UK Online Safety Regulations and impact on Forums

[Alvin63]

so if you as an adult buy a phone and SIM and you are the one on the contract and you just give it to your kid then the check is going to say 18+, apparently in that situation of buying a contract you're supposed to have have details of the actual device user so. It's a limitation you do have to bear in mind. Ofcom seem happy from their docs with mobile checking, so make of that what you will.

This is why it's an absolute farce! Ofcom are happy with that and it doesn't even age verify children! However, although Ofcom accept phone age checking, they might not accept that particular one. Some phone checking services verify an age by whether or not the adult filter is turned off on the account. Which, while it might not actually verify it's not an adult, does show the adult filter is turned off! But then children can use different devices.

I'm only looking at the email and face id ones so far. And I agree Shufti sounds the best option so far. But for my part, I couldn't be paying large sums upfront. It's possible they may agree "instalments". Whether that means monthly over a year or three years I'm not sure yet. But at $1000 that would still be $83 a month over a year. $27 a month over three years. They presumably just want to tie you into three years-worth of usage so people don't just do it for a few months and then cancel. Which could be an issue if the software turns out to be problematic.

My two preferred options at the moment are:

1) Face scanning with Shufti
2) Email verification via Verifymy - but they haven't even confirmed a date and time for a phone call yet! They suggested today - I suggested 2pm, they didn't reply and I haven't had a phone call.

 

[Alvin63]

I may have misunderstood the laws, but I thought if you were age-restricting anything (be that registration or just features) that their location didn't matter to Ofcom. I might need to re-check if it's only <18 in the UK I need to "keep safe" and if you are outside the UK and <18 that's not a problem that does change the landscape a bit.

It's not clear is it? But I think it's "children" per se. If you have a significant number of Uk users then the law applies regardless of where other users are, is my understanding.

 

[Alvin63]

Age Verification update on my end (plus another matter below)

Just spoken with VerifyMy. As mentioned earlier, it's email based age-verification. 35p per check. If one email address doesn't pass, they have the option to try a second email address apparently, and if that doesn't work it goes to face ID. They are sending me the API docs. Because if using them I would need a programmer for the API!

They're a Uk company and my inclination is this is a good option and charge a one of registration fee of say £1 with an explanation that this is a one off charge to cover age verification.

But I haven't seen the API documentation yet!

Retrospective checking of site content?

On another issue. In terms of assessing a forum for harms - presumably this means all previous posts and not just new postings after the date of the act? That is one thing that I found overwhelming. Would you also need to go through all previous posts checking if anything breached the act? I remember in the past the odd bit of "bullying" by one member occasionally, who was warned a couple of times before being banned. I can't for the life of me remember whether the posts were deleted or resolved within the thread.

My other thing (which is why I think age verification is needed) is the site was very image and video heavy. Embedded youtube videos. Without age verification, would those videos be seen just as a direct link to youtube per se - ie the ability to watch ANY video - suitable or not?

You can't possibly, retrospectively check every single thread!

 

[eva2000]

You can't possibly, retrospectively check every single thread!

Technically, you can for some harms. But it would be expensive and time-consuming Edit: you meant for age-related verification for videos

 

[Alvin63]

For anything really. I guess you could run a scan for certain words or phrases retrospectively? But if you had age verification then maybe the videos wouldn't matter anyway. But this is why I wouldn't want to do a child risk assessment - retrospective checking. And would rather have age verification instead.

 

[Alvin63]

What do others think? When assessing the harms, does it need to be retrospective - for all existing site content? Maybe not so much an issue for the first risk assessment, but could be for the child risk assessment.

 

[chillibear]

They are sending me the API docs. Because if using them I would need a programmer for the API!
If you don't mind could you chuck them my way - odds are they will be similar to the API I'm currently using, but I'd be most interested to see them.

This is why it's an absolute farce! Ofcom are happy with that and it doesn't even age verify children!

Yep, it's one of those areas where I think (and this was just my impression from the chat earlier) that part of the purchase requires you to identify the user of the device, but in reality I bet good money huge numbers of kids in the UK have a phone that "legally" appears to all intents and purposes to be owned by an adult. So to have a phone contract you have to be 18+, but the contract can be in the adults name and the phone user can be a child and their details should be recorded, but I bet half the time that doesn't happen. Afraid I just don't know enough about buying mobiles to really know how loose/tight the checks would be. Let alone how well they work globally!

