In memoriam
153 comments
·February 23, 2025amiga386
bdzr
> the stated target of the law but the least likely to be affected by it
The least likely to be negatively affected. This will absolutely be good for them in that it just adds another item to the list of things that prevents new entrants from competing with them.
wkat4242
> unintented consequences
Intended consequences no doubt.
ekianjo
> The entire law is weaponised unintented consequences.
That would assume no malice from the goverment? Isn't the default assumption that every government want to exert control over its population at this stage, even in "democracies"? There's nothing unintended here.
oliwarner
I thought that posts with comments are an explicit exception from the OSB.
From Ofcom:
> this exemption would cover online services where the only content users can upload or share is comments on media articles you have published
amiga386
From the Ofcom regulations (https://www.ofcom.org.uk/siteassets/resources/documents/onli...):
> 1.17 A U2U service is exempt if the only way users can communicate on it is by posting comments or reviews on the service provider’s own content (as distinct from another user’s content).
A blog is only exempt if users communicate to the blogpost author, on the topic of the blogpost. If they comment on each other, or go off-topic, then the blog is not exempt.
That's why that exemption is basically useless. Anyone can write "hey commenter number 3 i agree commenter number 1's behaviour is shocking" and your exemption is out the window.
oliwarner
Yeah I see what you mean, that does seem oddly useless. And thanks for finding the correct section.
I'd like to say we could trust the implementation and enforcement of this law to make sense and follow the spirit of existing blog comment sections rather than the letter of a law that could be twisted against almost anyone accepting comments —for most people GDPR compliance enforcement has been a light touch, with warnings rather than immediate fines— but that's not really how laws should work.
aimazon
There has been new information since that blog post which has reaffirmed the "this is much ado about nothing" takes because Ofcom have said that they do not want to be a burden on smaller sites.
https://www.ofcom.org.uk/online-safety/illegal-and-harmful-c...
"We’ve heard concerns from some smaller services that the new rules will be too burdensome for them. Some of them believe they don’t have the resources to dedicate to assessing risk on their platforms, and to making sure they have measures in place to help them comply with the rules. As a result, some smaller services feel they might need to shut down completely.
So, we wanted to reassure those smaller services that this is unlikely to be the case."
pembrook
Nothing more reassuring than a vague “we’re unlikely to go after you [if you stay on our good side.]”
It’s clear the UK wants big monopolistic tech platforms to fully dominate their local market so they only have a few throats to choke when trying to control the narrative…just like “the good old days” of centralized media.
I wouldn’t stand in the way of authoritarians if you value your freedom (or the ability to have a bank account).
The risk just isn't worth it. You write a blog post that rubs someone power-adjacent the wrong way and suddenly you're getting the classic "...nice little blog you have there...would be a shame to find something that could be interpreted as violating 1 of our 17 problem areas..."
throwaway48476
For my friends everything, for my enemies the law.
Uneven enforcement is the goal.
HPsquared
Sovereign is he who makes the exception.
owisd
Changing the code of practice is a years long statutory consultation process, they're not going to be able to change the rules to go after you on a whim.
rkachowski
> So, we wanted to reassure those smaller services that this is unlikely to be the case
This is the flimsiest paper thin reassurance. They've built a gun with which they can destroy the lives of individuals hosting user generated content, but they've said they're unlikely to use it.
ColinWright
"... unlikely ..."
Political winds shift, and if someone is saying something the new government doesn't like, the legislation is there to utterly ruin someone's life.
fweimer
You can try the digital toolkit and see for yourself if this is a realistic pathway for a small site (such as a blog with a comment function). Personally, I find it puzzling that Ofcom thinks what they provide is helpful to small sites. Furthermore, they make it pretty clear that they see no reason for a purely size-based exemption (“we also know that harm can exist on the smallest as well as the largest services”). They do not explore ways to reach their goals without ongoing collaboration from small site owners, either.
amiga386
Ofcom need to change the law then.
Unless Ofcom actively say "we will NOT enforce the Online Safety Act against small blogs", the chilling effect is still there. Ofcom need to own this. Either they enforce the bad law, or loudly reject their masters' bidding. None of this "oh i don't want to but i've had to prosecute this crippled blind orphan support forum because one of them insulted islam but ny hands are tied..."
transcriptase
The Canadian government did the same thing when they accidentally outlawed certain shotguns by restricting bore diameter without specifying it was for rifles.
