It's also possible for the owners or employees of the company to be held liable if they ever visit the UK.
Or, you travel to the UK! It’s a pretty popular destination and Heathrow is a major European hub. It would be easy to get caught out.
The law may well be onerous and misguided. But looking at that site, it seems they reeeeally should do their due diligence. Not just to avoid the long arm of UK justice, but other territories too. It looks extremely dubious.
Their mitigation doesn’t make sense either. If they don’t shutdown UK accounts and those accounts use UK credit cards which continue to use the service via a VPN. It could be reasonably argued that they know they’re providing a service to a UK resident. So, they really need to do their homework.
What they’re actually complaining about is the cost of doing business. It sounds pretty amateurish.
When did this happen?
Source: I was recently listening to a podcast about court cases and an extradition case came up. They mentioned that reasons to not be sent are mainly about human rights, like if you need medical treatment that the target country can't (or isn't likely) to give, or if you would have to sit out your punishment under inhumane conditions (oftentimes you can sit out your punishment in the country that extradited you after having stood trial in the other country's legal system), or if the country you're being sent to was involved in your torture (them handing you over to another party that you know does torture would count, even if their own hands are 'clean'; that was the crux in this case, whether the victim aka accused person was handed over by the united states to pakistani intelligence and the usa therefore had forfeited their claim to further try the person for the alleged crime)
I have no idea if this is a likely or even possible consequence, but that’s one way lots of people have gotten ensnared by the long arm of the law, even when jurisdiction is otherwise normally lacking.
You'd be well advised to avoid a country this like.
If the UK had remained in the EU, then extradition might be possible (depending on whether courts approve it) but right now it's pretty unambiguously impossible.
https://www.gov.uk/government/publications/international-mut...
Apparently Germany is also (at least as of 2023) not extraditing non-citizens to the UK due to the condition of British jails as well so: https://www.theguardian.com/society/2023/sep/05/germany-refu...
Having said that, it can limit a lot ones travel possibilities.
For an extreme case, ask Julian Assange what might happen if a country doesn't like what you put on the internet.
There was a lot of "vote splitting" and spoiler effect going on due to FPTP.
Labour have a very weak mandate.
There's a certain irony in our politics right now that FPTP has been maintained by two dominant political parties because it has served their purposes to have little real challenge from smaller parties despite those parties collectively having quite a lot of popular support. That same system has now all but ended one of those two dominant parties as a force in British politics and at the next election it might well do the same for the other. The scariest question is who we might then get instead if Labour don't force through a radical change to our voting system while they still have the (possibly last) chance.
Towards the end of the last Labour government in the UK, in the lead up to the election that ended it, I heard a Labour MP on the radio being asked about bringing in PR and transferrable vote systems (like we have here in Aus). His attitude was that PR is for losers. FPTP puts the winner in place. Anyone disputing this, or trying to bring up ideas about systems which give power to candidates representing a wider slice of the electorate - they're just losers who couldn't get the votes they needed to win. It was sickening to listen to.
The problem, of course, is that any party that gets into power gets in via the existing system, and asking them to change it is like asking someone to train their replacement and fire themselves.
Indeed. But Labour might be facing an electoral wipe out next time anyway like the Tories last year. Even if they do a decent job they're starting from such a bad position that it will be tough to rebuild enough public support for another election victory. Unfortunately that becomes tougher if they actually try to fix some of our long-term problems by doing sensible things that won't pay off in time for the next election.
If they realise that their current strategy of giving the vote to 16 and 17 year olds isn't going to be enough to stay in power and Reform (populist right-wingers) look like they're going to win big instead then there will be a lot of soul searching going on at Labour HQ. Making a change that will at least see them avoiding the fate of the Tories last time might be a bit more palatable for them even if it would still be a bitter pill to swallow for the many Labour MPs who were going to lose their positions either way.
Can but hope I suppose, perhaps when they're staring down the barrel of a Farage government... but I'm not seeing it.
It's not a manifesto policy but then they're probably going to implement a lot of things that aren't manifesto policies between now and then. At least this one would have cross-party support in Parliament and probably broad public support as well.
thats literally all there is to it.
Also I don't know what sort of weight "guidance" from a reg agency vs statute carries there, how much of a defense it is, etc.
The UK doesn't have a First Amendment or a Bill of Rights other than the European Convention on Human Rights, that leading parties campaign of abolishing (if a bill of rights can be abolished by the legislature, it's not worth the paper it's printed on). Heck it doesn't even have a proper written constitution, it doesn't have separation of powers or an independent judiciary (the previous Parliament considered passing a law saying "Rwanda is a safe country to deport inconvenient asylum seekers to" in response to a court ruling (correctly) saying it manifestly isn't.
The UK and Australia are in a race to the bottom to see which one is going to be the worst enemy of the Internet. The only check against these authoritarian powers is popular juries, and they are trying to get rid of these as well.
https://hansard.parliament.uk/commons/2025-06-23/debates/250...
"with its members demonstrating a willingness to use violence"
As far as I am aware, have only damaged property. Have they actually committed any acts of violence or advocated violence?
It is embarassing for the UK military that they were able to get into a base and spray paint military planes.
Also, the group has directly harmed people too:
> A police officer was taken to hospital after being hit with a sledgehammer while responding to reports of criminal damage.
That seems a stretch.
>A police officer was taken to hospital after being hit with a sledgehammer
I wasn't aware of that incident.
It smells like a jumped up "assaulted a police officer" charge because you shield your face from their punches. Hitting someone with a sledge hammer is a suitably scary tabloid headline but physically unlikely and entirely out of character for the accused group.
