almost universally prefer to spend their limited energy on passing new laws. I'm not sure why that is - maybe something to do with Pareto optimality. 1. [ ] 4 Irene avatar Irene 1 month ago the primary goal of most politicians is to get re-elected. due to sample bias, this is especially true with ones who've been around longer and thus have the seniority to influence agendas at the party level. passing a new law is something that it's easy to brag about and take credit for. it presents the public with an achievement that one or more involved politicians can attach their names to, or over-state their role in if they're so inclined. repealing a new law is not nearly as easy to convince the public to congratulate people on, since the net result is that there's nothing to look at, no new results to point to. it's certainly the case that there are parties that build their brand on repealing laws as their primary activity, but there is an inherent disadvantage to doing so. 1. [ ] 5 xvello avatar xvello 1 month ago Indeed: it is most probably on the new government's radar, but they might choose to allow shit to hit the fan before "saving the day". We can draw a parallel with hero culture in many dysfunctional companies: there's no glory to gain by avoiding an incident while the employee who solves an incident get credit, even if they caused it in the first place. 1. [ ] 3 Irene avatar Irene 1 month ago oh good parallel, indeed (edit: typo) 2. [ ] 2 hoistbypetard avatar hoistbypetard 1 month ago You linked https://en.wikipedia.org/wiki/Ward_Cunningham #%22Cunningham's_Law%22 which talks about how Ward Cunningham, a computer programmer, is credited with the idea that The best way to get the right answer on the Internet is not to ask a question; it's to post the wrong answer. Is that actually what you meant to link? If so, I'm not quite seeing the relationship to what governments do or don't repeal. 1. [ ] 5 skade avatar skade 1 month ago Parenthesis: it applies to the statement before the link. Let me highlight it: (I haven't actually checked this - it's just from my experience - so somebody please correct me if I'm wrong - https://en.wikipedia.org/wiki /Ward_Cunningham# %22Cunningham's_Law%22 !) So it applies to the fact they didn't check, not to what governments do. 1. [ ] 2 hoistbypetard avatar hoistbypetard 1 month ago The intentional invocation of Cunningham's law went right over my head. Shame on me for reading before finishing the first coffee. I wonder if intentional invocation of Cunningham's law is like intentional invocation of Murphy's law... such an act might well turn the incorrect statement into a question and therefore place it on the wrong side of the law. 1. [ ] 2 skade avatar skade 1 month ago Haha, no problem, happy to be of help. It took me a close reading as well. 2. [ ] 5 abyss avatar abyss 1 month ago I believe they are saying "I'm saying this and if I'm incorrect someone will surely correct me", that is - utilizing Cunningham's law themselves 1. [ ] 2 hoistbypetard avatar hoistbypetard 1 month ago You are, of course, correct. That went right over my head. 2. [ ] 18 tonyedgecombe avatar tonyedgecombe 1 month ago The UK's people seem to be content with this development given they voted for it, so who I am to judge? The media ignores it so it's hard to blame the general populace. 3. [ ] 2 tonyedgecombe avatar tonyedgecombe 1 month ago This is a community of tech-literate people who know how to get a VPN. I probably wouldn't bother. 3. [ ] 27 SoapDog avatar SoapDog 1 month ago As a UK based lobster, I think that if enough sites geoblock the UK there will be a reaction against this unenforceable law. Go ahead, geoblock the UK and I hope more sites do it as well. Unless people start shouting, nothing will change. 1. [ ] 1 LAC-Tech avatar LAC-Tech 1 month ago I was actually considering geoblocking the UK on my own sites today, because the vast majority of the my inbox spam is from there. Now I have two reasons! 4. [ ] 26 pushcx avatar pushcx Sysop 1 month ago Thanks for all the great comments here, especially the many people who've volunteered to speak with their representatives and policy makers. I'm hopeful that we find a way through this situation, and based on what we know of the Parliamentary approval process that seems like the most promising avenue for giving time to make improvements. I think it's important to highlight that I fixed a bad link. I wrote "the current, bad plan is that Lobsters will geoblock the UK before the law takes effect" and wanted that to link to the commit specifically to show that the geoblock is pending. I want it to be unambiguous that in the same way the OSA is scheduled to take effect, so is our "current, bad plan". To round up some other great parts of the conversation, c12 left two comments that made a persuasive case that huge fines are unlikely. Though there's still the problems that the process is the punishment and encouraging worse future censorship. Outside of this comment thread, I've gotten two very useful contacts. First was an employee of a large site working on OSA compliance. They made an email introduction to current Ofcom employees so that I can directly discuss these concerns with the regulator. I've only gotten an out-of-office reply so far, but I primarily plan to ask for Ofcom to publish guidance appropriate to hobbyist and foreign sites. I'm hopeful that I can talk directly to the people who have written the current statements we have been struggling to understand. Second, a UK lawyer who has relevant professional experience named Neil Brown has publicly announced that he is working on free resources to help small sites understand the OSA better. I've started talking to Neil in case hearing directly from a small site can improve his work. I've been real concerned about the perils of playing lawyer, so I'm really looking forward to a resource that I expect to meaningfully advance the public understanding of the risks of the OSA. This has all been great progress, and I really appreciate everyone who's contributed here and elsewhere to help. Especially with the prospects of Neil's resource and talking directly to the regulators, I'm optimistic that this situation will improve. 1. [ ] 14 srtcd424 avatar srtcd424 1 month ago As a Brit, I just want to say thank you for expending time and energy on this! I would fully have understood if you'd just thrown your hands up in disgust, implemented the block, and walked away :( 2. [ ] 6 fanf avatar fanf 1 month ago Neil has started publishing material at https:// onlinesafetyact.co.uk/ (via https://mastodon.neilzone.co.uk/@neil/ 113816315252890991) 1. [ ] 1 fanf avatar fanf 1 month ago More from Neil Brown, looking at the latest from Ofcom https://mastodon.neilzone.co.uk/@neil/ 113837276025674919 Hot-off-the-press guidance from Ofcom for the UK's Online Safety Act: Age checks to protect children online 1. [ ] 1 gerikson avatar gerikson edited 1 month ago The link seems to broken. The fedi instance itslef is up: https:// mastodon.neilzone.co.uk/@neil/ Edit found the post, the link I got from it is identical to the one above and does not load correctly in Firefox or Chrome https://mastodon.neilzone.co.uk/@neil/ 113837276025674919 Text: ------------------------------------------------- Hot-off-the-press guidance from Ofcom for the UK's Online Safety Act: Age checks to protect children online Note: Pornography services must introduce age checks by July 2025 at latest So very little implementation and testing time. https://www.ofcom.org.uk/online-safety/ protecting-children/ age-checks-to-protect-children-online/ 3. [ ] 3 tiniuclx avatar tiniuclx 1 month ago Thanks a lot for putting in all this work to make sure Lobsters stays up in the UK. I visit almost every day & it would be big loss for me if I were to lose access. 