Skip to content(if available)orjump to list(if available)

HN

PGlite – Embeddable Postgres

It’s time to free JavaScript

Ghostty is now non-profit

Valve reveals it’s the architect behind a push to bring Windows games to Arm

Elites could shape mass preferences as AI reduces persuasion costs

NextJS Security Vulnerability

Reverse engineering a $1B Legal AI tool exposed 100k+ confidential files

alexschapiro.com

Uncloud - Tool for deploying containerised apps across servers without k8s

Show HN: Walrus – a Kafka alternative written in Rust

Unreal Tournament 2004 is back

Average DRAM price in USD over last 18 months

pcpartpicker.com

Micron Announces Exit from Crucial Consumer Business

investors.micron.com

Interop and MathML Core

1D Conway's Life glider found, 3.7B cells long

Show HN: I built a dashboard to compare mortgage rates across 120 credit unions

Saturn (YC S24) Is Hiring Senior AI Engineer

ycombinator.com

RCE Vulnerability in React and Next.js

Building optimistic UI in Rails (and learn custom elements)

railsdesigner.com

Show HN: MTXT – Music Text Format

All the Way Down

futilitycloset.com

Why WinQuake exists and how it works

fabiensanglard.net

Kea DHCP: Modern, open source DHCPv4 and DHCPv6 server

Acme, a brief history of one of the protocols which has changed the Internet

blog.brocas.org

Porn company fined £1M over inadequate age checks (UK)

Porn company fined £1M over inadequate age checks (UK)

43 comments

·December 4, 2025

raesene9

I'd like to believe that technical people at OFCOM actually know the impossibility of what they're being asked to implement but are just going through the motions, so their bosses/politicians can put out pointless press releases like this.

Trying to restrict access to content on the Internet by requiring "robust" age verification was never going to achieve the goals they stated, and has a number of predictable (and already seen) negative side-effects.

Unfortunately governments all over the place seem intent on continuing this type of regulation, I presume so they can be seen to be doing something. Good time to be in the VPN game, I'd guess.

Zenst

Well, OFCOM lost all credibility with me and many on how they failed to fix the Vectone UK mess. Vectone UK was a virtual operator, however they owned the number range they allocated(Most MVNO's get a block from the provider they use for their network, Vectone behind the scene would shop around and by owning the number range, could made switching core network easier I presume). So even when you ported to another network, as they owned the number, they would set up routing to the new provider(This is how number porting works, of which I was unaware as I'm sure many are not). Issue is that if the provider goes bust, all those numbers go with them. So anyone who had a number that originated from them, even if they ported it to another network, suddenly lost not only their number, but any way shape or form of getting it back. The impact was devastating for many, including myself. All 2FA, or any account ties to that number you found yourself unable to control. Even if you had access to the account, to change the number would see them use best practice security to send a verification code to the old number. THis created a right nightmare as you can imagine with all the automated support we now have. So months of fun and games, with the odd gotcha popping up overlooked from time to time.

OFCOM failed to do anything, they could have forced them to sell the number range, taken over control of the umber range, or proactively thought out such situations due to the way they port numbers being that the new provider gets control of that number and not at the mercy of the previous provider, which in this case went bust.

Many other stories on this here: https://www.ispreview.co.uk/talk/threads/vectone-is-dead.406...

But like many, I myself contacted OFCOM and found a chocolate teapot far more comforting and with better results.

What with the UK pushing digital ID, funny anecdote there - I did jury service recently and they do not accept a digital ID as proof of ID, nor do they accept a selfie either as proof of age or ID ( we all had a good laugh as was done in the best possible taste ).

vaylian

what do you mean by "number"?

robin_reala

Phone number.

LandR

Until governments try to ban VPNs...

raesene9

That is one option, but then you get into the world of Corporate VPNs which are heavily in use and it would seriously cause problems if you banned.

Then you're into "what about all TLS connections" which can be used to send traffic, so you have to do TLS interception at scale, which is a very non-trivial problem to try and solve.

Then you're into non-TLS encrypted protocols, so your only option there is to block anything you can't intercept.....

At that point you've pretty much broken Internet access in your country, might as well just chop the cables :P

mcintyre1994

The more practical law is to ban using VPNs to bypass local censorship/filters/etc, which is the law the UAE has for example. Companies can keep using them for security, so can individuals who aren't using them to pretend to be somewhere else to bypass local laws.

This also has the benefit (to the government) of criminalising individuals, making prosecution much easier and allowing it to be more selective according to the government's whims. It reminds me of the way the US dealt with piracy, you could go after a bunch of college kids to make a point etc.

falcor84

I wish I was as optimistic about the resilience of the open web as you, but I see what the Chinese government achieved and what the Russian government have been doing over the last few years, and I'm very concerned.

stingraycharles

That is, until you only allow approved vendors (Microsoft, Cloudflare, etc) to provide these types of services. It’s very easy to pass laws like that, and it seems like centralization is the direction everything is headed.

IlikeMadison

They can fine all they want, if the company doesn't have any entity in said territory they can just ignore it. What Ofcom succeeded to achieve though is to deter more and more foreign IT companies to ever expand and create jobs in the UK.

HatchedLake721

> They can fine all they want, if the company doesn't have any entity in said territory they can just ignore it.

Try running an online poker site abroad and serve US players and find out how that'll work out for you.

Didn't work out well for Lithuanian/Canadian/Israeli Isai Scheinberg founder of Poker Stars, nor Calvin Ayre, the founder of the Bodog, who ended up on the FBI's top 10 list. United States reportedly sought* to seize around $3 billion worth of assets from 3 major online poker companies at the time.

https://poker.stackexchange.com/questions/457/is-online-poke...

https://en.wikipedia.org/wiki/United_States_v._Scheinberg

NitpickLawyer

> they can just ignore it.