A minister tweeted that it didn’t apply to shotguns, as if that’s legally binding as opposed to you know, the law as written.
throwaway48476
The democrats wrote a bill to hire 60k new armed IRS agents and promised they wouldn't be used to go after anyone with an income less than 250k. Senator Mike Crapo tried to add an ammendment to put that in the bill but they blocked it. We have a serious problem with politicians lying about the text of bills.
mlfreeman
The use of "unlikely" just screams that Ofcom will eventually pull a Vader..."We are altering the deal, pray we don't alter it any further".
incompatible
"Unlikely," I suppose if you don't have any significant assets to be seized and don't care about ending up in prison, you may be willing to take the chance.
throwaway48476
Its very much intended. It's easier for the powers that be to deal with a few favored oligarchs. They're building a great British firewall like china.
0xbadcafebee
big DMCA energy
tene80i
What standards would you want individuals or small groups to be held to? In a context where it is illegal for a company to allow hate speech or CSAM on their website, should individuals be allowed to? Or do you just mean the punishment should be less?
AnthonyMouse
The obvious solution is to have law enforcement enforce the law rather than private parties. If someone posts something bad to your site, the police try to find who posted it and arrest them, and the only obligation on the website is to remove the content in response to a valid court order.
tene80i
I don't have a strong view on this law – I haven't read enough into it. So I'm interested to know why you believe what you've just written. If a country is trying to, for example, make harder for CSAM to be distributed, why shouldn't the person operating the site where it's being hosted have some responsibility to make sure it can't be hosted there?
amiga386
How about:
Individuals and small groups not held directly liable for comments on their blog unless its proven they're responsible for inculcating that environment.
"Safe harbour" - if someone threatens legal action, the host can pass on liability to the poster of the comment. They can (temporarily) hide/remove the comment until a court decides on its legality.
ta8645
How about have separate laws for CSAM and "hate speech". Because CSAM is most likely just a fig-leaf for the primary motivation of these laws.
null
sepositus
Doesn't this act effectively create a new form of DDoS? A bad actor can sufficiently flood a platform with enough hate content that the moderation team simply cannot keep up. Even if posts default to not show, the backlog could be enough to harm a service.
And of course, it will turn into yet another game of cat and mouse, as bad actors find new creative ways to bypass automatic censors.
riwsky
Aka a “heckler’s veto”: https://en.m.wikipedia.org/wiki/Heckler's_veto
throwaway48476
This already happens but attackers go after hosts and registrars.
sieabahlpark
[dead]
jsheard
Hexus is a big one, being UK-based and UK-centric they are just deleting 24 years of history rather than trying to geoblock around it.
edwinjones
Hexus shut down years ago did it not?
stoobs
The reviews/news side did, but the forums kept going until this.
ksec
I know the law is BS and this just hit me differently. I am really really pissed.
mattvr
Should order this list by number of affected rather than alphabetical IMO. The 275K monthly user platform is almost hidden relative to the 49 and 300 user examples.
KennyBlanken
You know what's really rich about the OSA?
One of the exemptions is for "Services provided by persons providing education or childcare."
ColinWright
Do you have an explicit reference for that?
Not doubting it, but if you have a reference to hand it will save me having to search.
If it's just something you remember but don't have a reference then that's OK, I'll go hunting based on your clue.
bazzargh
In the text of the act, schedule 1 part 1 paragraph 10 https://www.legislation.gov.uk/ukpga/2023/50/schedule/1/para...
... unlike the issue of what size of service is covered, this isn't a pinky swear by Ofcom.
ColinWright
Super ... many thanks.
Fokamul
I will host public proxied site for these websites, open for UK people, just to troll them :D
ivanmontillam
Whilst I don't condone being unlawful (are you sure you want to run that risk?), that's the hacker spirit one needs these days.
Being silly to ridicule overreaching laws is top-trolling! Love it.
AnthonyMouse
The trouble here is that the law is so crazy that third parties allowing users in the relevant jurisdiction to access the site could result in the site still be liable, so then they would have the same reason to block your proxy service if a non-trivial number of people were using it.
To do any good you don't want to cause grief for the victims of the crazy law, you want to cause grief to its perpetrators.
Mindwipe
Ofcom have said that they consider geoblocking to be sufficient in writing, so at least they would probably lose any legal case brought against them.
ivanmontillam
Then I guess that'd be a use case of technologies like Tor or I2P, properly, securely used.
toolz
being unlawful is a vital tool for people to keep tyranny in check, I would hope that most people are incredibly strong supporters of lawlessness when the laws are wrong. To give an extreme example, I imagine you supported the hiding of jewish people during nazi germanys reign, which means you support unlawful activity as long as it's against laws that are against the people.
kelnos
If GP is not a UK citizen and does not live in the UK, how would that be unlawful? They're not beholden to or subject to UK law. The UK's belief that they can enforce this law on non-UK entities is ridiculous.
maxed
Is Hacker News also affected by this act?
