UK Online Safety Regulations and impact on Forums

[chillibear]

Not that I have seen. Chris has a few comments on this thread https://xenforo.com/community/threa...llegal-hate-speech.127828/page-2#post-1723660 which concerned some EU legislation that had similar lofty goals.

I would hope that in general for the smaller boards the approach of doing the risk assessment and "showing willing" will suffice. However I think there is some milage in improving some of the reporting tools and associated elements, either in the core or through add-ons that would be of general benefit no matter if there was a giant OSA looming over everyone.

The main bits I've not really gotten my head around is how age-verification fits in and how anonymous visitors tie into the OSA. Since most forums are essentially "read only" anonymous. In that context is a forum a "normal" website and therefore out of scope of the OSA and it only comes into scope when a client logs in and the site becomes "user to user"? So anyone further ahead in their reading who has a feel for that your insight would be very gratefully received.

 

[rogerl]

Not that I have seen. Chris has a few comments on this thread https://xenforo.com/community/threa...llegal-hate-speech.127828/page-2#post-1723660 which concerned some EU legislation that had similar lofty goals.

I would hope that in general for the smaller boards the approach of doing the risk assessment and "showing willing" will suffice. However I think there is some milage in improving some of the reporting tools and associated elements, either in the core or through add-ons that would be of general benefit no matter if there was a giant OSA looming over everyone.

The main bits I've not really gotten my head around is how age-verification fits in and how anonymous visitors tie into the OSA. Since most forums are essentially "read only" anonymous. In that context is a forum a "normal" website and therefore out of scope of the OSA and it only comes into scope when a client logs in and the site becomes "user to user"? So anyone further ahead in their reading who has a feel for that your insight would be very gratefully received.

To me the rules are all about user to user interaction, not user generated content (otherwise blog/newspaper contents etc would fall foul of it and they are specifically excluded) - so on that basis, read only access that non-members have shouldn't fall foul of anything unless you have pornographic content on your site which is covered seperately.

That said one of their cut-off points is 700,000 monthly users and that is defined as visitors, not posters/members in the guidance - clear as mud!

We should get the full Ofcom guidance on age-verification this month if I remember correctly.

 

[rogerl]

See this post and below :

Post in thread 'Better functionality to report and moderate illegal hate speech'

Dec 20, 2024

Not currently.

How many forums have been imposed fines due to the EU rulings from 7 years ago?

• Chris D

• 

Its is a bit of a cavalier approach, maybe we should all move over to Xenforo cloud?

 

[rogerl]

Age verification details released now and not good news

Age checks to protect children online

Children will be prevented from encountering online pornography and protected from other types of harmful content under Ofcom’s new industry guidance which sets out how we expect sites and apps to introduce highly effective age assurance.

www.ofcom.org.uk

• All user-to-user and search services – defined as ‘Part 3’ services[4] – in scope of the Act, must carry out a children’s access assessment to establish if their service – or part of their service - is likely to be accessed by children.
• Unless they are already using highly effective age assurance and can evidence this, we anticipate that most of these services will need to conclude that they are likely to be accessed by children within the meaning of the Act.
• any age-checking methods deployed by services must be technically accurate, robust, reliable and fair in order to be considered highly effective;
• confirms that methods including self-declaration of age and online payments which don’t require a person to be 18 are not highly effective;

 

[eaststandboy]

So would a simple solution for Xenforo be to get some image searching software to check images?

So we can any any porn images would be blocked from being uploaded?

For me, the risk of anyone posting porn is VERY low!

 

[alfaNova]

Age verification details released now and not good news

Age checks to protect children online

Children will be prevented from encountering online pornography and protected from other types of harmful content under Ofcom’s new industry guidance which sets out how we expect sites and apps to introduce highly effective age assurance.

www.ofcom.org.uk

• All user-to-user and search services – defined as ‘Part 3’ services[4] – in scope of the Act, must carry out a children’s access assessment to establish if their service – or part of their service - is likely to be accessed by children.
• Unless they are already using highly effective age assurance and can evidence this, we anticipate that most of these services will need to conclude that they are likely to be accessed by children within the meaning of the Act.
• any age-checking methods deployed by services must be technically accurate, robust, reliable and fair in order to be considered highly effective;
• confirms that methods including self-declaration of age and online payments which don’t require a person to be 18 are not highly effective;

I think legal demands have started to be taken to extremes. In short, they say small forums should close.

I'm not sure if there are 3rd party services that can verify age. But the requirements are becoming unenforceable.

 

[eaststandboy]

Quick guide to children’s access assessments

Children’s access assessments are a new assessment that all user-to user-services and search services (‘Part 3 services’) regulated under the Online Safety Act must carry out to establish whether a service – or part of a service – is likely to be accessed by children.

www.ofcom.org.uk

Stage 1: Yes, it is possible children could access my forum
Stage 2: "Are there significant number of children who are users of the service?" - no
"Is the service of a kind likely to attract a significant number of children?" - no

I ran a poll on my forum at the end of Dec and had 2 users reply as under 18, that was 0.7% of those that replied.

 

[Suzanne O]

I think legal demands have started to be taken to extremes. In short, they say small forums should close.

