I definitely get the proactive response here, as I’ve considered the same for my small platform. The biggest issue is the definitions of who the majority of the requirements apply to is quite hard to find. It’s buried on page 65 of this pdf:
It defines “large service” as “a service that has more than 7 million monthly active United Kingdom users”. This is 25% of the UK population. If your service isn’t a household name, it mainly doesn’t apply to you, but the language they use makes it seem like this applies to more.
They also block Brave browsers entirely. I tried reading into it, but it appears to be one of those "programmer personality quirks". The fellow that runs the site appears to think Brave is a scam of some sort, and just decided to block the entire browser.
This kind of stuff gives me hugbox vibes, i would not feel safe there. I'm somewhat sure some of the moderators use the website as personal political leverage.
This site is just as much of a hugbox. At least they have transparent moderation. Here you just get deaded and shadowbanned and don't know why. (Well, you can guess: because you posted a right-wing opinion)
Does this person actually buy into the nonsense, though, or are they just being provocative? Both are reasons to mute someone, but only one is ideological.
Yep, just pointing it out. It's like a completely unironic version of that joke:
> Conservative: I have been censored for my conservative views
>
> Me: Holy shit! You were censored for wanting lower taxes?
>
> Con: LOL no...no not those views
>
> Me: So....deregulation?
>
> Con: Haha no not those views either
>
> Me: Which views, exactly?
>
> Con: Oh, you know the ones
"Oh no, I keep getting kicked out of places for throwing around neonazi references"
I used to have an account on that site as well and left for the same reason: repeated messages telling me I had been flagged and I needed to reconsider when I dared to venture too far outside the desired narrative. There will be many others who have made or will make the same decision which leaves sites like this with a population which is mostly ideologically cohesive. Maybe that is a good thing for those sites and maybe the participants feel 'safe' in such an environment but it surely is lacking in stimulating curiosity and widening one's intellectual horizon.
At least HN allows you to come back under another name and with that is less at risk of totally succumbing to the echo chamber mentality. It also does not tie new users to existing ones nor are existing users who happen to invite new users who are deemed to be 'problematic' punished for those invitations.
Is it me, or is brave more of a cryptocurrency platform that pretends to be a browser?
A lot of people don't really like the toxic discussions that crypto usually tends to devolve in. So it makes sense to block the browser if you don't want those people on your server.
I am no fan of Brave, but where is the logic here? Just because someone uses Brave, they will engage in toxic discussions on crypto? Am I missing something?
I use Brave for YouTube and other streaming, and I've never encountered any crypto stuff. They have/had their own BAT token that dealt with paid advertising but I've not seen it mentioned in quite some time.
As far as I can tell it's just another browser that blocks a lot of internet crap.
As someone who self-hosts Mastodon, should I be geoblocking the UK as well?
For the record, I only host it for myself, so I'm pretty sure I wouldn't have received any of the legal protections that the OSA is now stripping away, and thus geoblocking the UK wouldn't matter. But if there's something else I'm missing, please let me know.
Is a decentralized approach to communication an effective bulwark against this type of legislation? As is mentioned in the linked thread, the act itself is extremely hard to parse, so maybe it's not even possible to know the answer. Just curious if anyone has done research from that angle.
Neil Brown[0] has been attending the Ofcom online sessions and asking them about Fediverse servers but they've been unhelpfully vague as to how/if/why/when they fall under OSA.
That's a good point, but the thing to do in that case is post the original URL and add an archive link in the thread. I've done that now (https://news.ycombinator.com/item?id=43152546).
ELI5: Why should a US-based site, hosted on US soil and run by a US citizen, care about laws in all the hundreds of other random countries located thousands of miles away?
Because they can be arrested and extradited to UK. Not a high chance, but not zero. And a realistic one is to be arrested while traveling in Europe and extradited to UK.
There are no documented cases of the UK intercepting and arresting a US citizen traveling through Europe for an act that is not a crime in the United States.
Extradition treaties, such as the UK–US Extradition Treaty of 2003, allow for extradition requests between the two countries.
They generally require that the alleged offense be a crime in both jurisdictions ("dual criminality") which ensures that individuals are not extradited for actions that are not considered crimes in their home country.
100%. I'm very confident that, even if the UK wanted to upset this decades-long geopolitical equilibrium, they would not choose a small niche tech forum with a primarily non-UK userbase as the way they make their big splash on the global stage.
The simple answer is to not recognize the authority of the UK government when you don't have a physical presence there, as long as they are failing to protect their citizens with sane, ethical digital policy.
Tough pill to swallow for some, but there is no difference between irrational demands made from the government of the UK, and say, North Korea. It's everyone's choice which side of history they'd like to be on.
Just to play devil's advocate, the relationship between the EU and the US compared to North Korea is not at all similar. I think that's why this is listed as an option:
> A statement from the US Department of State that it does not believe the law applies to American entities and a commitment to defend them against it.