4. [ ] 2 sunshowers avatar sunshowers 1 month ago As someone who's mostly been lurking, wanted to say thanks for everything you've been doing here. 5. [ ] 25 c12 avatar c12 1 month ago New Scientist wrote a short article a few weeks ago https:// www.newscientist.com/article/ 2461213-hundreds-of-small-websites-may-shut-down-due-to-uks-online-safety-act / they key takeaway for me is this quote from Russ Garrett: "If Ofcom and the government didn't intend to shut down these tiny, low-risk websites, they should have provided much more accessible, practical guidance for small sites," says Garrett. "For a time-limited, risk-averse volunteer website operator, I think the only other option at this point is to engage a lawyer at a cost of many thousands of pounds." In a previous article from 2023: UK's Online Safety Bill to become law, but can it be enforced? the most damning paragraph for me is: The UK government, even as it was pushing the Online Safety Bill through Parliament, conceded that there is no technical way to do what it demands, and that those parts of the law wouldn't be enforced until such tools had been developed. The act requires that websites have policies in place to protect people from "harmful" or illegal content while being entirely vague as to what that means, what counts as "harmful" appears to have been kept intentionally vague so as to become anything the prosecutor wants it to be. It genuinely feels as though this is the Thought Police Act. 1. [ ] 8 lproven avatar lproven 1 month ago Paywall bypassed: https://archive.ph/sXZuq (The 2nd link doesn't seem to be paywalled to me.) 1. [ ] 4 c12 avatar c12 1 month ago Thank you, I didn't realise I was logged in when I first visited it. I actually thought to myself "oh, its no longer paywalled, must be old enough" and so used the actual link instead of archive. 2. [ ] 5 skade avatar skade edited 1 month ago I generally agree with Russ Garret there, the accessibility is a problem. I don't fully agree with the following though: The act requires that websites have policies in place to protect people from "harmful" or illegal content while being entirely vague as to what that means, what counts as "harmful" appears to have been kept intentionally vague so as to become anything the prosecutor wants it to be. It genuinely feels as though this is the Thought Police Act. It is in general that laws keep this vague and courts decide the rest. This is because morale and knowledge works faster than lawmaking. So, yes, it is kept at liberty to the prosecutor, with the prosecutor to work out the details and set and evolve policy. That is something that the Ofcom is currently doing, but in a pretty poor way. A lot of the things mentioned by Ofcom are legitimately bad and many of the big services keep their costs down by ignoring them. Regulators keeping the pressure on them to act is not necessarily a bad thing, it means facebook etc need to spend money they otherwise wouldn't to combat that stuff at scale. E.g. the good bits of the Ofcom mean that moderation obligations can't be dodged and they now have a handle to inspect e.g. the moderation policies of facebook etc. Now, the UK duking it out with facebook and Google, I don't care about, they have their lobby(ists). The problem is that the "small, independent" internet is kept in the dust. 1. [ ] 10 c12 avatar c12 edited 1 month ago A lot of the things mentioned by Ofcom are legitimately bad and many of the big services keep their costs down by ignoring them. Regulators keeping the pressure on them to act is not necessarily a bad thing. I agree, the spirit of the law is correct. I think a lot of the legitimate concerns coming from admins of online communities is that unlike with the GDPR, there isn't an explicit exception written in, the law places that ability onto Ofcom, who are currently in the process of determining the lower threshold for enforcement. I dug out Russ's compiled notes on the act: https:// russ.garrett.co.uk/2024/12/17/online-safety-act-guide / and following the link to Online Safety - fees and penalties I am actually somewhat relieved that Ofcom appear to be interpreting the law in a sane way. The document largely discusses collecting fees from providers with section 3.3 (pg.30) proposing they "exempt providers whose UK referable revenue is less than PS10m in a qualifying period" from paying fees, instead targeting those with an income of PS250million or more. This also details how Ofcom's enforcement of the act will be entirely self funded and that penalties levied must be by Ofcoms own rules considered reasonable. From that, I would conclude that they are going to focus entirely on the big players like Facebook, because spending hundreds of thousands of pounds to go after an individual, only to be able to recover at most thousands of pounds as a reasonable penalty does not make economic sense. 1. [ ] 3 pushcx avatar pushcx 1 month ago Thanks, this and your other comment make a solid argument against the risks of fines. 2. [ ] 7 pushcx avatar pushcx 1 month ago That's probably a fair description of some of the issues in the design process, thanks. There's a classic book in US law called The Process is the Punishment. It argues that being exonerated of a minor crime is itself often a life-altering punishment. The risk of the years-long disruption of becoming OSA case law is a significant part of what still concerns me. 6. [ ] 17 edk- avatar edk- edited 1 month ago FWIW, while https://russ.garrett.co.uk/2024/12/17/ online-safety-act-guide/ is not legal advice or written by a lawyer, the author has spent enough time navigating legal bullshit that I trust what they've said there. It sounds like the requirements for a small site boil down to doing a risk assessment and writing some policy boilerplate. While I'm sure the average legal department would have a different opinion, generally non-lawyers are able to write these documents, and making a good-faith effort to comply is almost certainly sufficient in the first instance. I know of some fairly consequential projects (in the sense that real money was at stake) with non-trivial UK compliance requirements that have succeeded on the back of nothing more than documentation written by reasonably competent lay people. Can I suggest writing the requisite pseudo-legal stuff, possibly having it nitpicked by an actual lawyer, and seeing if that's enough? I will write to my MP about this, but I personally don't think any of your bullet points is particularly likely to happen. I would be happy to contribute a bit of money to pay a lawyer to review some documentation and say they think you're in compliance, though, which seems much more achievable if somewhat weaker. 7. [ ] 30 bitfield avatar bitfield 1 month ago "Do not obey in advance". It's highly unlikely that you'll ever hear anything about it, but even if you did, it would be something like a cease and desist letter. You can decide then what to do about it. 1. [ ] 41 pmdj avatar pmdj edited 1 month ago Considering there is criminal liability for noncompliance, I don't think "it would be something like a cease and desist letter" is useful advice at all. Even if you reckon you're safe from this in your country, you'd potentially have to very carefully consider any future travel and whether you're entering jurisdictions which might begin extradition proceedings, etc. 1. [ ] 2 skade avatar skade 1 month ago Considering there is criminal liability for noncompliance, Yes, but that's a common thing nowadays. Did you know there's criminal liability for supply chain consumers coming? (CRA?) The thing here is: there's an escalation ladder here. Ofcom does a very poor job at disclosing this ladder. 1. [ ] 4 pmdj avatar pmdj 1 month ago I'm no expert on the CRA, but it was my understanding that after public consultation, liability has been explicitly excluded for non-commercial offerings, including open source contributors. In other words, you won't be accidentally held liable for a security vulnerability in your code that someone downloaded from your website or repository for free. You don't generally "accidentally" sell software for money, so you can price any costs for compliance into whatever offering you have, or alternatively, it's not that difficult to exclude selling to markets where you don't consider compliance with local laws proportionate. The OSA is pretty unusual in that there's no carve-out for small-scale or non-commercial operations, and in that it effectively applies globally to almost any publicly accessible website or digital service with a community component. 8. [ ] 12 srtcd424 avatar srtcd424 1 month ago There's been a mailing list set-up to gather information and try to get set-up to lobby Ofcom: https://buttondown.com/ indie-and-community-web-compliance- I'd be sad but very much understand if you just decided it was all too much and went through with the geo-block :( Ludicrously badly implemented legislation :( 9. [ ] 10 fanf avatar fanf 1 month ago Neil Brown (tech lawyer and open source advocate) is working on simplified risk assessments for sites like this and others , and in the replies Russ Garrett suggests there might be an official interactive guide. Also, Neil reckons your code forges are probably in scope. Joy, kittens, cakes, and blossoms. 