Note that Avon Police have form as lying pieces of shit.
They attacked protestors and claimed 21 injured officers specifically: "officers got broken bones, had punctured lungs, were very seriously injured" in the national media.
Journalists contacted local hospitals and found no police were treated that night. They had to retract those claims and their list of the claimed injuries included staff who never attended the scene, a bee sting and a twisted ankle getting out of a car.
I expect similar will happen here but only after this claim has been used for years to demonise protestors.
people have literally been jailed for "hate speech" here because they clicked like on a tweet. labour is currently debating an official definition of "islamophobia" which would criminalize stating historical facts like "islam was spread by the sword" and "the grooming gangs are mostly pakistani". the govt put out a superinjunction forbidding anyone (including MPs) from mentioning they spent £7B bringing over afghans allegedly at risk from the taliban, and also criminalizing mention of the gag order itself, and so on recursively. nobody (other than judges and senior ministers) knows how many other such superinjunctions there are.
all this and more is covered by those 17 categories.
on top of this, britain claims global jurisdiction here. think a minute how absurd that is -- any website anywhere that any briton might access is in scope, according to ofcom. and they claim the power to prosecute foreigners for these "crimes" ...
I am aware that someone was jailed for encouraging people via social media to burn down a hotel with refugees in ( https://www.bbc.co.uk/news/articles/cp3wkzgpjxvo ). But not because they clicked like on a Tweet. Reference please.
This has to be the most uncharitable reading of that situation I've ever seen. Have you been watching GBNews?
The Ministry of Defence messed up under the last government, a junior operative leaked a list of names of Afghan people who had helped the UK armed forces during the years of British and American presence. Not only that, but the list also contained the names of UK special forces and a few secret agents. This is bad and at that point they had a duty to protect the people they'd exposed.
So yeah, they got a "super injunction" to prevent reporting of the list to do further damage, and that does prevent prevent reporting of the injunction. I personally think such things are dodgy as fuck and shouldn't be available in law, but compared to using them to block discussion of (for example) a rich footballer or a journalist being caught having an affair, it seems like this was comparatively reasonable.
To paint this as purely an exercise hiding the spending of money on bringing afghans into the UK 'allegedly at risk' seems... well, uncharitable.
> on top of this, britain claims global jurisdiction here...
As do the EU (and UK) for the GDPR, and lots of other countries for lots of other things. If you're offering services to people in the UK you have to abide by UK laws.
We can talk about the laws being bad (and it seems this one is) but it's hard to see that principle as wrong, unless you're still in love with the old wild-west, no-rules-followed internet. I think those days are behind us.
https://www.aljazeera.com/economy/2019/10/2/locked-out-why-i...
I don't know where I stand on this legislation - my gut is that it's too heavy handed and will miss the mark. But I think we need to stop saying this falls solely on parents. The internet is far too big, and parenting is far too varied for this to work. I wish it would, but it won't. There simply aren't enough parents that care enough.
Should society just be about the accumulation of wealth and no other human needs considered? Or, have I misunderstood your comment?
Are you sure?
Many of the other comments on this thread point out what the "hurt" is, and it is not trivial, neither is it particularly difficult to understand. Unless you choose not to.
Relax, stop being so combative and engage in some discussion. Otherwise why are you replying to me in the first place?
Also, thanks for pointing out this isn't Reddit, I wasn't aware.
By "good outcomes" you mean "addicted to the government"... which is not entirely surprising.
Maybe you got to peek at something that a friend's older brother had, or a friend knew where his dad's stash was.
But bottom line it wasn't easily available and took some effort and risk to get it, and that's even if your parents weren't doing anything to prevent it.
On the internet it's just there. Maybe you click "Yes I'm 18" but that's hardly a roadblock.
What these laws do is try to get back to the 1990s and earlier when access was much more limited. Parents want this, they vote for this. In that sense, they are doing something about it.
Yeah. It’s called “parenting”.
Beyond the obvious response about parenting: do they?
There was absolutely no restriction on the web when millenials were growing up, and we didn't become a generation of degenerates.
I'd like to see actual proof that there is a need for mass online protection for children.
Their business is creating virtual AI friends, often with sexually suggestive themes.
You can browse through the characters here: https://janitorai.com/
Would you want to let a lonely kid who might already have self confidence issues and problems making real-life friends loose on that site?
For a site operator who seems really concerned about potential liability under this law, I sure wouldn’t have put this in writing. Feels like it really undermines the rest of the post and the compliance measures being taken.
There's literally "Best VPNs For Accessing Porn in the UK" articles, they'll be fine.
It isn't, the Ofcom OSA act codes explicitly say that the site cannot explicitly tell people how to get past it's verification methods.
> There's literally "Best VPNs For Accessing Porn in the UK" articles, they'll be fine.
They're on journalism sites that are explicitly exempted from the law, so they aren't advocating for getting around that specific site's methods.
It will be interesting to see how this works on any social platform though. To my reading of the guidance Ofcom require Reddit, BlueSky/Twitter etc to block any posts discussing using a VPN to get around it, or at least require age verification to access those posts too.
But I think that contradicts other parts of the legislation, and Ofcom have got themselves into quite a predictable mess.
Yes, but the recommendation was for the platform, not the users ("For a site operator who seems really concerned about potential liability", emphasis added). Spelling out how anyone (including minors) can get to the site without any age check may not be an issue for users' own good but a liability for the platform
Not saying I agree or disagree, just clarifying what the text above meant
But I doubt this is specific enough to hit that bar - it is more of a factual note about what the law is for UK users rather than a specific call of "don't use our verification methods, use a VPN instead."