I also recognize the potential for legal action or criminal charges. Those are great opportunities to fight these tyrants in one of the few battlefields available to us.
As Martin Luther King, Jr. said:
"I submit that an individual who breaks a law that conscience tells him is unjust, and willingly accepts the penalty by staying in jail to arouse the conscience of the community over its injustice, is in reality expressing the very highest respect for law."
Now, it may be that Lobsters simply doesn't have the highest respect for the law, or perhaps they value their community's survival over leading by principle and securing a bright future for posterity. Short-sighted thinking, but I understand the motivation.
My comment is a call for people to consider their priorities with respect to the world we leave behind us. Taking the easy way out and avoiding conflict with an encroaching global authoritarian movement is not going to fix anything, and contributes toward an ever-darker future.
This is not a jab at Lobster, and I am glad to see them at least trying something before simply geoblocking the UK. But what if geoblocking isn't enough? What if knowing a VPN-enabled user is from the UK but not banning them is still grounds for a lawsuit or criminal charges?[0] What if more countries join in?
[0] This leads to the ironic outcome that the UK becomes less represented in the next generation of online discourse and slides further into backwater obscurity, despite being home to such rich culture and academia.
Ah, yes, my American brain made the association too easily. Regardless, it doesn't alter my point much, in that the US/UK relationship is still more friendly than North Korea. Of course, it may not stay that way.
> Now, it may be that Lobsters simply doesn't have the highest respect for the law, or perhaps they value their community's survival over leading by principle and securing a bright future for posterity. Short-sighted thinking, but I understand the motivation.
This argument seems to dismiss the fact that the original thread started with a statement that they do not have the financial stability to challenge such a law. Sure, they could go principally bankrupt, but what effect would such a small fry really have in the global geopolitical environment? I just don't think they have a stage that's anything close to the size of MLK's.
I have very complex and mixed feelings about US tax law in general as it stands, and I certainly do not condone the current state of US foreign diplomacy in general, nor how our economic situation after Europe was shattered by war led to increased international economic control and influence, and economic consolidation under the dollar.
As a person living in the UK, I really hope the rest of the world gives the middle finger to this pathetic extra territorial law by totally ignoring it.
They can ask ISPs to do the censorship if they really want to keep us “safe”.
Question: why pro-active block some authoritarian countries like the UK, but not others like China? Is it because only the UK passes legislation that threaten people outside of its borders? Or does China do it too and we ignore it?
If you commit a crime in the UK then I would expect extradition to be a genuine risk.
It's a connected world, so online activities are probably pretty grey-areas. If you defraud someone (for example) but they're in another country, where did the crime happen?
As much as I hate this legislation, this is really just a small forum deciding they don't have the time to understand the legislation and therefore it's easier to block IP's from the UK (while it's not even clear if that will exempt them from liability). Fair enough but hardly earth shattering. I remember several US based websites geo-blocking all of Europe after GDPR came in (I think the LA Times was one of the biggest) and that went on for years.
We need legislation that tackles the various issues this legislation aims to tackle but in much more targeted ways. It needs to specifically target the biggest social media companies (Meta, X, Reddit, etc). Smaller forums are irrelevant. If your algorithm recommends self-harm content to kids who then go on to kill themselves it is right that you should be held responsible. "We're so big we can't be expected to police the content we host" should not be an acceptable argument.
I think the legislation does not name specifically companies (that would be quite shortsighted since new apps etc appear all the time and they don't want to be updating legislation every time something gets popular), but simply says if you have more than 7 million 30-day active UK users of the user-to-user part of your site, then you're in-scope. That's quite a big audience.
Small forums run as hobby projects need to require little-to-no investment of time and money, or the ROI quickly goes negative and they just shut down instead.
A little while back there was the story [0] of a Mastodon admin who hated CloudFlare and its centralized protection, but found that he had no choice but to sign up for it anyway because a disgruntled user kept launching DDoS attacks and he had no other way to keep his instance online. A bunch of people here and elsewhere kept unhelpfully replying that, “you don’t need CloudFlare, you could just do [incredibly convoluted and time-consuming solution] instead”, and all of those people were missing the point: CloudFlare is “set it and forget it”, which is a non-negotiable requirement for anything which is run as a hobby instead of a full-time job.
It’s the same with this UK law: yes, you could spend weeks of your life learning the intricacies of laws in some other country, or you could just block them and be done with it. Businesses which might need revenue from UK users will do the former, but if I’m running a site out of my own time and money, I’ll do the latter. And I don’t want hobby sites to have to disappear: the Internet is commercialized enough as it is, and regulating passion projects out of existence would kill the last remaining independent scraps.