10. [ ] 9 hoistbypetard avatar hoistbypetard edited 1 month ago Apparently the law exempts email-based services, including mailing lists. Perhaps instead of geoblocking the UK users, you could require them to use the email interface? (That's about 70% joking. I'm sorry you need to deal with this.) 1. [ ] 9 pushcx avatar pushcx 1 month ago This came up a bit on yesterday's stream (search the page for "SMTP"). The current implementation of the geoblock applies to HTTP traffic and would need to be extended to SMTP. I guess the best available target is whether the earliest server in a Received header resolves to a UK IP, but the problems of spoofing and that UK occupants may use non-UK SMTP servers means that it'll be less accurate. (And, of course, false positive blocks for non-occupants using UK servers.) I know you're mostly kidding, but I do very much wish there was One Clever Hack or exception and have spent a significant amount of time looking for one in vain. I posted this because I feel I've exhausted my hopes there and need help from UK users to avoid the remaining bad options. 11. [ ] 9 pushcx avatar pushcx Sysop 20 days ago I contacted the office of US Senator Ron Wyden, who has been involved in most of the laws around the internet for the last couple decades. I asked if they could get the US Embassy to the UK to help correct the jurisdictional overreach. US politics are currently very busy (in off-topic ways) so I think chances are low this comes to anything. If I do hear back from them I'll advocate for them to get involved in some way, but otherwise I have exhausted the actions I can take on this issue. I still think the most likely way the UK averts disaster here is that Parliament doesn't approve Ofcom's guidance, which is needed for the law to go into effect on March 16. This would buy time to revise the law and guidance. If you are a UK citizen, please continue to contact your MP. I can also offer one last idea: The UK government has a secret list of prohibited sex acts. No, really! Ofcom is the regulator tasked with implementing this law. They stonewall people who ask questions about the OSA that have politically embarrassing answers. Like how @aphyr asked how they define "extreme pornography", which they demand be censored. But Ofcom's definition is nothing like detailed enough to implement as policy, and aphyr's questions are only a start. You can see the level of detail needed from things like this Facebook policy leak a few years ago; realistically actionable rules are hundreds of pages. Ofcom won't acknowledge questions about this (or what international law gives them censorship power over the world) because the answers are embarrassing. Their list of prohibited acts is a secret. I know the UK tabloids love their sensational headlines, so as long as I've been forced to deal with UK culture, there's my last contribution to this disaster. Maybe UK citizens can ask their MPs and journalists for these secret rules around which sex acts are permitted and not under the OSA, and that question itself is embarrassing enough to get things fixed. 1. [ ] 4 pushcx avatar pushcx 19 days ago Ofcom has confirmed that geoblocking the UK is the only way for small sites to stay safe from its censorship. 2. [ ] 3 dfawcus avatar dfawcus 19 days ago It is not for Parliament to "not approve" the guidance, that is the default state with the negative procedure. Someone would actually have to pick up the instruments within Parliament, and raise objections to them. If Parliament does nothing, the the guidance will be adopted, Parliament has to actively object to the proposals. My own view is that to fix this, the problems will have to be experienced. Namely that the Act and Ofcom's implementation of it will have to in effect turn the UK in to an information impoverished backwater before anything can happen. Also that the mass media will do bugger all about this is largely a given, as it is against their own interests to object to it. Sad, but that is my prediction for the way it will go. It'll probably take until the next Conservative government (assuming they don't implode beforehand) before this can be fixed. They then end up cleaning up their own mess, a Labour government will (IMHO) never correct this. 12. [ ] 8 pushcx avatar pushcx Sysop edited 1 month ago Here's an update for 2025-01-23. The OSA continues to claim jusisdiction over the entire web. I asked Ofcom to explain what legal basis there is for a country's law being able to do so, perhaps an international treaty. A PR flack responded to duck the question and say that the law has the power because the law says it has the power. This was yet another waste of time by Ofcom. Speaking of which, the new online tool linked in my previous comment is the best argument I can see for convincing someone that these regulations are hopelessly burdensome and vague. I would invite anyone who is not yet convinced of that fact to try using it. I'm still waiting to hear back from the US Embassy. I think this has been delayed by the change in US presidential administrations appointing new personnel and setting new policy. I'll continue to follow up. I've gotten pointed to the legislators who were involved in the OSA and I'll be reaching out to their offices to ask their legislative aides to ask why they think the UK has the jurisdiction to regulate. I have almost exhausted my options for improving on our least bad plan. When these two inquiries are resolved, I don't have ideas for other ways of mitigating the threat of the OSA. I still think most likely positive resolution is that UK persons contact their MPs to delay the approval of Ofcom's regulations until the OSA's risks to small forums can be reduced, but that's not something I can advance as a non-citizen. If you are in the UK, please do contact your legislators. 1. [ ] 10 pushcx avatar pushcx edited 1 month ago A few well-meaning people have sent me Ofcom's upcoming Session for Small, Low-Risk Community Sites*, so to write up something I can link: Why would I attend a session about complying with a UK law, given that I'm not a UK citizen, the site is not hosted in the UK, and I'm not in the UK? I traded email with Ofcom and asked them to explain their novel legal theory for why the UK can pass a law claiming jurisdiction over the world. They ignored my questions and replied that the law says they have jurisdiction over the world. There's some more details in my latest update. They're not operating in good faith. I don't need instruction on complying with another country's censorship regime. I need Ofcom to acknowledge that they don't have power over other countries, because I'm not interested in wasting years of my life proving in court that the UK doesn't have the authority to decide what can be published in other countries. If someone attends this session, please ask: 1. What international treaty gives this UK law jurisdiction over the world? 2. If there isn't one, does Ofcom commit to helping enforce laws from other countries that claim to apply to UK services because occupants of those countries read them? We all know which countries want this power and what they'll claim to be saving their children from. * It's not relevant, but as a programmer I have to gripe about variable names. This facially reasonable title is actually OSA legalese. "Small" mostly means "fewer than 7 million visitors physically in the UK". Lobsters is probably "small" but there isn't a defined time period and we don't track demographic data to say authoritatively. "Low-risk" is not defined by the law; it is Ofcom's invention and their public definition is impenetrable. Lobsters is probably "multi-risk" but hasn't spent thousands of dollars on legal advice to try to know. But their deliberately poor communication is not the remaining problem here, their lack of authority is. 2. [ ] 1 proctrap avatar proctrap edited 1 month ago Expect some patches to that region block. I got blocked already from a german IP where your ip-locator's website even said it's from germany. 