Speaking of which I'm actually reading the act... https://www.legislation.gov.uk/ukpga/2023/50?view=plain The introduction says:

This Act provides for a new regulatory framework which has the general purpose of making the use of internet services regulated by this Act safer for individuals in the United Kingdom.

So to my "Not a Lawyer" pedant self that could suggest that the purpose of the act is just to keep the UK kiddies safe and everyone be damned. Now does that mean when the rest of the act talks about users and children and so forth there is an implicit "UK children" rather than "children" I don't know, the rest of the act talks in general terms about protecting people/children. I suspect it's one of those situations where you'd have to actually go through a court case to generate case-law to settle the matter.

I've also not actually spotted the formal definition of a "user". I really don't want to go down the rabbit hole of a "user" being a visitor. I know upthread we concluded it was someone with an account, otherwise we're really into "walled garden" type sites - which as so much over-regulation somewhat drives stuff "out of site" which is probably not actually safer!

Anyhow I'm not going to read it all today, but in someways it's almost easier to read than the Ofcom guidance!

What do others think? When assessing the harms, does it need to be retrospective

I would assume so technically. Even on my tiny forum (~120k messages) there are some older threads from before my time where some users were accused of bullying each other. So I've not read every thread on that. On the larger forum there are some 9.5M messages and I only run that from a tech POV I don't read it and I know there is more stuff in there that is "community" and off the specialist topic, so much more open to being "harmful" (whatever that really means). That said generally moderation is fairly good - so I suspect anything that was really bad would have been flagged a long time ago.

 

[Alvin63]

but the contract can be in the adults name and the phone user can be a child and their details should be recorded, but I bet half the time that doesn't happen. Afraid I just don't know enough about buying mobiles to really know how loose/tight the checks would be. Let alone how well they work globally!

The norm, is that the parent takes out the contract and the phone company has no idea who it's for - because that is how we do it. They are not the slightest bit interested who uses the phone! Eg I have two contracts on my plan - one for myself, one for our son. No details that one contract is for an under 18 and it's up to the account holder to set any limits. The only limit I saw to set was a "cap" so they didn't go over the data usage each month. If there is an option to remove an adult filter, I don't remember it - and I think the phone user themselves can just remove it.

So I don't think it's an acceptable option. There are some companies who have more in depth checks than just the account holder being an adult.

This Act provides for a new regulatory framework which has the general purpose of making the use of internet services regulated by this Act safer for individuals in the United Kingdom.

This just says "individuals". It doesn't mention children alone.

While I prefer the idea of 20c per sign up face id, I would rather pay 35p per sign up email ID and charge a very small one off subscription fee. Although yes it will put people off signing up. But the whole payment is then covered immediately with no advance payments needed.

There is, however, nothing to stop an adult signing up and letting a child see the site on their account. But at least then the onus is on the parent.

I am sure there are some earlier threads on my site where moderation wasn't that good and there was arguing and "potentially" bullying - because I was completely new to it all lol. I remember one in particular (which I could check) where there was a bit of a pile on, on one member who was posting inappropriate medical (pet) care. I didn't handle it that well! Easy enough to just delete that thread though.

There was also a very long thread which was a word game and I am sure there are some "potentially" inappropriate words in that. And comments about "black hamsters" not photographing very well

 

[chillibear]

This just says "individuals". It doesn't mention children alone.

Well the act itself does target everyone. It's only that it gets a bit more "serious" and woolly when considering children. You're still obligated to protect the poor adults from stubbing their toes, etc.

OneID did tell me:

Previous to Ofcoms changes around OSA, we didn’t have a mobile data services check, we worked with a company that was set up by two individuals who left Ofcom to help businesses shape their solutions to achieve Ofcoms required level.

I honestly can't see how mobile checks possibly work in the UK let alone around the world. That in itself since the Ofcom guidance specifically mention them as potentially being suitable makes me rather question the whole point of it. I mean lets just go back to a "Over 18" checkbox and be done with it. Just as effective! Maybe, the reality is most mobile checks would fail as they can't sufficiently prove the owner is 18+?

Anyhow I'm not sure OneID is going to quite work for us as the banking is UK only (and I suspect the intent of the law includes non-UK children) and the mobile checks just seem a bit iffy to me. That would leave us needing the ID checking - which at £1.75 per check and even a semi-flexible usage is still more than I suspect we might use in a steady state situation. Despite the flaws in my current system it's still cheaper and probably "good enough", I suspect I'd need to negotiate a custom deal with OneID where we had a pot of money that could be used for either ID or Banking that was acceptable to both parties. Shufti still has some potential, but I've not had their docs sent over yet. That might just be that the person I spoke to is doing a full day of meetings and I'm inpatient!