Every other Youtuber these days is thanking NordVPN for sponsoring their channel then proceeds to walk through specifically how to use it to view geoblocked Netflix content, and they (and NordVPN!) are fine.
People aren’t prevented from using VPNs in the UK, in case anyone is unclear on this.
I’m no prude, but I think this is a not-great thing to expose kids to, and the UK government is maybe not-terrible to want some sort of way to gate kids’ access.
it places a huge compliance burden on the 99.5% of small sites out there which are completely innocent
"janitor.ai" is not one of those sites...
an effective OSA should be targeted at sites like that
and saying "UK users, we can identify your accounts and have deliberately left them open cough VPN cough" isn't going to help them in the slightest (see Section 19)
Problem solved.
https://www.gov.uk/government/publications/online-safety-act... .
From what I'm reading, Amazon will have to implement age-checks over 8/10 of its book inventory, with the other 2/10 opening the company for liability about the very broad definition of "Age-appropriate experiences for children online." And yes, janitorai is correct that the act applies to them and the content they create, and a blanket ban to UK users seems the most appropriate course of action.
For what is worth, the act does not seem to apply to first-party websites, as long as visitors of that website are not allowed to interact with each other. So, say, a blog without a comment feed should be okay.
So if you filter out known bad words and spam comments, that could very well cover things.
That's happening with the AI act here as well. Almost no-one wants to even touch the EU shitshow and they're still going forward with it. Even Mistral was trying to petition them, but the latest news seem like it had no effect. Fuck us I guess, right? Both consumers and SMBs will lose if this passes as is.
It isn't populist either, no-one supports this. The UK has media campaigns run by newspapers, no-one reads the papers but politicians so these campaigns start to influence politicians. Always the same: spontaneous media campaign across multiple newspapers (low impact on other kinds of media), child as a figurehead, and the law always has significant implications that are nothing to do with the publicly stated aim.
Democracy has very little to do with it. Elections happen in the UK but policies don't change, it is obvious why.
it's an extremely trivial thing to do and the ofcom guidance is very easy to follow.
I really dont understand why parents don't bare the responsibility of their kids internet access as opposed to the expectation the internet raises their kids...
I also don’t think this act is the way to address these issues, but I don’t think it’s as easy as just putting everything at the feet of the parents as I imagine it almost impossible to police at home, not to mention at school.
When I think of older technologies like television, we have rules and regulations about what can be shown when.
Again, this isn’t to say this approach is right, but wanting to regulate isn’t an attack on free speech. It seems there is regularly a tension on HN between free speech absolutists, usually from the US and those more happy to accept regulation, usually from the EU
I don't, because I don't need to.
I had unrestricted access to internet when I was my kids age and I turned out just fine, just like the extreme majority of my generation.
I know that serious discussions about important topics are enough to make sure that even if my kids do access content that's not meant for children, they're not negatively affected by them, just like I wasn't.
Again I don’t have kids, so I’m not in a position to judge, but I can only imagine the pressures on children are completely different nowadays. For example, we didn’t have computers in our pocket 24/7 with all of our peers on the other end influencing us indifferent ways.
Just as an aside, the UK has been doing this for decades. One of the most permanent causes of legislative failure in the UK has been making laws based on media pressure that have potentially huge costs in the future. And as these costs emerge, guess what the only solution is? More interventions.
I would suggest that a country which cannot control crime, cannot control borders, has a collapsing economy, cannot house people, etc. has bigger problems than trying to arrest people for saying things on Twitter or shut down end-to-end encryption.
Hmm no it's really not. By the time I was a teenager, porn was easily accessible on the web, social media were in their peak use, etc.
the question of whether the state should try to fix this stuff is irrelevant, it cannot
Many kids from these backgrounds are seen as little more than cashcows to help their parents get homes and income without having to work.
If you turn having children into a profit-seeking enterprise, you will get bad outcomes. The UK is in the bizarre position where people who should have kids aren't having kids but they are paying for the children of those who shouldn't have kids.
The statistics coming out about this are incredible. We are looking at 20-30% of this cohort likely being unable to work at any point in their lifetime.
the solution to children stabbing each other was to attempt to ban knives
i believe they are also gearing up for a ban on cigars, cigarettes have a scale which will make them effectively illegal for children born today, more types of pornography are being banned
...this is the same country which has legalised heroin use regionally btw...you need a licence to watch porn but your neighbour can shoplift, shoot up heroin, and you pay his rent...
however bad you think it is, it is much worse
??
What on earth are you talking about?
Platforms are also responsible for not allowing their services to be used to abuse children, which is also true offline.
As a wise man once said:
> The British legal system is and always has been a litany of injustices dressed up in formal attire. To be avoided at all costs.
I can assure you that this is such a scenario, as a restaurant in the UK is absolutely responsible for providing safe toilets for their customers, especially if a risk has been brought to their attention.
This Twitter-style faux-casual way of writing is so common among AI people right now (see Sam Altman) and it’s extremely grating. I don’t know anything about this project, but if they really cared about their users, I would hope that they’d use capital letters and punctuation when addressing them in an official announcement.
Also:
> "and honestly? i..."
> "this is not just content moderation - it is a..."
These are two huge shibboleths of gpt-ese. He had to specifically tell the bot to write in that style.
eg the past decade has seen us remove “that” as a qualifier, and the word literally has become interchangeable with figuratively.
its worth considering whether you’re just losing touch…
The latter didn’t happen just in the last decade, and the former hasn’t happened at all.
But no, I can pretty confidently say that the English language still has capitalization and punctuation in it, it’s mostly just on Twitter and in AI-related blog posts where people write like this.