13. [ ] 7 skerritt avatar skerritt edited 1 month ago Sorry to hear this. I will write to my MP. The OSA's civil penalties run up to $22 million USD I have absolutely no idea how much this is, because the UK does not operate with USD. This is about PS17.5 million GBP. Upon googling it appears the maximum fine is PS18 million. Remember: You can write to your MP to oppose laws, this is a rather effective method I have found (well, at least my MP is effective at reading my emails and talking about it in parliament) https://www.parliament.uk/get-involved/ contact-an-mp-or-lord/contact-your-mp/ 1. [ ] 11 david_chisnall avatar david_chisnall 1 month ago You can write to your MP to oppose laws, this is a rather effective method I have found (well, at least my MP is effective at reading my emails and talking about it in parliament) https://www.parliament.uk/ get-involved/contact-an-mp-or-lord/contact-your-mp/ WriteToThem is run by mySociety (government funded) and provides an easy way of contacting any and all of your elected representatives. 1. [ ] 2 edent avatar edent 1 month ago I don't think it is accurate to say mySociety are Government funded - they're a charity https:// www.mysociety.org/about/ 1. [ ] 3 david_chisnall avatar david_chisnall 1 month ago They are a charity. They operate the service but (unless this has changed in the years since I last looked), it is funded by a government grant. 2. [ ] 2 dfawcus avatar dfawcus 1 month ago Being a charity is not incompatible with being Gov funded. The UK has plenty of "fake charities", whereby an actual charity gets most of its funding from the public purse. This is then used by TPTB to have a convenient "independent source" repeating the messages they desire. Also to have "independent research" produce the answers they wish to hear for policy development. 2. [ ] 1 op avatar op 1 month ago thanks for this link, i have written to my local MP describing the issues listed above, i got an automated response saying i can expect a reply anywhere within 10 and 15 days. 2. [ ] 1 stig avatar stig 1 month ago Do you feel comfortable sharing a version of your text to lower the barrier for time-poor folks who would also like to do so, but may not know how to best word their concerns? 1. [ ] 2 edk- avatar edk- 1 month ago You are strongly counselled to use your own words. 1. [ ] 1 stig avatar stig edited 1 month ago Ack. Thank you, that is helpful. Edited to add: I have now written to my MP using the WriteToThem link provided in another comment. (Go upvote that.) I found the process much simpler than I thought, and recommend others do the same. 14. [ ] 6 pyj avatar pyj 1 month ago I can't imagine how many sites this thing effects, and a US authority publicly resolving the ambiguity in an official way would considerably help. It's considered a a major problem to the US-hosted Ada forum especially since a lot of key contributors are from the UK. 15. [ ] 6 yawpitch avatar yawpitch 1 month ago I love this site and I'll be sad to only be able to access it over VPN, but I can fully understand your need to avoid this (amongst many) post-Brexit idiot UK laws. On a meta note, might be a good time for people to share articles about VPNs and their care and hosting. 16. [ ] 9 calvin avatar calvin 1 month ago Realistically, is this going to affect us? Lobste.rs and most other small web forums are small and unlikely to be on the radar of regulators. If you're doing best-effort moderation already to avoid illegal content (i.e. what you're doing now), I think it's unlikely you would get on said radar. In the event you somehow do piss them off, I suspect organizations like the EFF would be rallying around you and willing to help then. 1. [ ] 66 kevinc avatar kevinc 1 month ago Sure, but if it were me running the site, "unlikely" and "we suspect" wouldn't be enough certainty to put my future on the line for a hobby. 1. [ ] 48 pushcx avatar pushcx 1 month ago Pretty much this. The UK is threatening enormous fines and jail time because it wants the law to be taken seriously. This is what taking the OSA seriously looks like absent the resources of one of the huge businesses it was written for. 1. [ ] 5 zladuric avatar zladuric edited 1 month ago I agree, while a lot of people - software engineers specifically - I know don't even know about lobsters, you're still exposed. On topic - I'm curious why you include "commitment by American government that they'll offer protection"? I thought both American and UK governments (among others, of course) have been acting crazily enough lately that I didn't think this would be applicable. As a few examples, I thought your govt wants to leave the WHO and has been on-again-off-again about the Paris climate agreement - they don't seem like either willing to deal with international affairs that much, or are not stable in that dealing. I understand having a commitment from ACLU or EFF to defend you, but other than an explicit law that protects you, it doesn't seem like any "commitment" would be reliable. Maybe I'm just misunderstanding the context in which this would work. Edit: to clarify, I'm asking what that commitment needs to look like. 1. [ ] 15 pushcx avatar pushcx 1 month ago A public statement or policy from a State Department official acting in their official capacity. It is the US agency that handles extradition hearings and the international diplomacy involved in whether the UK can claim jurisdiction over US entities like this. There's a deliberateness and inertia to international State Department policy that I feel reduces the risk acceptably even as electoral politics shifts. I'm trying to be optimistic about this big hairy topic. 2. [ ] 6 whalesalad avatar whalesalad 1 month ago But the UK has zero jurisdiction. What are they gonna do? Send you a fine and beg you to pay it? Straight to the shredder. 1. [ ] 31 david_chisnall avatar david_chisnall 1 month ago They have no jurisdiction as long as you don't have assets in the country, visit the country, or visit a country that has an extradition treaty that would cover this. The last two are the biggest risks. If you're flying from the US west coast to Europe, a lot of flights go either over the UK or close enough that, in case of problems, you may have to make an emergency landing here. And then you suddenly find that there's an arrest warrant out for you because you were convicted in absentia after ignoring the summons to appear in court, and now you face jail time. Your home country may be able to intervene, but that can take months, during which time you're in prison. Personally, I wouldn't risk it. It would suck to be unable to access lobste.rs, but it's our (previous) stupid government's fault, not yours. @lproven: When can El Reg run an article about all of the small web sites that are going to block UK citizens, requiring them to communicate via US-based multinationals, because of this stupid law? That's probably the first step to getting it picked up by the mainstream press outlets. 1. [ ] 2 Student avatar Student 1 month ago This is a dangerous misconception. Each state of the US is allowed its own policy on the enforcement of foreign judgments. 2. [ ] 2 whalesalad avatar whalesalad 1 month ago This feels like a very hyperbolic series of concerns. LLC's and corporations exist for this purpose, to shield folks from liability in cases like this. I honestly find it kind of amusing that so many folks are spinning so many cycles on this topic. This is a tiny little corner of the internet where hackers talk about stuff. Why would the UK gov't have any interest in targeting this group? Comes across almost like hubris. 1. [ ] 28 edk- avatar edk- 1 month ago That's not really how LLCs work. A person who does a crime is always personally criminally liable for the crime. And this specific law allows the regulator to enforce directly against related companies or their owners, so breaking it from behind seven LLCs wouldn't even necessarily slow them down. I honestly find it kind of amusing that so many folks are spinning so many cycles on this topic. Peter is worried about opening himself up to life-ruining legal liability over a site he runs in his free time. That doesn't seem very amusing to me. And as a result of his (understandable) not wanting to do that, those of us who live in the UK are worried about the fact that we're likely to be blocked from the site. Why would the UK gov't have any interest in targeting this group? They don't need to have any. Regulations might be weaponized by trolls against people over personal vendettas yet to be established; I have experienced the GDPR used this way. It's easy to be confident this sort of thing won't happen when the person it might happen to is someone else. 1. [ ] 3 whalesalad avatar whalesalad 1 month ago Peter is worried about opening himself up to life-ruining legal liability over a site he runs in his free time. I just cannot imagine this happening, ever. If this were my site, I would just ignore this situation until the UK government explicitly reaches out with some kind of legal document. At that point, initiate the geo block. 