It would be much easier for me to run a small business if I didn't have to worry about the intricacies of tax law or how the various company structures affect my liability - but that's life. If you want to do various things in life, you may have certain responsibilities. Again - I don't like this particular legislation, but if your hobby is a website where others can post content you have a responsibility that the content shouldn't be illegal or harmful to others. If you can't deal with those responsibilities you can't run the website. It's no different than being required to follow health & safety regulations in an IRL business, even if it's just my 'hobby'.
You can still be fined for 'failing to comply' with the legislation even if no objectionable content has been posted.
To be in compliance there is a whole list of things you need to do, some of which are expensive.
Yes, I could do that, or I could block the only country which is imposing these burdens on me, keep my website running as it always has been, and call it a day. It’s a pretty easy choice.
I don't know anything about lobste.rs, but they mention lfgss and when that was discussed on HN a couple months ago the person that runs lfgss mentioned these as things they would have to do to comply:
> 1. Individual accountable for illegal content safety duties and reporting and complaints duties
> 2. Written statements of responsibilities
> 3. Internal monitoring and assurance
> 4. Tracking evidence of new and increasing illegal harm
> 5. Code of conduct regarding protection of users from illegal harm
> 6. Compliance training
> 7. Having a content moderation function to review and assess suspected illegal content
> 8. Having a content moderation function that allows for the swift take down of illegal content
> 9. Setting internal content policies
> 10. Provision of materials to volunteers
> 11. (Probably this because of file attachments) Using hash matching to detect and remove CSAM
> 12. (Probably this, but could implement Google Safe Browser) Detecting and removing content matching listed CSAM URLs
A lot of those sound scary to deal with but upon closer look don't actually seem like much of a burden. Here's what I concluded when I looked into this back then.
First, #2, #4, #5, #6, #9, and #10 only apply to sites that have more than 7 000 000 monthly active UK users or are "multi-risk". Multi-risk means being at medium to high risk in at least two different categories of illegal/harmful content. The categories of illegal/harmful content are terrorism, child sexual exploitation or abuse, child sex abuse images, child sex abuse URLs, grooming, encouraging or assisting suicide, and hate.
Most smaller forums that are targeting particular subjects or interests probably won't be multi-risk. But for the sake of argument let's assume a smaller forum that is multi-risk and consider what is required of them.
#1 means having someone who has to explain and justify to top management what the site is doing to comply.
#2 means written statements saying which senior managers are responsible for the various things needed for compliance.
#3 is not applicable. It only applies to services that are large (more than 7 000 000 active monthly UK users) and are multi-risk.
#4 means keeping track of evidence of new or increasing illegal content and informing top management. Evidence can come from your normal processing, like dealing with complaints, moderation, and referrals from law enforcement.
Basically, keep some logs and stats and look for trends, and if any are spotted bring it up with top management. This doesn't sound hard.
#5 You have to have something that sets the standards and expectations for the people who will dealing with all this. This shouldn't be difficult to produce.
#6 When you hire people to work on or run your service you need to train them to do it in accord with your approach to complying with the law. This does not apply to people who are volunteers.
#7 and #8 These cover what you should do when you become aware of suspected illegal content. For the most part I'd expect sites could handle it like the handle legal content that violates the site's rules (e.g., spam or off-topic posts).
#9 You need a policy that states what is allowed on the service and what is not. This does not seem to be a difficult requirement.
#10 You have to give volunteer moderators access to materials that let them actually do the job.
#11 This only applies to (1) services with more than 7 000 000 monthly active UK users that have at least a medium risk of image-based CSAM, or (2) services with a high risk of image-based CSAM that either have at least 700 000 monthly active UK users or are a "file-storage and file-sharing service".
A "file-storage and file-sharing service" is:
> A service whose primary functionalities involve enabling users to:
> a) store digital content, including images and videos, on the cloud or dedicated server(s); and
> b) share access to that content through the provision of links (such as unique URLs or hyperlinks) that lead directly to the content for the purpose of enabling other users to encounter or interact with the content.
#12 Similar to #11, but without the "file-storage and file-sharing service" part, so only applicable if you have at least 700 000 monthly active UK users and are at a high risk of CSAM URLs or have at least 7 000 000 monthly active UK users and at least a medium risk of CSAM URLs.
All of Europe is leftist in that regard. There is no free speech in Europe and even the "extreme right" parties in France, Italy, Germany or Romania, for example, are just called extremist because anyone can throw words at anything, not because they are (note: LePen the father was an extremist, the daughter is not).
I don't know if you mean that or are being sarcastic, but either way, this is not the kind of comment we want here, so please don't like this. It's not what this site is for, and destroys what it is for.
That is fair enough — I guess im just salty that the UL repeatedly feels they can impose their backwards legislation on the rest of the world when they are hardly even relevant — it’s just a repeat of colonialist nonsense but on a more ridiculous level.
Legislating to break apple’s encryption worldwide was just the latest entitled insult to everyone else worldwide.