 

[Alvin63]

"Part 10 of the Act, which comes into force on 31 January 2024, introduces a number of new “communication offences” for users who send harmful messages on a social media platform, messaging service, dating app or by “airdrop“. The new communication offences will apply to users variously across the home nations. Part 10 of the Act will have retrospective effect and includes:"

UK Online Safety Act – The New “Communication Offences”

www.phb.co.uk

They seem extreme offences and unlikely to be on any forum even if they are retrospective offences.

 

[Alvin63]

They are sending me the API docs. Because if using them I would need a programmer for the API!
If you don't mind could you chuck them my way - odds are they will be similar to the API I'm currently using, but I'd be most interested to see them.

Yep, it's one of those areas where I think (and this was just my impression from the chat earlier) that part of the purchase requires you to identify the user of the device, but in reality I bet good money huge numbers of kids in the UK have a phone that "legally" appears to all intents and purposes to be owned by an adult. So to have a phone contract you have to be 18+, but the contract can be in the adults name and the phone user can be a child and their details should be recorded, but I bet half the time that doesn't happen. Afraid I just don't know enough about buying mobiles to really know how loose/tight the checks would be. Let alone how well they work globally!

Speaking of which I'm actually reading the act... https://www.legislation.gov.uk/ukpga/2023/50?view=plain The introduction says:

So to my "Not a Lawyer" pedant self that could suggest that the purpose of the act is just to keep the UK kiddies safe and everyone be damned. Now does that mean when the rest of the act talks about users and children and so forth there is an implicit "UK children" rather than "children" I don't know, the rest of the act talks in general terms about protecting people/children. I suspect it's one of those situations where you'd have to actually go through a court case to generate case-law to settle the matter.

I've also not actually spotted the formal definition of a "user". I really don't want to go down the rabbit hole of a "user" being a visitor. I know upthread we concluded it was someone with an account, otherwise we're really into "walled garden" type sites - which as so much over-regulation somewhat drives stuff "out of site" which is probably not actually safer!

Anyhow I'm not going to read it all today, but in someways it's almost easier to read than the Ofcom guidance!


I would assume so technically. Even on my tiny forum (~120k messages) there are some older threads from before my time where some users were accused of bullying each other. So I've not read every thread on that. On the larger forum there are some 9.5M messages and I only run that from a tech POV I don't read it and I know there is more stuff in there that is "community" and off the specialist topic, so much more open to being "harmful" (whatever that really means). That said generally moderation is fairly good - so I suspect anything that was really bad would have been flagged a long time ago.

"If you don't mind could you chuck them my way - odds are they will be similar to the API I'm currently using, but I'd be most interested to see them."

If they ever send them! Nothing as yet. They are particularly slow by email.

 

[Alvin63]

Don't suppose anything will arrive until after the week-end now.

 

[Suzanne O]

@Alvin63
What's your rules on your forum like?
Maybe add this Age Verification as appropriate ID.
Then add this whole thing as another important thread explaining to your members that things have changed and what penalties could happen if the members test the system.

 

[Alvin63]

Really missing having a forum I'm used to posting a lot every day - hence posting so much on here I'm still thinking it's all too much hassle and stress though - extra moderation, Age ID, API's, charging for registration...... Setting up censoring for words and phrases. It wouldn't be the same. On the other hand, it's stressful not having the forum as well. Complete messy situation - thank you Gov.

 

[Suzanne O]

Really missing having a forum I'm used to posting a lot every day - hence posting so much on here I'm still thinking it's all too much hassle and stress though - extra moderation, Age ID, API's, charging for registration...... Setting up censoring for words and phrases. It wouldn't be the same.

Maybe have a smaller forum that isn't educational and have a general forum and discuss it there

 

[robt]

Aware of two other forums; one has closed due to OSA and other has been moved to USA owner/host it seems.

 

[JamesBrown]

Aware of two other forums; one has closed due to OSA

What niche were they in? Was it a growing forum?

 

[Mr Lucky]

Was it a growing forum?

Cannabis or tomatoes?

 

[MentaL]

Cannabis or tomatoes?

 

[Suzanne O]

Cannabis or tomatoes?

Did a check... couldn't see the weed one but the tomato one went to a different server