Rochus
International law limits state jurisdiction to territorial boundaries (Art. 2(1) UN Charter). Hacker News is a US web site and Y Combinator LLC is a US company. The OSA, which is a UK law, cannot mandate physical enforcement (e.g., server seizures) on foreign soil. If they really didn't like HN, UK government could try to suppress HN access for their citicens by local means. If HN had a branch in the UK, the UK government could take action against that branch. As far as I know that's not the case.
kelnos
Yes, but I don't really understand how the UK can expect to enforce this law against non-UK entities that don't have any employees or physical presence in the UK.
HN/YC could just tell them to go pound sand, no? (Assuming YC doesn't have any operations in the UK; I have no idea.)
SSLy
they could impound you while on a layover in UK (not that you'd ever want to do that)
_trampeltier
They could open an international arrest warrant. So you can't travel at all.
ekianjo
a good reason never to visit the UK again
milesrout
pg lives in Britain if I'm not mistaken.
null
Mindwipe
Yes.
Izmaki
"Furry.energy"? With a total of 49 members? My World of Warcraft guild has more active players...
AnthonyMouse
This is exactly the point, isn't it? The smallest websites are destroyed, leaving only the megacorps.
Izmaki
I'm sure they can find a community elsewhere. Discord comes to mind... "Oh but it's illegal", trust me on this: Discord only cares if somebody actually reports the server and the violations are severe enough.
amiga386
But why should they _have_ to find a community elsewhere?
It is right that a country should snuff out all communities, large and small, and drive them to hosting in another country, or "under the wing" of a behemoth with a fully-funded legal department?
It's a blatantly destructive law.
twinkjock
That is not the stated purpose of the law and there is recourse built into it. Too often folks view these laws as binaries where none exists.
AnthonyMouse
It's never the stated purpose of the law, but we might do well to be concerned with what it actually does rather than what the proponents claim it would do.
Recourse doesn't matter for a sole proprietorship. If they have to engage with a lawyer whatsoever, the site is dead or blocked because they don't have the resources for that.
kelnos
What recourse? A small, 5o-member community doesn't have the resources to ensure they're in compliance, and Ofcom's statement about how smaller players are "unlikely" to be affected is not particularly reassuring.
The "stated purpose" is irrelevant. Even if they are being honest about their stated purpose (questionable), the only thing that matters is how it ends up playing out in reality.
null
huang_chung
[flagged]
IanCal
Right or wrong I think many have misread the legislation or read poor coverage of it given people's reasoning.
Much of things boils down to doing a risk assessment and deciding on mitigations.
Unfortunately we live in a world where if you allow users to upload and share images, with zero checks, you are disturbingly likely to end up hosting CSAM.
Ofcom have guides, risk assessment tools and more, if you think any of this is relevant to you that's a good place to start.
https://www.ofcom.org.uk/online-safety/illegal-and-harmful-c...
docflabby
it's not that simple - illegal and harmful content can include things like hate speech - worth a longer read... https://www.theregister.com/2025/01/14/online_safety_act/
If I ran a small forum in the UK I would shut it down - not worth risk of jail time for getting it wrong.
docflabby
The new rules cover any kind of illegal content that can appear online, but the Act includes a list of specific offences that you should consider. These are:
terrorism
child sexual exploitation and abuse (CSEA) offences, including
grooming
image-based child sexual abuse material (CSAM)
CSAM URLs
hate
harassment, stalking, threats and abuse
controlling or coercive behaviour
intimate image abuse
extreme pornography
sexual exploitation of adults
human trafficking
unlawful immigration
fraud and financial offences
proceeds of crime
drugs and psychoactive substances
firearms, knives and other weapons
encouraging or assisting suicide
foreign interference
animal crueltysepositus
> hate
Is it really just listed as one word? What's the legal definition of hate?
ekianjo
> hate
which is an umbrella term for everything that the government does not like right now, and does not mind jailing you for. In other words, it's their way to kill the freedom of expression.
Winblows11
From that list I don't see HN being affected, although I read somewhere that a report button on user generated content was required to comply for smaller sites.
nsteel
I might be falling for what I've read second-hand but isn't one of the issues that it doesn't matter where the forum is based, if you've got significant UK users it can apply to your forum hosted wherever. You've got to block UK users.
guax
The good thing about forums is their moderation. It seems like mostly what the law covers is already enforced by most forums anyways.