1. [ ] 26 jkaye avatar jkaye 1 month ago Easy to say when it isn't your site. The risk-reward here is just not close to in favor of the site owner. Why would he ever leave himself open to criminal charges from a state actor? It doesn't make any sense. Of course you'd block them before that could happen. They don't have to send you a letter. Why would you take the risk? 1. [ ] 0 whalesalad avatar whalesalad 1 month ago Because frankly we fought and won the Revolutionary War to explicitly defeat oppression like this. If I am operating within the context of a specific sovereign nation, I am really not going to give a shit about what any other sovereign nation thinks about me. Their laws are their laws, not mine. 1. [ ] 27 jkaye avatar jkaye 1 month ago You seem to have a flawed understanding of international law, including how it relates to USA-UK relations. Your opinions on what should and should not matter do not have any bearing in a court of law. 1. [ ] whalesalad avatar whalesalad 1 month ago [Comment removed by moderator pushcx: Mocking doesn't add anything to the conversation.] 2. [ ] 11 mrnosuch avatar mrnosuch 1 month ago Community sites always draw a few cranks who enjoy making life miserable for folks who run it. For reasons. Shitty reasons. So yeah, the risk is definitely non-zero, because one person can spend a lot of energy to cause the problem to happen. And at that point, the damage may already be done. 2. [ ] 18 broeng avatar broeng 1 month ago Even if there's no legal recourse, it's understandable that pushcx, and the other maintainers, are not willing to scratch off UK as a place they can ever visit. IANAL, but it does look like the UK and US have at least some extradition treaties in place. 1. [ ] 2 hauleth avatar hauleth 1 month ago Though I highly doubt that US would allow extradition of their own citizens. IIRC a lot of countries have law that prohibits that unless the crime in question is also crime in the local law. 1. [ ] 7 david_chisnall avatar david_chisnall 1 month ago This is true, but the mapping doesn't have to be 1:1. A barrister in an extradition hearing might argue that the US has laws prohibiting CSAM distribution and the OSA is a sufficiently similar law that the extradition treaty holds. Will this argument convince a judge? Depends how well the defence barrister argues against it. How much do you want to set aside in a defence fund to make sure you can hire a barrister who will argue more convincingly than whoever the British government pays? Even winning an extradition hearing is expensive and time consuming. 2. [ ] 2 Student avatar Student 1 month ago The US does extradite citizens. Not extraditing citizens is more of a French-derived tradition. 3. [ ] 11 Diana avatar Diana 1 month ago Send it to your bank, which needs to be able to route orders in GBP through london, and get it applied anyway. 1. [ ] 1 Summer avatar Summer 1 month ago Do you have examples of UK fines being applied this way? 2. [ ] 17 skade avatar skade edited 1 month ago While this is generally true, the OSA has some gnarly bits. (Note again, this comes from glance reading) By and large, it's a fine thing. It spells out the - already illegal things - that need to be mitigated. That part is fine. Your service should not host CSAM and if it is a large service, you need to take measures against it. Even before the OSA, if someone posted CSAM to lobste.rs and it stayed there, you're in trouble. That part of the OSA is not a problem, it is even making things better by providing a framework. (Actually a thing that the often disliked DMCA makes easy - it gives you a relatively frictionless and easy to implement way to move yourself out of the firing line of legal action) No change here, lobste.rs would not be a legal and acceptable service if it allowed that, and it currently isn't, so it's compliant, easily so. A complaint path is there (send mods a message), action is also there (mods on lobste.rs are swift). HOWEVER, there's things like "you need to make sure that terrorists don't communicate on your platform" and e.g. notes user handles as an indicator (ICU H1 in the document linked above). That means two things: this is by definition of the UK (groups designated terrorists is a state-by-state thing), that may run counter to local law in other places - or even just plain ethics. Do we expect @pushcx to have a list of terrorist organisations in all countries that expect that and check our user handles against them all the time? As not a legal professional - especially in international law - I'd not touch this with a stick. Still, this could be expected to be active or "on notification". And that's the big problem that the whole OSA thing has. While it clarifies what things they expect service providers to look at (that's by and large good, it clarifies things!), they don't give a ladder of escalation. If they made it very clear that for smaller providers, they expect compliance on notification or get in touch with you on an advisory role first - fine. People get in touch with mods all the time, that flows well into their business, even if the letterhead is a bit more official. My huge gripe about all of these regulations is that they don't appreciate that a lot of non-commercial, citizen-guided, volunteer-driven and hobbyist stuff is happening on the internet and I appreciate that sector a lot. Every regulation/communication that ignores this is bad regulation/communication. Like, @pushcx writing this message above is already a failure of the OSA in my book. After all, still, legal compliance is more risk-assessment than a clear-cut case. I like my lawyer and his most asked question is "what is the risk of this happening"? 1. [ ] 1 duncan_bayne avatar duncan_bayne 1 month ago My huge gripe about all of these regulations is that they don't appreciate that a lot of non-commercial, citizen-guided, volunteer-driven and hobbyist stuff is happening on the internet What would be your opinion on the purpose of the legislation if they did understand that, very well? 1. [ ] 3 gerikson avatar gerikson 1 month ago I personally would be shocked that the shadowy forces hell-bent on suppressing the independent internet were so incompetent at it, if they're using this legislation to do so. 1. [ ] 2 duncan_bayne avatar duncan_bayne 1 month ago Ah, I didn't mean they were trying to destroy it: it's nowhere near popular enough to matter. That will come much later, if / when it supplants (for want of a better term) mainstream social media. I meant to imply that they know, and give precisely zero fucks about it. 17. [ ] 5 david_chisnall avatar david_chisnall 1 month ago A few things that have come up in my ActivityPub feed since this story was posted that may help (advice for small sites from various organisations): https://thoughtshrapnel.com/2025/01/09/ promising-troubles-advice-on-uk.html https://connect.iftas.org/library/legal-regulatory/ online-safety-act/ https://russ.garrett.co.uk/2024/12/17/online-safety-act-guide / 18. [ ] 5 izabera avatar izabera edited 1 month ago so i filled the ofcom form to assess the risks with what i think applies to lobsters. like for basically every other website on the internet, the result is that every feature of lobste.rs can be used to commit terrorism and child exploitation in 37 different ways. posting urls? clearly urls to child porn. writing comments? that's what a terrorist would do. search function? it's for searching for terrorism isn't it. does not block minors? this just screams grooming. can see other people's profiles? of course it's for human trafficking. does not ask for an id? probably because lobste.rs is full of crime https://www.ofcom.org.uk/os-toolkit/assessment-tool/?question =playback&stfid=&previousId=189445&type=UserToUser&id= 7994658c-5d85-4717-90af-72adeb81a451 19. [ ] 9 lproven avatar lproven 1 month ago Huh. I did not even know about this. I do not live in the UK, but it might affect me: the Isle of Man is generally treated as part of the UK, although it's not and is not subject to UK law. Which is one reason a bunch of Internet gambling companies operate out of here. It would be amusing if suddenly VPN tunnels to make Brits seem to be in the IoM became worth having. 