I'm not sure if there are 3rd party services that can verify age. But the requirements are becoming unenforceable.

This isn't funny.
You'll find that Australia has a law that bans u/16's from using social media.
It's because of the pornbots and other associates causing trouble!

 

[rogerl]

Stage 1: Yes, it is possible children could access my forum
Stage 2: "Are there significant number of children who are users of the service?" - no
"Is the service of a kind likely to attract a significant number of children?" - no

I ran a poll on my forum at the end of Dec and had 2 users reply as under 18, that was 0.7% of those that replied.

Absolutely, and very very few forums will be accessed by children - our own demographic is largely middle aged men

but Ofcom say

• Unless they are already using highly effective age assurance and can evidence this, we anticipate that most of these services will need to conclude that they are likely to be accessed by children within the meaning of the Act.

 

[eaststandboy]

Absolutely, and very very few forums will be accessed by children - our own demographic is largely middle aged men

but Ofcom say

• Unless they are already using highly effective age assurance and can evidence this, we anticipate that most of these services will need to conclude that they are likely to be accessed by children within the meaning of the Act.

Are there any age assurance services that would integrate with XF?

What about members already registered?

Could we ask new members to send a selfie with a passport?

Would ANYONE accessing the forum have to prove their age?

 

[Arantor]

Are there any age assurance services that would integrate with XF?

What about members already registered?

Could we ask new members to send a selfie with a passport?

You could but then you run into questions about violating the GDPR (Data Protection Act 2018 specifically in the UK) since that’s a category of privileged PII.

 

[rogerl]

Are there any age assurance services that would integrate with XF?

What about members already registered?

Could we ask new members to send a selfie with a passport?

1. There will be as they have APIs, but non currently integrated as far as I know and they come with significant costs
2. I think there has to be a reasonable cut-off point. If someone has been on your forum for many years they are unlikely to be under 18
3. We could, but would you sign up to a forum with those rules? I doubt I would! Then you also fall into GDPR and how you are going to store all of that personal data.

I think I will move to China. Land of the free.

 

[alfaNova]

You are all admins in a forum. Would you give any of the following when registering for a forum? I certainly wouldn't and I'm sure many people wouldn't either.

• Open banking
• Mobile network operator (MNO) age check
• Photo ID matching
• Credit card checks
• Digital identity wallets
• facial age estimation

The UK's communications regulator has laid out guidance on how online services might perform age checks as part of the Online Safety Act.

The range of proposals from Ofcom are likely to send privacy activists running for the hills. These include credit card checks, facial age estimation, and photo ID matching.

The checks are all in the name of protecting children from the grot that festoons large swathes of the world wide web. However, service providers will likely be stuck between a rock and a hard place in implementing the guidance without also falling foul of privacy regulations. For example, Ofcom notes the following age checks as potentially "highly effective":

• Open banking, where a bank confirms a user is over 18 without sharing any other personal information.
• Mobile network operator (MNO) age check, where the responsibility is shunted onto an MNO content restriction filter that can only be removed if the device user can prove to the MNO that they are over 18.
• Photo ID matching, where an image of the user is compared to an uploaded document used as proof of age to verify that they are the same person.
• Credit card checks, where a credit card account is checked for validity – in the UK, credit card holders must be over 18.
• Digital identity wallets and, our favorite, facial age estimation, where the features of a user's face are analyzed to estimate the user's age.

It doesn't take a genius to imagine how a determined teenager might circumvent many of these restrictions, nor the potential privacy nightmare inherent in many of them if an adult is forced to share this level of info when accessing age-restricted sites.

At this point, readers might be getting a distinct feeling of déjà vu. In 2022, the UK government threatened the requirement of handing over all range of personal data to access social media sites. The justification was protecting children from pornography, and so here we are. The idea of age verification was floated years before and has returned as part of the Online Safety Bill.

Ofcom publishes UK age verification proposals

Won't somebody think of the children?

www.theregister.com

 

[eaststandboy]

1. There will be as they have APIs, but non currently integrated as far as I know and they come with significant costs
2. I think there has to be a reasonable cut-off point. If someone has been on your forum for many years they are unlikely to be under 18
3. We could, but would you sign up to a forum with those rules? I doubt I would! Then you also fall into GDPR and how you are going to store all of that personal data.

I think I will move to China. Land of the free.

Or move to a forum provider which can cater for these new barbaric needs!

 

[eaststandboy]

These new requirements are aimed at X, it is like a porn website nowadays!

 

[rogerl]

These new requirements are aimed at X, it is like a porn website nowadays!

X and Facebook will carry on regardless, as will all the porn sites, whereas well run niche forums controlled by responsible admins and moderators will be driven under. That is the irony of it all.

 

[chillibear]

Age verification details released now and not good news

• All user-to-user and search services – defined as ‘Part 3’ services[4] – in scope of the Act, must carry out a children’s access assessment to establish if their service – or part of their service - is likely to be accessed by children.
• Unless they are already using highly effective age assurance and can evidence this, we anticipate that most of these services will need to conclude that they are likely to be accessed by children within the meaning of the Act.
• any age-checking methods deployed by services must be technically accurate, robust, reliable and fair in order to be considered highly effective;
• confirms that methods including self-declaration of age and online payments which don’t require a person to be 18 are not highly effective;

I'm not sure if there are 3rd party services that can verify age. But the requirements are becoming unenforceable.