Tuna-Fish
A forum that merely has good moderation is not automatically compliant with the act. It requires not just doing things, but paperwork that shows that you are doing things. The effort to do this well enough to be sure you will be in compliance is far beyond what is reasonable to ask of hobbyists.
DecentShoes
[flagged]
sapphicsnail
There are openly transphobic MPs and as far as I know there aren't any laws criminalizing transphobic hate speech. What more do you want?
pmlnr
> Much of things boils down to doing a risk assessment and deciding on mitigations.
So... paperwork, with no real effect, use, or results. And you're trying to defend it?
I do agree with need something, but this is most definitely not the solution.
IanCal
Putting in mitigations relevant to your size, audience and risk factors is not "no real effect".
If you've never considered what the risks are to your users, you're doing them a disservice.
I've also not defended it, I've tried to correct misunderstandings about what it is and point to a reliable primary source with helpful information.
zimpenfish
> if you allow users to upload and share images
On my single-user Fedi server, the only person who can directly upload and share images is me. But because my profile is public, it's entirely possible that someone I'm following posts something objectionable (either intentionally or via exploitation) and it would be visible via my server (albeit fetched from the remote site.) Does that come under "moderation"? Ofcom haven't been clear. And if someone can post pornography, your site needs age verification. Does my single-user Fedi instance now need age verification because a random child might look at my profile and see a remotely-hosted pornographic image that someone (not on my instance) has posted? Ofcom, again, have not been clear.
It's a crapshoot with high stakes and only one side knows the rules.
IanCal
> On my single-user Fedi server,
Then you don't have a user to user service you're running, right?
> And if someone can post pornography, your site needs age verification.
That's an entirely separate law, isn't it?
zimpenfish
> Then you don't have a user to user service you're running, right?
"The Act’s duties apply to search services and services that allow users to post content online or to interact with each other."[0]
My instance does allow users (me) to post content online and, technically, depending on how you define "user", it does allow me to interact with other "users". Problem is that the act and Ofcom haven't clearly defined what "other users of that service" means - a bare reading would interpret it as "users who have accounts/whatever on the same system", yes, and that's what I'm going with but it's a risk if they then say "actually, it means anyone who can interact with your content from other systems"[2] (although I believe they do have a carve out for news sites, etc., re: "people can only interact with content posted by the service" which may also cover a small single-user Fedi instance. But who knows? I certainly can't afford a lawyer or solicitor to give me guidance for each of my servers that could fall under OSA - that's into double digits right now.)
> That's an entirely separate law, isn't it?
No, OSA covers that[1]
[0] https://www.gov.uk/government/publications/online-safety-act...
[1] https://www.ofcom.org.uk/online-safety/protecting-children/i...
[2] "To be considered a user of a user-to-user service for a month, a person doesn’t need to post anything. Just viewing content on a user-to-user service is enough to count as using that service." from https://www.ofcom.org.uk/online-safety/illegal-and-harmful-c...
aimazon
You're right. Plus, the overreactions have been walked back or solved in some cases, e.g: LFGSS is going to continue on as a community ran effort which will comply with the risk assessment requirements. Most of the shutdowns are on long-dead forums that have been in need of an excuse to shutter. The number of active users impacted by these shutdowns probably doesn't break 100.
dang
Related ongoing thread: Lobsters blocking UK users because of the Online Safety Act - https://news.ycombinator.com/item?id=43152178
KennyBlanken
So, how does all this apply to community discords, slacks, Matrix rooms, IRC chats, etc?
Is it discord's responsibility to comply, the admin/moderators, or all of the above?
twinkjock
Yes, at least for platforms like Discord, they bear the responsibility based on my non-lawyer reading of the plain English. YMMV, IANAL.
kelnos
The hosting platform is responsible for compliance. For Discord or Slack it's easy, but for Matrix, it might be more fuzzy. Certainly the homeserver that is hosting a room would be responsible, but would other homeservers that have users who are members of the room also be responsible?
JFingleton
The Chaos Engine forums - a site for game developers to discuss, moan, and celebrate fellow and former colleagues... Now moved to Discord due to this act. It really is a strange time we are living through.
Charlie Stross's blog is next.
Liability is unlimited and there's no provision in law for being a single person or small group of volunteers. You'll be held to the same standards as a behemoth with full time lawyers (the stated target of the law but the least likely to be affected by it)
http://www.antipope.org/charlie/blog-static/2024/12/storm-cl...
The entire law is weaponised unintented consequences.