1. [ ] 17 david_chisnall avatar david_chisnall 1 month ago Please write an article for El Reg about all of the sites blocking the UK or shutting down. There was something in my Fediverse feed a few weeks ago from a small UK forum site with around 200,000 users shutting down because of this stupid law. It really needs more press coverage, especially with the angle that these are pushing people to use Facebook or the site with the sans-serif swastika as its logo, giving control of communication to UK companies just as Trump comes to power. 1. [ ] 7 lproven avatar lproven 1 month ago The Reg has covered it before... e.g. Signal may pull out: https://www.theregister.com/2023 /02/25/signal_uk_online_safety_bill/ Most recently, that it became law: https:// www.theregister.com/2024/11/21/online_safety_act/ 2. [ ] 1 Student avatar Student 1 month ago It's not subject to English law. It is however subject to UK law in so far as the UK parliament provides. 1. [ ] 14 lproven avatar lproven 1 month ago No, it is not. The Isle of Man is an independent Crown Protectorate and the only direct influence that the UK has is a right of veto in the House of Keys. https://www.gov.im/about-the-government/departments/ cabinet-office/external-relations/constitution/ 1. [ ] 1 Student avatar Student 1 month ago Yeah? https://www.gov.im/categories/ business-and-industries/intellectual-property/ legislation/ 1. [ ] 9 lproven avatar lproven 1 month ago Yes. I stand by what I said. The IoM Govt chooses what it adopts or doesn't adopt, not the UK one. 1. [ ] 2 recursion avatar recursion 1 month ago Do you know anything reasonably short to read about this just for fun please? 1. [ ] 8 lproven avatar lproven 1 month ago Well, I don't know what you'd consider "short" or "fun". Myself, I don't find reading about international law fun... well, pretty much ever, TBH! This comes up a lot. Most Brits are not aware that the Isle of Man isn't the same sort of place as the Isle of Wight (a county of England), or the Hebrides or Shetland Isles or Orkney (parts of Scotland). It is not. The Island (Ellan Vannin in the Manx language) is a country. It issues its own money, it has its own post office, it sets and collects its own taxes, etc. It is one of three crown protectorates, meaning it's subject to the British monarchy. The others are Jersey, and separately, the Bailiwick of Guernsey (the 2nd smallest Channel Island and the other even smaller ones). Here are a couple of FAQ pages from Manx legal firms. https://dq.im/about/isle-of-man/ https://www.mplegal.im/faqs .im is the Island's TLD, but it's not used a lot. 1. [ ] 3 recursion avatar recursion 1 month ago Thank you! 20. [ ] 7 duncan_bayne avatar duncan_bayne 1 month ago Condolences and heartfelt thanks to the crustaceans involved in wrestling with this. It's never easy, either logistically or emotionally. 21. [ ] 3 waddlesplash avatar waddlesplash 1 month ago Thanks for your work on Lobsters and for writing all this up, Peter. Are there any social media posts which we can "boost for visibility" (whether ones linking to this post, or others)? And, if making a similar post on other forums that would be similarly affected (e.g. the Haiku project forums), do you mind if we cross-link, or perhaps even borrow some of your verbiage? 1. [ ] 5 pushcx avatar pushcx 1 month ago This is probably the best one, I've tried to summarize a woolly topic clearly. You're welcome to use it as an example or quote as is useful. My goal for the post was that people with more jurisdictional relevance get involved in helping find a better outcome for this situation, so I'd really appreciate you helping make connections or progress with the relevant authorities. 22. [ ] 3 dfawcus avatar dfawcus 1 month ago I can't read that commit, it simply serving a 404 page from GH. Anyway, rather than geoblock the whole site, would it not simply be sufficient to geoblock logins from UK users? That way folks in the UK (or similarly other restrictive regimes (possibly all of EU if Chat Control V2 passes)) would simply be able to read the site like any other generic web page. i.e. read it, read the discussions by others, but not interact with folks directly on or via the site. 1. [ ] 12 thesnarky1 avatar thesnarky1 1 month ago As @pushcx pointed out in one of his linked comments there is a real danger that Internet trolls might intentionally post bad materials and then report the site. "Look at the evil stuff Lobste.rs makes available to UK citizens without even a login!!!!" It seems a lot harder to argue compliance if you let UK readers read everything, just not respond. 2. [ ] 8 pushcx avatar pushcx 1 month ago Sorry, I tweaked wording before I pushed and the sha changed; I've fixed the link. The idea of going read-only for the UK came up on yesterday's stream but, unfortunately, no it's not enough. The OSA says "For the purposes of references in this Act to a user of a service it does not matter whether a person is registered to use a service." It uses the word "users" the way a web dev would probably say "readers" or "visitors" to disambiguate them from logged-in users. 1. [ ] 4 dfawcus avatar dfawcus 1 month ago Thanks, I've now seen the commit contents. Having read that section 227, and then part 2, it does seem like an arrogant, mad and ineffective overreach. The UK gov is essentially trying to "protect" UK residents for observing/overhearing a conversation between third parties, not simply taking part in such conversations. So reading an online copy of a discussion in a newspaper "letters page" would also seem to be in scope. Yeah - simply geo-blocking the UK may well be the most practical response to this madness. 23. [ ] 4 h4l avatar h4l 1 month ago It would be nice if sites like Lobsters could advertise at a protocol level that they don't comply with XYZ legislation, and have the onus be on UK ISPs to block sites that don't comply. That way the ball would be back in the court of large industry players (the ISPs) who have an incentive to not block large swaths of the internet. And/or the UK gov would look ridiculous for blocking the majority of the internet. 1. [ ] 5 thesnarky1 avatar thesnarky1 1 month ago That way the ball would be back in the court of large industry players (the ISPs) who have an incentive to not block large swaths of the internet. You know how this ends, though, right? The ISP will not want to be on the hook so instead of accepting the x-rejects-legislation header, they'll require positive assertion via x-complies-with-legislation. At which point you'll have to start positively asserting every bit of possibly relevant legislation or have the response dropped. Then, of course, we'll have to start arguing over which version number scheme to use (is it the name of the bill, do we want semantic versioning? Maybe a chapter and paragraph list?). I write this half in jest, but half to seriously warn that no large company is going to willingly accept that potential risk if you make it easy to shunt back off. 1. [ ] 1 5d22b avatar 5d22b 1 month ago The ISP will not want to be on the hook so instead of accepting the x-rejects-legislation header, they'll require positive assertion via x-complies-with-legislation. Wouldn't it be easier for Lobsters to send zero (or just a few) x-complies-with-legislation headers than a potentially unbounded number of x-rejects-legislation headers? 1. [ ] 2 thesnarky1 avatar thesnarky1 1 month ago Sure! Until you get the list of the legislation each ISP in each country requires you to comply with. I think this way leads to a LOT more paperwork reading and a LOT less traffic. 2. [ ] 3 tome avatar tome 1 month ago have the onus be on UK ISPs to block sites that don't comply. That way the ball would be back in the court of large industry players (the ISPs) There are also small ISPs whose executives won't want to be on the receiving end of a 20 million fine or personal criminal liability. 1. [ ] 4 h4l avatar h4l 1 month ago That indeed sucks, but in general it's untennable for anyone running a website to be liable to the laws of every country in the world simultaneously. If you start to try to comply with some, then at what point do you stop digging into each country's legislation to check if you're going to be liable for something? 24. [ ] Arya avatar Arya 1 month ago [Comment removed by author] 25. [ ] 2 SecretDeveloper avatar SecretDeveloper 1 month ago The IP Geo-Location warning you are displaying at the bottom of the site is showing for me but I am located in Ireland which is neither part of UK nor subject to the UKs OSA order. I hope the filter settings can be corrected to be more accurate and only target the UK territories. 