That kind of posturing is forgivable when you’re a teen. When you do it as the CEO of one of the most influential companies today, it’s grating. When you do it because you’re another CEO in a similar market and you’re trying to signal that you’re part of the “in” crowd, it’s frankly embarrassing.
Is that the case here (and it just happens that I have no clue what this particular site is about) ?
Or am I grossly misunderstanding the act (very likely I guess since IANAL) ?
[1] https://www.onlinesafetyact.net/analysis/categorisation-of-s...
-------------------------------------------
Ofcom’s advice to the Secretary of State
Ofcom submitted their advice – and the unerpinning research that had informed it – to the Secretary of State on 29 February 2024 and published it on 25 March. In summary, its advice is as follows: Category 1
Condition 1:
Use a content recommender system; and
Have more than 34m UK users on the U2U part of the service
Allow users to forward or reshare UGC; and
Use a content recommender system; and
Have more than 7m UK users on the U2U part of the service
Not a vertical search service; and
Have more then 7m UK users
Allow users to send direct messages; and
Have more than 3m UK users on the U2U part of the service
-------------------------------------------
[1]: https://ofcomlive.my.salesforce-sites.com/formentry/Regulati...
Otherwise everyone from small sites to Facebook would just shop around jurisdictions and formally operate their websites from wherever fits them best.
And if a service is used by citizens of your country it makes sense to scale requirements by the impact it is having on them.
This particular law may not be great overall but I've got no issues with this method. As a site provider outside the UK it's trivially easy to avoid liability (by blocking people)
However I'd argue that from the UK perspective any of these developed countries would be considered reg-shoped.
They don't consider other countries' laws as sufficient to protect their citizens (which I probably wouldn't agree with).
I'm struggling to see a better approach to make sure any law applicable to online services is actually effective.
It seems like there are only a few options:
1. Only pass globally agreed upon laws (which is basically nothing and not realistic)
2. Only regulate domestic providers (which would severely disadvantage them and not resolve the underlying issues)
3. Block all foreign services (which is even more drastic).
In the end a states' power is tied to its territory and the people living within it. If not being active in that state at all releases you from it's laws I would consider this appropriate.
This is on the UK to fix (or not fix) for themselves.
I wouldn't be surprised if this ends up being a topic in trade negotiations with the US in the future though, since this is a trade barrier that imposes significant regulatory cost on US companies for content that is legal in the US. Eg. the proscribed categories of illegal content include knives and firearms, hate, etc.
what ruling are you referring to? This is about the Online Safety Act, an act of parliament.
https://www.ofcom.org.uk/siteassets/resources/documents/cons...
Everybody (who's not specifically exempted by Schedule 1, which has nothing to do with what you linked to) gets a "duty of care".Everybody has to do a crapton of specific stupid (and expensive) administrative stuff. Oh, and by the way you'd better pay a lawyer to make sure that any Schedule 1 (or other) exemption you're relying on actually applies to you. Which they may not even be able to say because of general vagueness and corner cases that the drafters didn't think of.
Also, it's not a "ruling". It's a law with some implementing regulations.
Then there are additional requirements applied to 3 classes of services: Category 1, 2A, 2B. The latter have the thresholds as discussed above.
But, as usual, poorly written. eg a "Content Recommendation System" -- if you choose, via any method, to show content to users, you have built a recommendation system. See eg wikimedia's concern that showing a picture of the day on a homepage is a bonafide content recommendation system.
The definition
> (2)In paragraph (1), a “content recommender system” means a system, used by the provider of a regulated user-to-user service in respect of the user-to-user part of that service, that uses algorithms which by means of machine learning or other techniques determines, or otherwise affects, the way in which regulated user-generated content of a user, whether alone or with other content, may be encountered by other users of the service.
https://www.legislation.gov.uk/uksi/2025/226/regulation/3/ma...
If you in any way display UGC, it's essentially impossible not to do that. Because you pick which UGC to display somehow.
That said the thinking that smaller platform should equal exemptions seems a touch flawed too given topic. If you're setting out to protect a child from content that say is promoting suicide the size of the platform isn't a relevant metric. If anything the smaller less visible corners (like the various chan sites) of the internet may even be higher risk
Take something like a plastic packaging tax, for example. A company like Amazon won't have too much trouble setting up a team to take care of this, and they can be taxed by the gram and by the material. But expecting the same from a mom-and-pop store is unreasonable - the fee isn't the problem, but the administrative overhead can be enough to kill them. Offering an alternative fixed-fee structure for companies below certain revenue thresholds would solve that problem, while still remaining true to the original intention.
But playing devils advocate a bit here if the risk profile to the kid is the same on big and small platforms then there isn't any ethical room a lighter regime. Never mind full exemption, any exemption. The whole line of reasoning that you can't afford it therefore more kids potentially getting hurt on your platform is more acceptable just doesn't play. And similarly if you do provide a lighter touch regime, then the big players will rightly say well if that is adequate to ensure safety then why exactly can't we do that too?
Platform size just isn't a relevant metric on some topics - child safety being one of them. Ethically whether a child is exposed to harm on a small or big website is the same thing.
Not that I think this act will do much of anything for child safety. Which is why I think this needs to go back to drawing board entirely. Cause if we're not effectively protecting children yet killing businesses (and freedoms) then wtf are we doing
Agreed, but I guess it could be the case that the current regulation is too burdensome even for large corps, but they could afford to have the resources necessary to deal with the regulation?
This, or course, would disproportionately burden smaller buildings, while some larger buildings would have little trouble to comply. Guess who would complain more often. But it, while outwardly insane, would clear small huts off the market, while the owners of large reinforced buildings would be able to reclaim the land, as if by an unintended consequence.