There are "solutions", but very few publish pricing from what I can see. One of those that does for instance: https://sumsub.com/age-verification/ charge $1.35 per lookup, BUT have a minimum of $149 a month commitment. Instantly blowing it out of the water for a little forum. Even if sending of your ID and selfies and the like wouldn't totally kill new registrations! Now granted there may now be a sudden surge of lovely cheap providers offering tie-ins to all sorts of user-to-user software, but it'd still probably kill sign-ups.

I've not read the Age stuff myself yet, looks like a fun afternoon!

So would a simple solution for Xenforo be to get some image searching software to check images?

For the CSAM it's not that easy as the mechanisms used (fuzzy hash matching) seem to be kept private and it's just a few large operators who offer the service. You normally have to apply to those bodies and jump through various hoops to explain why you need access. The closest I have found to a "public" service that can do that is Cloudflare talk about offering a service for their customers - https://blog.cloudflare.com/the-csam-scanning-tool/ I've not looked into it yet. Otherwise I thin you're looking at https://www.microsoft.com/en-us/photodna or IWF https://www.iwf.org.uk/membership/fees/

For more general scanning any of the large Image AI vision systems can generate various bit of information about an image which you may use for filtering. Although of course there isn't any existing structure in XF to immediately tie into. I suspect there might already be some milage in the webhooks tech in 2.3, but that wouldn't immediately provide an end-to-end solution. Coming up with a generic system that was not tied to a particular provider would probably be very useful. It may be the sort of thing that could be commissioned by several interested parties here.

Then there are probably improvements that could be made to the existing attachment browser to make that more useful in managing uploaded content. One thing I've always thought would be useful it the ability to replace an attachment with another image, without faffing around figuring out all the DB ids and the like.

It's worth considering hotlinked images in all this since they will be displayed in your forum, so including those in any image scanning solution would be important.

 

[eaststandboy]

https://xenforo.com/community/resources/ozzmodz-adult-content-filter.8401/ - would this work to stop porn?

 

[rogerl]

https://xenforo.com/community/resources/ozzmodz-adult-content-filter.8401/ - would this work to stop porn?

Is porn even an issue for any of us? We get thousands of posts each day, we have had a handful of posts containing porn posted in all of the years we have run, and when it has occured it was swiftly reported by our users and dealt with by the moderators immediately.

Our members are far more effective than any fuzzy algorithms or CSAM searches.

 

[alfaNova]

https://xenforo.com/community/resources/ozzmodz-adult-content-filter.8401/ - would this work to stop porn?

We need better than that. Look at the crime list. Is saying we have to control everything.

AI Bots

Multifunctional artificial intelligence forum bots.

ai-bots.devsell.io

There can be some additions to the above addon maybe to review the content and report it to the admins.

NOTES TO EDITORS

• The Online Safety Act lists over 130 ‘priority offences’, and tech firms must assess and mitigate the risk of these occurring on their platforms. The priority offences can be split into the following categories:
  • Terrorism
  • Harassment, stalking, threats and abuse offences
  • Coercive and controlling behaviour
  • Hate offences
  • Intimate image abuse
  • Extreme pornography
  • Child sexual exploitation and abuse
  • Sexual exploitation of adults
  • Unlawful immigration
  • Human trafficking
  • Fraud and financial offences
  • Proceeds of crime
  • Assisting or encouraging suicide
  • Drugs and psychoactive substances
  • Weapons offences (knives, firearms, and other weapons)
  • Foreign interference
  • Animal welfare

Time for tech firms to act: UK online safety regulation comes into force

People in the UK will be better protected from illegal harms online, as tech firms are now legally required to start taking action to tackle criminal activity on their platforms, and make them safer by design.

www.ofcom.org.uk

Who the rules apply to​

All in-scope services with a significant number of UK users, or targeting the UK market, are covered by the new rules, regardless of where they are based.

The rules apply to services that are made available over the internet (or ‘online services’). This might be a website, app or another type of platform. If you or your business provides an online service, then the rules might apply to you.

Specifically, the rules cover services where:

• people may encounter content (like images, videos, messages or comments), that has been generated, uploaded or shared by other users. Among other things, this includes private messaging, and services that allow users to upload, generate or share pornographic content. The Act calls these ‘user-to-user services’;
• people can search other websites or databases (‘search services’); or
• you or your business publish or display pornographic content.

To give a few examples, a 'user-to-user' service could be:

• a social media site or app;
• a photo- or video-sharing service;
• a chat or instant messaging service, like a dating app; or
• an online or mobile gaming service.

The rules apply to organisations big and small, from large and well-resourced companies to very small ‘micro-businesses’. They also apply to individuals who run an online service.

It doesn’t matter where you or your business is based. The new rules will apply to you (or your business) if the service you provide has a significant number of users in the UK, or if the UK is a target market.