1. [ ] 6 pushcx avatar pushcx 1 month ago It's currently using their free "Lite" database which notes it has "reduced coverage and accuracy". I do plan to purchase their commercial version to minimize the error when the block is enabled. I don't know which version of their databases it hits, but there's a form in the upper-right of those pages you can use to check your IP. And, yes, the errors inherent to geoip databases are part of why I keep describing this as the least bad plan rather than as a good plan. 1. [ ] 2 SecretDeveloper avatar SecretDeveloper 1 month ago ok thanks 26. [ ] 2 strongoose avatar strongoose 12 days ago Writing to my MP now. Will let you know how it goes. 27. [ ] 2 MarkMLl avatar MarkMLl 1 month ago This might also apply to anybody using IRC for service status /support: out ISP (Andrews & Arnold, AAISP) does this. Surely somebody's boilerplated something for this? Try reaching out to an established platform like CIX or A&A asking for fraternal assistance: at the very least it might be possible to split the admin/legal load. 1. [ ] 8 pushcx avatar pushcx 1 month ago Depending on how Ofcom interprets "provider content" (1.17 on page 18 of this doc) and the ambiguity Garret notes about "if users can reply to each other", it seems likely also include bug trackers. 1. [ ] 2 MarkMLl avatar MarkMLl 1 month ago Bug trackers... ouch. I wonder what effect an enforced "always address the Chair" rule would have. 2. [ ] 3 srtcd424 avatar srtcd424 1 month ago I hang out vaguely in the right spaces, and as far as I can tell nobody yet considers that ofcom have given anywhere near enough information about how they intend to interpret the law to allow much actual action :( There's a vague sense Ofcom might produce some more detail before the go live date, but they don't exactly have a great efficiency track record :( 28. [ ] 3 franta avatar franta 1 month ago Are you going to comply with rules of Islamic state or a communist regime somewhere on the planet? Compliance with laws of every state is impossible because they contain mutually exclusive requirements. If some state wants to ,,protect" its citizens, this state should block a website (and not that the website will block a state). However, if you are really afraid that they will attack you, just block UK - instead of this website, show them a warning that they are living in a wicked regime and that they should change it. People will use VPN/proxy/Tor/etc. or maybe try to fix the regime. 1. [ ] whostolemyhat avatar whostolemyhat 1 month ago [Comment removed by moderator pushcx: While your question is fair and polite, I think it's real likely to rabbithole into an off-topic argument over the moral qualities of different political systems.] 29. [ ] 1 fratti avatar fratti 1 month ago FYI, this feels like a farce from both the UK legislature and small site owners blocking the UK over this. Prosecutors and courts are not computers with infinite capacity that blindly apply a law by the letter to the entire world. The chance that a case relating to something on lobste.rs is opened is minute. The chance that the prosecution deems it likely they can prevent real harm and secure a conviction from a court despite the risk of creating new case law that is disadvantageous to them is even smaller. The chance that any such conviction would lead to extradition of the site operator to the UK rather than a site block mandated by OFCOM is next to zero. Without even going through the legalese, I do not see blocking 67 million people from the site to be a measured response. I don't think anyone went through all the already existing laws in all the western countries to make sure lobste.rs wasn't breaking one of those. If a bobby ever has a problem with lobste.rs, they will talk to you first to remedy it in a friendly manner because that's much less work for them. If you want to make your statement about overregulation and block the UK over this, feel free to do so, but I don't think you can claim with a straight face that it was a necessary act you were forced into. 1. [ ] 30 pushcx avatar pushcx edited 1 month ago The chance is low but the punishments are ruinous. I look both ways when I cross the street for the same reason. You also haven't addressed the problem of jurisdiction. If I submit to the friendly bobby who shows up, should I also submit to law enforcement of every jurisdiction? Without getting into the tempting distraction of naming names, there are many polities with flatly incompatible worldviews who'd also like to claim authority over the entire web. 2. [ ] 10 shanemhansen avatar shanemhansen 1 month ago To answer one small part of what you said: I don't think anyone went through all the already existing laws in all the western countries to make sure lobste.rs wasn't breaking one of those. Probably not. The difference? Well this particular historically important Western country has explicitly drafted this legislation to go after people in other countries. 30. [ ] 1 adriano avatar adriano edited 1 month ago US companies complied with COPPA with terms of use prohibiting use by persons under 13 years of age. Is it not reasonable to govern lobsters' use by a terms of use that prohibits persons from the UK? I won't be surprised if this is too simplistic a solution considering the number of small forums and Mostodon instances having a hard time figuring out compliance with OSA. But it seem to be one worth entertaining. 1. [ ] 5 pushcx avatar pushcx 1 month ago The law seems to be based on whether visitors occupy the UK without reference to whether they have permission to use the site. Also, a number of regulars have identified themselves as UK occupants in this thread and it'd be hard to claim with a straight face that the site terms prohibit UK occupants unless they're banned, which sucks quite a lot. 1. [ ] 1 adriano avatar adriano 1 month ago Let me just say that I don't want any of our fellow UK-based crustacean friends to be banned. I think it would be worthwhile to consider how lobsters currently complies with COPPA to inform how it complies with OSA in the future. @ What assurance does lobsters currently have that no users from the US are under 13? @ If any users are under 13, what records exist that parental consent was pursued and collected? Is lobsters COPPA compliant? There aren't criminal penalties for non-compliance, but there are civil penalties and fines that have been paid by many large website operators. The law seems to be based on whether visitors occupy the UK without reference to whether they have permission to use the site. Do you think it's worthwhile to validate this assumption, or are you certain of it? Denying site use permission is the linchpin, as far as I can tell, of complying with COPPA. Users get permission to use a site by attesting that they are not under 13. And if they are, parental consent is pursued. Is SOA fundamentally different in its wording? With a policy in place, if users are in violation, operators are well within their terms to ban violators as a good-faith effort to comply with the law and keep their service available. 1. [ ] 7 pushcx avatar pushcx edited 1 month ago COPPA requires that a website be directed to children (eg. cartoons, games) or have actual knowledge that children are using the site. Neither is true of Lobsters. The public guidance from the FTC has been clear to me about this, and I explicitly noted that children are not permitted on Lobsters before I realized the law is as narrowly written as it is. 1. [ ] 1 adriano avatar adriano 1 month ago Wow, thanks for that correction. Today I learned! 2. [ ] 1 minimax avatar minimax 1 month ago I like that solution less than geoblocking. To show good faith, wouldn't it entail banning known UK users? Who's supposed to determine that, and how? Evading a geoblock with a VPN is relatively easy, entirely up to the individual user, and doesn't involve lying. 1. [ ] 1 dfawcus avatar dfawcus 1 month ago Banning a known UK user would seem wrong; as it is not too difficult for a UK user to make a quick trip to Dublin if they wish to post a comment (bar the expense). Without re-checking the legislation, that would seem to be out of scope of the legislation. Barring UK users from accessing the service is technically impossible (VPNs etc), but the geoblocking would seem to cover the best effort handling. 