Driving the risk tolerance of a society lower and lower interestingly dovetails with the ease of regulatory capture by large incumbent players, as if by coincidence.
The UK is a leading example of what calls for regulation turn into in the real world.
I’ve noticed a lot of calls for regulation in Hacker News comments lately. In the past week I’ve read multiple threads here where people angrily called for regulations and consequence for anything LLM related they didn’t like: When LLMs produced mistakes, when they produce content too close to copyrighted works, and so on.
There’s an idea that regulation is a magical function that you apply and then the big companies suffer consequences, products improve to perfection to avoid the regulations, and nothing is lost for consumers.
Then you look at real-world heavy handed technology regulation and see what really happens: Companies just have to turn off access to countries with those regulations and continue on with their business. People who use the tools get VPNs and continue operating with a little extra hassle, cost, and lag. Businesses avoid those countries or shut down because it doesn’t make sense to try to comply.
There’s a constant moving of goalposts, too: Every time someone points out the downsides of these regulations it’s imagined that better regulation would have exempted the small companies or made it cheap to comply (without details, of course).
I think heavy handed technology regulation is yet another topic where the closer it gets to reality, the less people like it. When you point out real world examples, the response is always “No, not like that”
My impression from this thread is that this is because the law was implemented in a way that's indicative of a lack of technical understanding on the part of the lawmakers and falls into a number of pitfalls that a law written by people competent in the field would avoid. Am I wrong?
By "changing your government" I don't mean "shuffle people in and out of parliament" or even "elect your 6th Prime Minister in 10 years".
I mean change your government.
It depends what you mean by government but elected officials in the UK are almost completely irrelevant in this (and in most other things, their job is to get in front of a TV camera say how appalled they are that it has happened, no-one could have foreseen this, don't look back in anger, and that they are going to select from the same policy options that the Civil Service presented the last government with...which results in the same conclusion: more civil servants, more regulation, more corruption).
Ofcom has been making a massive power grab, this bill and other recent regulations are granting them massive new powers, and the UK has a system in which ministers have no functional capacity to block this.
Don’t fall into the trap of thinking that this law must have come about by sinister machinations just because you don’t think it’s a good law.
Elected officials are irrelevant because, in this case, they are functionally unable to propose a reasonable alternative. Policy options were presented, all of the policy options offered in this case were to empower Ofcom (again, how old are you? are you unable to think of another situation like this: same thing happened with BoE/PRA in 2010, same thing happened with Border Force creation, same thing happened with illegal immigration where the only functional action presented was to increase Home Office staffing, I can go on and on) so what was the alternative?
You also may not understand what is going on here either: this legislation gave Ofcom new statutory powers but what you might not be aware of is that Ofcom has also been granted through non-statutory instruments significant new powers that interlock with this legislation...who voted on that? Again: media campaign by the powers that be, multiple Home Office ministers have been railroaded into this, Ofcom/security services have been granted new powers (the latter by the back door...again, tell me what that has to do with "social media abuse"? nothing).
Finally, elected officials are mostly pawns. The majority of "them" do not know what is in the legislation. They have been told the PM wants "Molly's Law" passed, so it is passed. Some of the scrutiny was laughable...do you understand that the law has a provision that requires tech companies to provide "end-to-end encryption" that the government can break? To their credit, this was questioned by legislators several times...it wasn't removed from the Bill, despite it obviously being unrelated to anything in the Act. Again, how are you this blind? Do you see why elected officials might be irrelevant if you are so blind?
Also, none of these laws are led by politicians. All the communications-related offences were led by security services. Do you know when Molly actually passed? 2017? And you are telling me that a law passed in 2025 is related? A law which largely contains things unrelated to her passing (i.e. significant expansion of Ofcom powers).
It is genuinely funny that people who have no idea about politics...as in first-hand knowledge which will just imagine that everything works the way they assume it must work. At the very least, you should exercise some common sense: we have seen multiple Home Office ministers pass through, ministers are gaining no new extra powers, Ofcom staffing has gone up by thousands, the amount of graft that has already gone on is staggering...but the one's to blame are, conveniently, the ones who are always blamed...but seem to be strangely unable to do anything...you cannot possibly be this credulous.
We are not technically a two party system and more than a handful voted for parties other than Labour and the Conservatives
Top management can never go against the RCSR guys, who are like priests of the church in medieval ages. And the RCSR guys have no goals linked to the progress of the real work. The don't like any thing that moves. It's a risk.
Management thinks that RCSR helps with controls around the work. But what happens is, you put more people in building controls, they deliver fort walls around your garbage bins.
In other words, the guys who actually believe in a normal level of compliance are hamstrung, defection is rewarded, classic failure mode of this kind of thing.
It's like how the growth of a tree trunk happens in a thin layer beneath the bark and the rest is inert wood.
What is this claim based on?
Is there 10x as much stress among French business owners? Are entrepreneurs working 10x as hard in China? Are there 10x fewer businesses in England?
And, stepping back a bit: To the extent that running a business is easier in America, how much of that is because the US exploits and bullies the rest of the world?
How much is because it's a huge country with vast resources (that were stolen from its murdered inhabitants)?
How much is because the lack of regulations allows for rampant externalization of costs?
How much is because businesses are more 'free' to exploit their own workers?
How much is because most of the mechanisms for basic accountability are broken?
These aren't "gotcha" questions. They're fundamentally important to our future, because none of that is sustainable.
> What is this claim based on?
Blog posts I've read from I've read, largely in HN. Personal interviews in those countries.
> Is there 10x as much stress among French business owners? Are entrepreneurs working 10x as hard in China? Are there 10x fewer businesses in England?
