@gamingonlinux I've still not heard back from my MP Steve Reed, about the letter I sent to him about this.
Shower of bastards.
The UK Online Safety Act is exactly the sort of unhinged bullshit you would expect to get from raving authoritarians who hate other people just going about their business.
It is fuck all to do with safety (because the real bad people will simply work around it) and everything to do with control.
A physical cycling club is going to e.g. have done safeguarding assessments, considered health annd safety, written down club rules etc. to protect its members.
I don't think it's unreasonable for risk assessments to be required of even a small online cycling community, or similar. But, it shouldn't be as costly or ambiguous as the fumbled introduction of this law makes it.
Definitely feel like I'm in the minority on mastodon in feeling that, broadly, it's right that small sites with user-user interaction should have to do the kinds of risk assessments the OSA requires and have defined effective moderation / content removal measures etc.
The assessment guidance being awful, and the law having too many ambiguities, are things begging to be fixed... but the principles behind are not wrong to my mind.
“The Online Safety Act [UK] places onerous duties on small websites and blogs that may lead them to close or geoblock UK users rather than risk penalties. The closure of small sites will not keep children safe but will benefit bigger sites, including Facebook and X, who are laying waste to content moderation on their platforms."
The UK government can exempt small, safe websites to protect #netplurality.
ORG's @JamesBaker
“I’ve just closed the forum of a small classic car club because we don’t have the time or capacity to ensure compliance with only volunteers. Meta will benefit, because we will, reluctantly, move to using a Facebook page”
https://alecmuffett.com/article/112834
#OnlineSafetyAct #ofcom
Thinking of making a "www over SMTP" thing... composed of two proxies... one that consumes web requests and turns them into emails, and takes email replies and turns those into web responses... and another that consumes emails and turns it into a web request and takes a web response and turns it into an email.
Why?
Because this would fundamentally break the #OnlineSafetyAct
There is a carve out for "services that operate over SMTP"... and well, any service could operate over SMTP with just a little bit of effort.
If the smtp2web proxy ran on web forums... then the forum is exempt.
Any the web2smtp proxy could be run anywhere, including locally behind / within web browsers, or on other domains, or federated.
“There is something deeply wrong when a law passed with cross-party consensus & endorsed by Britain’s most trusted charities has made it impossible to run an internet forum for hamster owners”
https://alecmuffett.com/article/112832
#OnlineSafetyAct #hamsters #ofcom
@neil my server is held together by duct tape, it being my old laptop that got a bit too friendly with a hard floor. I don't think ofcom's idea of negligible really matches that scale...
@neil I created a TTRPG website for my family during lockdown. It features chat and a shared whiteboard. I'm pretty sure it's an £18 million OSA risk now. #ttrpg #onlineSafetyAct
Sometimes, Ofcom bewilders me:
Ofcom has said that for small sites, the costs of complying [with the Online Safety Act] “are likely to be negligible or in the small thousands at most”.
Small sites, especially volunteer-run community sites, generally don't have "small thousands" to spend on legal advice. And even if they did, that's far from "negligible".
I have updated my page of sites shut down by / blocking users in the UK because of the UK's #OnlineSafetyAct for what might be the final time:
Ofcom guidance: "service providers should not host or permit content on your service that directs or encourages child users to circumvent the age assurance process or the access controls, for example by providing information about, or links to, a virtual private network (VPN) which may be used by children to circumvent the relevant processes."
If you run a forum about technology, say, your #OnlineSafetyAct obligations include censoring discussions of VPNs, Tor or other privacy-preserving tech.
So question for the OSA people out there: I’ve done a risk assessment for my mastodon instance (what a huge waste of time). Do I actually need to do anything with it, other than to keep it safe?
Do I need to publish it, or file it somewhere?
I'm now getting customers asking me how they can make their business #OnlineSafetyAct (UK) compliant.
These are small businesses who don't have any kind of forum or customer to customer interaction. Grrr.
There's still time to put pressure on the UK government.
The UK Secretary of State has the power to exempt small, safely moderated websites from the Online Safety duties.
We need urgent change to protect net plurality, rather than further consolidating power in monopoly platforms. We need competition for a safer Internet.
Write to your MP (UK) #SaveOurSites
https://action.openrightsgroup.org/save-our-sites-write-your-mp
The UK Online Safety Act comes into effect today.
Its onerous duties may cause many small sites, blogs and fedi instances to shut down or geoblock UK users when faced with potential fines and penalties.
This won't keep children safe. It'll benefit large platforms like Facebook and X that are laying waste to content moderation.
Ofcom’s risk assessment deadline has passed, and online platforms must now take action to protect users from illegal content and activity occurring on their platforms. Significant fines await those who fail.
https://www.computing.co.uk/news-analysis/2025/new-online-safety-act-measures-come-into-force
Just published the Online Safety Act pages for my two web applications.
Viking Mind (bookmarks, out of scope):
https://vikingmind.uk/online-safety-act
Pick a Date (polls + votes, in scope):
https://pickadate.uk/online-safety-act
Pick a Date will probably go through a couple more versions to tighten things up. I've also disabled comments on all my blogs.
Feels like a waste of time, but there's no exemption for small / low risk sites.