31. [ ] 1 metahost avatar metahost edited 1 month ago It's been a couple of days since this was posted, is there something concrete that UK citizens can do to help ameliorate the situation? Edit: For the next reader, this comment seems to have more details: https://lobste.rs/s/ukosa1/ uk_users_lobsters_needs_your_help_with#c_l5lif8 32. [ ] 1 egamirorrim avatar egamirorrim 1 month ago Ofcom have produced a regulation checker - what does it say if you complete it as lobsters? https://www.ofcom.org.uk/online-safety/ illegal-and-harmful-content/check/ 1. [ ] 4 pushcx avatar pushcx edited 1 month ago There's nothing in the tool that requires one be a site owner to use it, if you'd like to tinker with it. It's nothing like complete enough to comply with the OSA, though, and not fit for this site from the first question: 1. Does your online service have links with the UK? Your online service has links with the UK if: @ UK users are a target market for your service; or @ It has a significant number of UK users Lobsters is not a business and does not have a target market. "Significant" is not defined, and we don't track demographic data to be able to answer the question. Like the law, the checker is written for an entirely different kind of site than a noncommercial forum. Finally, the question it seems to be trying to get at whether the site should be regulated under the UK OSA. As this is not a UK site, the answer is obviously "no", but the checker seems written to imply the UK has global authority. I may have missed the change in international policy that would permit the UK to exercise such jurisdiction, and Ofcom has failed to reference one in their guidance. 1. [ ] 1 dfawcus avatar dfawcus 1 month ago One of the links I read yesterday, possibly linked from here, had a website where someone was suggesting that Ofcom and indicated "significant" means more than 7 million. So if you have less than 7 million total accounts, irrespective of demographics, that would be an easy way to answer. One of them was also suggesting that the view that a mere reader (i.e. someone sans account) would (despite what the legislation says) not count as a "user". Otherwise every website in the world would be in scope, and apparently the legislation is not intended to affect mere websites. However despite that, I'd certainly understand if you decided to go ahead with the geoblock. 1. [ ] 3 pushcx avatar pushcx edited 1 month ago No, that's their definition of large, see this doc, page 24 (more, possibly all docs): Services with a large user base: refers to services which has an average user base of 7 million or more per month in the UK. And, reminder, "user" in the OSA means "visitor". UK lawyer Neil Brown has started writing about the OSA for small sites and notes "There is no definition 'of "significant number'." 1. [ ] 1 dfawcus avatar dfawcus edited 1 month ago It was this I was referring to: https:// onlinesafetyact.co.uk/ ra_my_self_hosted_single_user_mastodon_instance / (i.e. Neil Brown's site) and his assessment that: x the definition of "encounter" is broad and includes merely viewing content. It is also clear that someone need not be "registered" to be a "user". But the language is still of users. They may not need to be registered users, but there must be "users". If "user" and "visitor" were the same, I would have expected Parliament to have said so. I am responsible for my users (which just happens to be me), not the users of other people's services. x the service is a web server on which I can post things, which can be seen by others. In essence, it is the same as a website: a place where I can write things, which can be seen by others. I do not consider that the OSA intends to regulate websites, simply because a website may have visitors, who can read the content on that website. This would be the impact of saying that all "visitors" were "users", because a visitor can "encounter" content on the service. (my emphasis) As layman, I expect the UK courts to take a similar line. Now granted, you may not wish to take that risk. Now it would be rather amusing if the OSA in effect caused the rest of the (western) world to erect a "Great Firewall of Britain" simply due to the hassle it seems to impose upon them. :-) 1. [ ] 8 neil_brown avatar neil_brown 1 month ago Just fyi, in the light of recent new guidance from Ofcom around who is a user - since Ofcom has said that visitors are users - I've revisited my assessment, and I am going to be doing illegal content risk assessments and children's risk assessment "just in case", daft though it seems for a single user instance. 33. [ ] cyberia avatar cyberia 1 month ago [Comment removed by author] 1. [ ] 25 tonyedgecombe avatar tonyedgecombe 1 month ago This is classic rehashed New Labour technically-illiterate authoritarianism. It is Tory legislation from 2023, before Labour came to power. 1. [ ] 2 cyberia avatar cyberia 1 month ago Yeah but they could very easily have just dropped it 1. [ ] -1 tomhukins avatar tomhukins 1 month ago Yeah but they could very easily have just dropped it Yes, governments can pass laws. Saying that a government could have passed a law that it didn't seems like a pointless statement to make. I have flagged your comment as trolling. 1. [ ] 7 cyberia avatar cyberia 1 month ago Alright, I admit I hadn't realised that it had already received royal assent in my initial comment, but the fact remains that it is not yet law. The government could simply choose not to trigger the statutory instrument. My underlying point is that whoever wrote this legislation, it is right up the current government's street in a similar way to the previous Labour government's authoritarian tendencies. Calling that trolling is absurd. 2. [ ] 11 WilhelmVonWeiner avatar WilhelmVonWeiner 1 month ago The Online Safety Act has already gone through every reading in Parliament and Lords and has received royal assent. The act is law. The only thing left is for Parliament to approve the regulations OFCOM have decided, on March 17th. 1. [ ] 11 dfawcus avatar dfawcus 1 month ago That does not matter, they could easily repeal it before it came in to effect. As an example we have the (previous "New Labour" gov's) ID card (and database) scheme which actually did go live, with folks getting such cards. It was live for something less than a year before the coalition gov came in and repealed the whole thing. The fact that they've not repealed it (or even proposed to do so) tells us that they actually agree with it. 1. [ ] 9 gpm avatar gpm 1 month ago Incoming governments don't come in and undo everything that the previous government did that they don't agree with. Not undoing everything is itself an important tradition, because it provides a degree of continuity even as different people run the country. All not repealing a law tells you is that they don't disagree with it strongly enough to make undoing it a priority. 2. [ ] 3 pushcx avatar pushcx 1 month ago Do you know what the approval process would look like, or if it has a more formal name I could look up? Is there a public tracker of its progress (like many legislatures have for introduced legislation), a calendar it might appear on, a responsible official who might make public statements? 1. [ ] 2 WilhelmVonWeiner avatar WilhelmVonWeiner 1 month ago Parliament has an official bill-passing website, here's the OSA. 1. [ ] 1 gerikson avatar gerikson 1 month ago Thanks for this link. I think the Publication section has a lot of info, including Impact Statements and written evidence from many parties: https://bills.parliament.uk/bills/3137/ publications 2. [ ] 2 dfawcus avatar dfawcus 1 month ago Generally Bills are created such that sections of the resultant Act have to be activated. That is usually via laying a Statutory Instrument before Parliament, generally on the negative procedure. See: https://statutoryinstruments.parliament.uk/ e.g.: https://statutoryinstruments.parliament.uk /?SearchTerm=Online+Safety+Act&House=& LayingBodyId=&Procedure=&ParliamentaryProcess=& RecommendedForProcedureChange=& ConcernsRaisedByCommittee=&MotionToStop=& DebateScheduled=&ShowAdvanced=False Have a look at this one, linked from the search results above, on bringing a section of the Act in to force by defining a date previously unspecified: https://www.legislation.gov.uk/uksi/2024/571/made Some of the parliament website pages have RSS feeds... About Tags Filter Moderation Log