No clue. I've run many businesses and it's all stressful.
> And, stepping back a bit: To the extent that running a business is easier in America, how much of that is because the US exploits and bullies the rest of the world?
The US definitely exploits and bullies the rest of the world. Very often it's shameful and I hate it. All countries exploit other countries in their best interest. You may also be forgetting that for centuries the US has policed the world's waterways mostly in its own interest but, from about 1945-2020, for the rest of the world too, all at its own expense. We've been the leaders in anti-pirate forces since Jefferson.
> How much is because it's a huge country with vast resources
A lot. We are the luckiest country on Earth by a country mile. But also because of somewhat free markets, rule of law, somewhat free press, property rights, and constitutional belief in the individual. Japan doesn't have a huge country with vast resources but still does well. Canada and many countries in Africa have vast resources they could exploit responsibly but don't.
> (that were stolen from its murdered inhabitants)?
All countries are stolen from murdered inhabitants. All of them. Look at the Comanche, the Huns, the Houthis, the Japanese in WWII, the Goths, the Chinese, the Spanish, the Portuguese, the Dutch, and Luxembourg.
OK I'm kidding about Luxembourg.
> How much is because the lack of regulations allows for rampant externalization of costs?
Super complex question and a good one. Impossible to deal with in a comment.
> How much is because businesses are more 'free' to exploit their own workers?
Zero. No one forces you to work here, unless you're one of the hundred of thousands of trafficked workers here. Those traffickers should be hunted down and shot.
> How much is because most of the mechanisms for basic accountability are broken?
Don't know. We have huge corrupt corporations and a huge corrupt government working hand in hand against the citizens, but we also have tons of regulations and a justice system that can still help the little guy sometimes. You are absolutely on the right track, but we might have different definitions for accountability.
However since we're comparing the USA to others Mexico and China are shot through with corruption, China more perhaps than any other country on earth. Though we give them a run for their money.
> These aren't "gotcha" questions. They're fundamentally important to our future, because none of that is sustainable.
I sort of think you played your hand. The term "none of that is sustainable" suggests to me you've already decided on answers to all these non-gotcha questions. But I tried to answer them in the best light.
>> What is this claim based on?
> Blog posts I've read from I've read, largely in HN. Personal interviews in those countries.
Ok, well, as someone who has real experience of setting up a business in another country (which was "stolen from murdered inhabitants" and then reclaimed - Ireland) let me tell you: Business supports in Europe are quite strong, and accessible. The simple fact that ~60% of Americans are living paycheck to paycheck would suggest that setting up a business in America is not, in fact, "an order of magnitude easier" for the average person.
> We are the luckiest country on Earth by a country mile.
Sure, some of it was luck, but the secret ingredient was genocide.
And nowadays America is not the envy of the rest of the world the way it once was. The shine is very much gone.
Nearly all countries outside the US hold a net unfavorable opinion of Americans, minus a handful of exceptions, like Israel (!). There's not much jealousy or envy of the US any more. It's mostly an understanding pity, or an understandable condescension.
> many countries in Africa have vast resources they could exploit responsibly but don't.
Try doing a deep dive into what happens to African leaders who buck the trend of letting the West take all their resources. Patrice Lumumba, Sylvanus Olympio, Kwame Nkrumah, Eduardo Mondlane, Amílcar Cabral, Thomas Sankara, etc, etc, etc.
Have you ever seen the photo of a father holding his child's severed hands, cut off for not picking rubber fast enough for the Belgians? Blaming the victim here is pretty unacceptable to people who have learned anything beyond the sick narrative of 'well they choose weak leaders'.
And can you seriously call America's "resource exploitation" responsible?? Not if you know how they get all those resources (see above native genocide, and murdered African leaders; and don't forget South America!).
> Zero. No one forces you to work here
Perhaps in the narrowest sense, where no one points a gun to your head (unless you're in America's massive and grotesque prison system, in which case you are in every sense a slave, with a gun to your head forced to work for a pittance).
However America forces people into work in a myriad of 'soft' ways; from awful social supports, to wage collusion, to healthcare tied to employment, predatory student loan debt, at-will employment, immigration status, and so on, and on.
> The term "none of that is sustainable" suggests to me you've already decided on answers to all these non-gotcha questions.
Well, they're not.
Sure, I thought about my own questions. I wanted you to think about them, because they directly connect to your proud claim that Americans have it 10x easier to start a business. I hope you can see how, if you think about it.
"yeah we destroyed the world, but for a short glorious moment we created a lot of value for the shareholders"
or the one about how they're proud they built the Torment Nexus
But if the regulation is indeed oppressive or byzantine, everybody hurts and only the biggest survive.
*Social contagion effects on risk perception can be a confounding factor here, though.
Jeez, and I was just grumbling how it takes up to 24 hours for a change I make to appear in prod, compared to about 4 hours at my previous job.
It should be possible to develop automated systems and processes to keep most changes on the “happy path” where approvals are quick. These sorts of organization responses were a new layer of people who can say “no” grow whenever a problem happens or a regulation changes are suffocating.
Because the policy teams don't understand the technical details, they get hung up on things that don't matter so all your "security budget" (in terms of dev effort available for improvement) gets spent on useless things.
Because there is a CIS guideline recommending "do not put secrets in environment variables" in k8s, a team I work with recently spent two weeks modifying deployments of all their third party charts to mount all secrets as volumes, this included modifying / patching upstream helm charts. This will be a maintenance burden forever lol. Actual security benefit in context is approximately zero.
Meanwhile they COULD have spent that time implementing broadly effective things like NetworkPolicy or CSP for the front-end but now there is no dev time for that.