Eh, maybe? Maybe not? What if years later someone from that company flies through the UK? And if you think you can avoid connecting flights there, what if a flight from NY to CDG has to do an emergency landing and chooses somewhere in the UK?

roblabla

If you're that paranoid, you _can_ just chose not to fly.

The bigger problem is if the UK has an extradition treaty with the country you live in.

crimsoneer

I mean, while this might be true, I'm not sure democracies being totally incapable of regulating the internet is a good place to be. I'm not sure a race to the bottom (if you attempt to regulate us in anyway we'll leave/go complain to the US president) is really a great outcome here. "Porn websites should check your age" is not some radical totalitarian demand I think?

gary_0

Everyone seems to be missing that the vast majority of adult websites already follow all the protocols so that they can be blocked by client-side parental software. A good-faith attempt to reduce kids' access to adult content would just be to educate parents about the use of that software on their family's devices, and to improve the standardization and accessibility of the existing parental control tools (which already work quite well). Nobody who isn't a parent would need to be (and never should be) bothered.

This approach would be much more effective than making ridiculous demands of privately run websites or attempting to ban VPNs. And yes, some kids will find a way around whatever system you set up; the solution to that is not to turn the whole of society into a police state. Some kids will always find ways to break the rules; many years ago when I was young I knew plenty of kids who found ways of getting their hands on alcohol or even worse things. Somehow society still exists today.

brainwad

I think it actually is a radical totalitarian demand, if the only accepted form of age verification is government ID scans or selfie face capture. People should have a right to serve content without having to deal with the SPII of their clients.

crimsoneer

... but they specifically don't have to, right? You can just use a third party verification company. Or you can not, if you'd prefer not to. You just have to do something vaguely meaningful that isn't just "Pinky swear you're 18".

IlikeMadison

Do you really believe Ofcom and the UK establishment in general really care about the children or terrorists when they are pushing for mandatory digital ID and age-verification in every aspect of our digital lives or are you playing naive?

crimsoneer

Controversially, I think most people I know in politics really are actual humans, who got into politics to stop bad things happening, and think that children having ready access to pornography is A Bad Thing.

zettabomb

The alternative to the OSA is not "being totally incapable of regulating the internet". There's a wide, wide gap between complete lack of regulation and what the UK has done.

aesh2Xa1

This law demands a surveillance architecture, not just porn regulation. Once the norm and mechanism to de-anonymize content use exists, it can be expanded to any content, including political dissent, and for both accessing AND contributing to content (like, for example, on HN). The line should be drawn here.

The vague potential harm of sex doesn't justify the concrete harm of abolishing digital privacy. Further, it's just sex. Equating imagery of legal, natural activity with physical danger is an error.

It is blatantly dangerous to justify stripping citizens of their anonymity. The lawmakers who proposed this are oppressors. They are the danger to our children.

sam-cop-vimes

Everyone disagreeing with this poster, are you okay with living in a society where anything goes? Do we give up trying to minimise harms because it is hard to do? The effort to regulate this sort of access has to start in some shape or form and then improved.

Come up with a better solution, provide a proof of concept and yes regulatory agencies / governments will take notice. People like us work in these agencies. Let's propose better ways of achieving the same goal of reducing porn exposure to minors - not keep bashing the initiative taken.

arccy

Why is that even a good goal in the first place? Must children grow up in a sterile environment coddled by a nanny state?

Lio

Sorry but I'm going to keep bashing the initiative because:

1. It doesn't stop kids from accessing porn because kids know about or can learn about free VPNs.

2. I think it exposes lots of adults to identity theft on non-porn websites by normalising compulsory ID checks. e.g. on Spotify, Bluesky, Reddit, etc. I think it's a matter of time before phishing sites start making use of this.

I think the implementors of this law either knew about these issues or are hopelessly naive.

Given that and the push for digital IDs at the same time I think they are bad actors and I question their motivation.

NitpickLawyer

> Come up with a better solution

Parents are responsible for their children.

mittensc

> . "Porn websites should check your age" is not some radical totalitarian demand I think?

How would that work? do you want to provide government id to watch porn?

And how is this helping since it's not going to work overall (other sites, torrents, etc)

VBprogrammer

If you take as a given that consenting adults should have access to sexually explicit material generated by other consenting adults; the potential for harm to adults is huge with the current implementations.

Can't wait for the headlines when the entire watch history of some famous person is released after someone recognises them in their "age verification scan".

It's about the only good thing which could come out of digital ID. Being able to proved proof of age in a double blind way.

Lio

I love the way that the BBC studiously doesn't name any AVS Group Ltd sites in that article.

sva_

Funnily, ofcom itself provides a list in the opening text

https://www.ofcom.org.uk/online-safety/protecting-children/i...

entuno

Yeah, they didn't really think through the fact they're publishing big lists of sites without effective age verification in all the investigation notices on their website..

DoctorOW

I'd like to think somewhere in the newsroom somebody read off the list of websites, nobody admitted to visiting, so they had to conclude none of them had name recognition.

null

[deleted]

curiousgal

Highly recommend watching The Thick of It to get a glimpse of how such UK policies come to be.

cynicalsecurity

UK repeats the same stupidity as the Prohibition in the United States was?

meitham

This ban targets children, prohibition covered adults! This more like requiring proof of id when you purchase alcohol

worldsavior

1M is nothing.

sam_lowry_

Nothing for you Facebook or Citybank crooks, but porn is a very competitive business with thin margins.

metalman

great news for self employed prostitutes everywhere

meitham

erm, I think they're now called "sex workers" but self-employed or digital prostitutes is more correct now, given the inability to tell if you're dealing with a person or AI hologram!

theturtle

[dead]