At the top levels of their process there are plenty of risk x impact matrices but there aren't corresponding effort / payoff assessments, so the things being done end up not being engineering.
Not if they never ever ship an update.
(i - briefly - worked for place that did things this way. They didn't update the chart, but they _did_ use `sed` to update the image tag from time to time.)
The same companies won’t run a security bounty program because they think it’s a waste of money.
Security people just don’t get it, they don’t think like the bad guys.
It's a bullsh*t rule. One that would work is a clear mandate, "if you're found to use env vars / args for secrets, you must demonstrate within four weeks of finding that you have implemented code to clear your process' args/env vars immediately after program startup, for the lifetime of the process (and that you moved all secrets to non-cleartext memory)". Given how frameworky-frameworky much modern software is, such action items make folks think ("how on earth do I get state to openssl&Co without env vars", ...).
But alas, the regulations people shy away from any such precise prescriptions - because then, they have to involve themselves with SRE, SOC, CI/CD, and developers for monitoring, enforcement and training/assistance.
So instead, as you say, byzantine Reuben-Goldberg constructs are created exploiting "every loophole in the book" to comply with the rule but not the spirit; software becomes even more of a performance art.
I think, over time, I have moved into the camp that strongly believes all practical security is security-from-obscurity. Starting with the compliance rules around it.
Thus the only reasonable course of action was to do nothing.
Legal frameworks are incredibly irritating and often defined by people who know nothing about what they're regulating. This can lead to very bad laws.
Given that we live in the real world and one can be sued for violating those laws, the stakes are quite high and low cost. Many states in the US allow individuals to bring suit based on these laws, meaning all that needs to happen is you make a mistake and some rando has time to hire a lawyer.
And that is, by the way, notwithstanding the reality that many of the annoying compliance requirements are actually not all that annoying in principle, they are annoying to implement because many software development practices involve the free flow of data.
Maybe that was fine when it was public blogs. But when it's someone's medical records or their financial data, or when it lands in the bucket of a Cambridge Analytica type, sorry, there's a higher burden.
It is frustrating, I know. But we as engineers need to take responsibility for the consequences and stakes of what we're building. It's lack of that awareness that caused many of the largest controversies in our industry.
Reality, as always, as much more nuanced than this hot take. It's a balancing act.
This always reminds me of Darwin’s discovery — survival of the fittest — especially in the ruthless and highly competitive world of commerce. Yet this truth is often misunderstood or even outright rejected by those with a so-called "woke" mindset.
In such a competitive world, the only inevitable outcome for a business that isn’t fit enough is failure and eventual disappearance. Always remember: no one can be forced to buy a product or service if they live in freedom. Deals won’t happen because of burdensome frameworks like "RCSR." Trade flows naturally toward what creates the greatest value for both parties — usually better products or services at lower costs. From a Darwinian perspective, this kind of trade helps make the parties involved more fit. So why wouldn’t they choose it?
Hope all come to recognize this natural/divine will with reverence — and try our best to align with it and stay fit (while helping to keep those we love fit as well). This can truly help foster a competitive market and benefits all.
My critique targets an ideology that, under the guise of good intentions—whether genuine or feigned—ignores fundamental realities and ultimately causes more harm than it prevents. It’s a form of idealism where noble goals, ungrounded in reality, consistently lead to destructive outcomes.
> Seriously, just say what you mean, because "woke" is meaningless.
Advice accepted. After all, there are genuinely good intentions behind the ideology — or at least we can assume so, since no one can truly verify them.
> My critique targets an ideology that, under the guise of good intentions—whether genuine or feigned—ignores fundamental realities and ultimately causes more harm than it prevents.
That's not a clarification of what you are referring to, that is just stating (without support, or even the kind of definition of what you are referring to that would allow supporting or refuting evidence) your conclusions about what you are referring to.
You're right, that was a conclusion. And the context was clear from my original post.
To be precise, when I describe that ideology, the concrete example I have in mind is the kind of burdensome framework detailed in the RCSR. My conclusion about that framework is that it ignores reality and causes harm, despite its intentions. and 'Tough news' is the evidence for that specific conclusion.
Just so you know. But I do have, at times, used AI to help the writing, primarily for checking errors and fine-tuning the wording to express my thoughts/wills precisely. Does it considered AI slop?
And I was quite offended by your comment. Your choice of words seems to suggest a malevolent intent. It appears your real objection is to the views I expressed but you hide in a smart way - If it is so, it is indeed disgusting.
And, I truly hope the 'Free Will' behind the name 'mvdtnz' can transcend the 'Representation' of mere words and symbols,and grasp and judge the underlying 'Will' directly— never become ensnared by the Representation ("The World as Will and Representation.") And I sincerely hope you can avoid such attacks in the future and choose to state your points directly. My karma dropped by 2 points due to your response—a powerful reminder that we should all be cautious with our words - the human mind is perpetually trained by the words it consumes, not unlike an LLM.
I'm taking the good advice I received about 'Woke', adapting it for the term 'AI slop', and sharing it with you:
Stop using the word "AI slop". No one agrees what it means, so when you use it, people interpret it differently. The people I think you meant when you said "AI slop" probably aren't actually the people you meant. Seriously, just say what you mean, because "AI slop" is meaningless.
https://www.thehamsterforum.com/threads/big-sad-forum-news-o...
(Yes, the UK has effectively made it illegal to run a forum for people with pet hamsters.)
They deal with compliance in their terms and apparently did a reboot and apparently introduced new modding tools.
Did they reach the conclusion that they are not pose significant risks and that their tools are sufficient?
I'm very curious
> Your online service has links with the UK if:
> UK users are a target market for your service; or
> It has a significant number of UK users
What is "significant"? Is it a percentage or a raw number?
I'll click "no" - maybe 5% of my users are from the UK. Great, wizard complete! I don't need to worry...except:
> Please note that this result is indicative only
We have a free-to-use technical forum for our (data wrangling software) forum, powered by Discourse. I believe that might allow users to directly message each other. Does that count?
Only escape hatch they give you later is if all communication between users is delegated to other medium, eg. email or phone or sms.
I'm not sure what I need to do to comply. Anyone with a web-based forum had to deal with this? What changes did you make?
Basically, geoblock the UK or go offline.
I don't agree with everything in the Online Safety Act, but if anything needed a risk assessment, it's surely this?
[0] “law” here isn’t just laws made by governments, but also regulations made by e.g. Visa and Mastercard
Are there services which offer a less... risky... service that are similarly affected here?
You can read their community discussion at https://lobste.rs/s/ukosa1/uk_users_lobsters_needs_your_help...
This firm doesn’t care a whit about the impact on users - they are just too cheap to follow the rules.
If your business can’t operate without regulation it shouldn’t operate at all because it clearly relies too heavily on exploiting labour and or consumers
Of course that affects attitudes here, even if most people on here will never actually be a founder, let alone a highly successful one.
I'm old enough to remember when one of great things about the web was the low barrier to entry.
Not every site has a large company with deep pockets behind it. Some of the websites I've run, I've run at a loss because I was interested in the subject and thought it provided real value for other people. Probably the income from these sites was in the hundreds of dollars a year range, the cost in time and effort waaay beyond that.
I don't know the actual compliance costs here - I know the cost of a UK lawyer just to review obligations and liabilities is probably going to be a few hundred quid, if not substantially more. I don't know of many non-professional, or FOSS sites that could afford that.
Your curt dismissal of this huge chunk of the internet saying they shouldn't be operating at all is mind boggling
The wild west of the internet was largely a mistake and created massive social disruption for the benefit of a tiny few and was caused by regulators being asleep at the switch. It is good they are finally catching up.
The western internet as we knew it is dead. Privacy is dead, we already live in a post-Snowden panopticon. With multiple always-on microphones in every public room and often in private rooms too. HD cameras are everywhere. If you live in any major city, hundreds to thousands of hours of footage, which might contain you, is being uploaded for public view and AI training daily.
There have been other open source deathblow laws passed in the EU like the Cyber Resilience Act and the Product Liability Directive which have been repeatedly dismissed by other commenters on hn. Earlier stuff like the GDPR was dismissed too as only affecting big companies. The arguments in support of these laws have basically been you are small so you don't need to follow them. That seems like lot of disrespect for the EU's legal system but maybe it's well deserved.
It's only a matter of time until ID verification will be mandated even to make a post like this one on sites like hn. Western companies assisted authoritarian prison states in monitoring, censoring and controlling their citizens, when they should have been doing the exact opposite. Now it's really hard to argue that it isn't possible here.
Another example: here in the USA we have 50 states vying to each regulate AI; my understanding is that the plan was to have the OBBB put them off from doing this for at least 10 years, but that effort failed, leaving them free to each do their own thing.
Complying with all rules and regulations in all jurisdictions to which a website/service could be exposed (i.e. worldwide, by default) seems like it's becoming a well nigh impossible task these days.
Cyberspace is not, eventually, independent[1] if you plan to make money off it and use real world IDs.
I'm broadly in favor, I think. This species can have instant global communications once it's shown itself equal to the responsibility that implies.
It was fine when the Internet was a side hobby for a slice of the population, but now that it’s fundamental to all aspects of life, having it under the control of a foreign government (and the tech companies which act as de facto organs of that government) is no longer acceptable.
Also, at $1.50/user, what if users pay for accounts? Perhaps this will be the Band-Aid ripping moment that ushers in sane communities that are no longer under attack by endless bad actors with infinite free accounts?
Having to verify your identity (without it being exposed to other users) sounds like it could reduce endless botting.
On the other hand such a system is basically begging to be abused by bad actors (state and non state)
Strawmanning their position isn't helpful to anyone.
It is not strawmanning to say that of course they have to be more worried about compliance than a hamster forum (which forum has recently decided not to comply because they [likely correctly] believe that their regulatory risks are minimal).
There are normally two shift keys on your keyboard, try either one.
The first is that the cost of compliance is astronomical for small businesses and therefore it doesn't makes sense to supply your product/service to UK users if you don't really need them.
The second issue is the issue of data privacy. I don't think it is stretching the truth to say that the age verification is the Trojan horse of the upcoming digital ID requirements.
It is very clear that the UK/EU wants to move to a world were everything you do online is tied back to your digital ID somehow.
The problem with that is that we do not know how long and where this data will be stored, nor who will have access to it and what will happen when it starts being used to prosecute people in the future.
If the requirements were to simply prove you are above 18/21 and that was the end of it, then maybe it would be somewhat more palatable. But in reality, we know where this road leads.
It is not inconceivable that in 10 years from now once the full digital ID requirements are in place that you, a random citizen will find yourself in hot water because you accessed some part of Reddit and left a comment on a post where someone was advocating to go protest on the streets without the required permits to do so.
Make no mistake, this is where this leads. Full on surveillance state. And they say China is bad? Seems to me that China has become and example to follow instead of cautionary tale.
It is to actively spread the news to all website owners and asking them to comply with the UK law therefore forcing them to block all UK users. Once the damage has been done only then will they listen.
smallpipe•6mo ago