Should be enough, as even if the odd one slips through, I think it's only if you have "significant" numbers of Uk members. But you'd probably be expected to ban anyone you found out was a Uk member as well and have that in TOS or something.
UK Online Safety Regulations and impact on Forums
- Thread starter lazy llama
- Start date
-
- Tags
- regulation
There's another reason for age verification as well. Even if you left the age as over 13 and did a child risk assessment and mitigations. How do you know you don't have kids under 13 joining up? And then aren't you falling in the realms of COPPA? Data on under 13's? Or is that just for US sites?
Last edited:
i didnt quite notice the rule being date stamped....that would be nice just simple evidence to present....but yes im not overly concerned as on their list or anything....just things like IP logs or anything you know....it seems like they could force giving things like that up? just to prove you are being compliant which i dont really like....
Well I guess if you have uk IP addresses then it would look like you're not being compliant, but you've blocked them haven't you?
im saying it looks like a reach to me, like idk if they can even ask for that.....but im sure they will want to ask for something they didnt define yet etc...so we have to wonder what that might be.....
a screenshot of a date stamped rule would do that, but without the date stamp idk......im not digging in and retro banning long time members either. or like what are we supposed to just look and ban anyone that ever logged in from a uk IP? can XF even filter IP in search like that?
yeah we have this block page now but its very ugly and doesnt explain anything.....and requires a pro plan to change that.....can i invoice that to OFCOM?
or just let the flood of emails begin then...except how is anyone supposed to know where to even email sigh...
a screenshot of a date stamped rule would do that, but without the date stamp idk......im not digging in and retro banning long time members either. or like what are we supposed to just look and ban anyone that ever logged in from a uk IP? can XF even filter IP in search like that?
yeah we have this block page now but its very ugly and doesnt explain anything.....and requires a pro plan to change that.....can i invoice that to OFCOM?
or just let the flood of emails begin then...except how is anyone supposed to know where to even email sigh...
How would this look for Child Risk Assessment mitigations (including general risk assessment mitigations)? The issue still is lack of moderators, especially overnight ........
- Addon to remove exif data from photos
- Censors set up for certain words.
- Third layer of spam protection in addition to turnstile and stopforumspam (Ozzie’s spaminator addon? ……..
- Restrictions on guests - no photos visible or links viewable or clickable
- Set age limit to over 16.
- ? Youtube links – should they just be left? And rely on youtube age verification?
- Remove sharing links to Twitter and Facebook etc
- Cloudflare CASM removal
- Need a US moderator ......
- Permissions: New members can’t post photos or links until they’ve had 3 posts.
- New link for “complaints”
- Edit TOS to say what the site is doing to prevent illegal harms (mention using report button).
- Change forum rules to say NO photos of injured animals unless it’s an urgent health concern and then use a spoiler alert to hide the photo. ?Keep things friendly and civil – bullying will not be tolerated. Mention using the REPORT button.
- DM’s turned off except to and from Admin. So leave automatic welcome message which then allows that member to reply.
- Link forum rules to TOS and vice versa.
- Leave home page as it is – no clickable links. But allow comments and reviews. Guests remain blocked from posting anywhere.
- Addon to notify moderator/s of reports
Last edited:
Update. Been chatting with Genesis, who has been incredibly helpful. and I am sorted with AI content moderation specifically for Ofcom illegal harms. I think he said it's yet to be published but I have gone ahead.
So based on that. I think I'll leave age verification and mitigate for a Child Risk Assessment. It's just what I needed. An AI moderator bot
I have it installed ready for testing .......... General web page here.
I think this could be really helpful for a lot of forums.
So I've gone back to the original risk assessment I started before taking the forum offline and completed it. I think I've worked it out now.
That Online Assessment tool has a record keeping downloadable file. Where you fill in all the information for the 17 illegal harms - coresponding to what you filled in on the online assessment tool. You then get to the section in the online tool for recommended safety measures and copy those and their "codes" into the boxes at the end of the downloadable form.
That completes all the record keeping and risk assessment (I think). It's intended to be emailed back when completed (ie recorded and reported) but I didn't email it back because I think smaller sites don't have to.
So going through all the recommended safety measures, you copy each one, one at a time into the relevant box (they are small one line boxes but expand so you can add all the measures one by one).
So for example this recommended measure for "Content Moderation Function".
You put
ICU C1 Content moderation function to review and assess suspected illegal content
in the box
Next box you put when it was implemented (date)
Then you add the "relevant codes and duties" (copying and pasting them) - in the boxes for those. See screenshot below.
So the relevant codes for that measure are
Relevant codes: Child sexual exploitation and abuse, Terrorism, Other duties
The relevant duties for that measure are
Relevant duties: Section 10(2) and(3). Section 21(2)(b) Online Safety Act 2023
So I've finally got it completed. Just using the online tool and the downloadable form (but it's not a pleasant form to fill in and saves as some kind of word document that has extra functions, so it can't be linked anywhere as a word document). EDIT: It's an ODT document. So now saved it as a word document and it's a normal Word Document now.
This is what mine looks like in the end section (after completing all the individual online harms and risk factors and mitigations etc).
Apologies if people already know all this and I've only just fully worked it out. And there are probably other ways of doing record keeping and risk assessment as well.
Basically, by going through the online tool step by step, it gives you all the information needed to complete the record keeping and risk assessment. Your low risk, negligible risk selections on the online tool, need to tally with what you then record on the form. Adding your specific risks in words (or lack of them) and what is in place to mitigate them. Then state what evidence there is of that (I just stated screenshots of software like CSAM from cloudflare, spam settings etc as evidence and other software used).
The final bit of the online tool - recommended measures. Gives you all the measures for your circumstances (having completed the earlier part of the tool), which you then copy and paste into the relevant boxes (as above).
If doing it again next year, on review, I think I'd just type it as a word document, but completing the form was useful to know exactly what was needed for the record keeping and risk assessment. Horrible form to fill in though.'
I hope it isn't a similar lengthy process for a Child Risk Assessment, when it gets published.
That Online Assessment tool has a record keeping downloadable file. Where you fill in all the information for the 17 illegal harms - coresponding to what you filled in on the online assessment tool. You then get to the section in the online tool for recommended safety measures and copy those and their "codes" into the boxes at the end of the downloadable form.
That completes all the record keeping and risk assessment (I think). It's intended to be emailed back when completed (ie recorded and reported) but I didn't email it back because I think smaller sites don't have to.
So going through all the recommended safety measures, you copy each one, one at a time into the relevant box (they are small one line boxes but expand so you can add all the measures one by one).
So for example this recommended measure for "Content Moderation Function".
You put
ICU C1 Content moderation function to review and assess suspected illegal content
in the box
Next box you put when it was implemented (date)
Then you add the "relevant codes and duties" (copying and pasting them) - in the boxes for those. See screenshot below.
So the relevant codes for that measure are
Relevant codes: Child sexual exploitation and abuse, Terrorism, Other duties
The relevant duties for that measure are
Relevant duties: Section 10(2) and(3). Section 21(2)(b) Online Safety Act 2023
So I've finally got it completed. Just using the online tool and the downloadable form (but it's not a pleasant form to fill in and saves as some kind of word document that has extra functions, so it can't be linked anywhere as a word document). EDIT: It's an ODT document. So now saved it as a word document and it's a normal Word Document now.
This is what mine looks like in the end section (after completing all the individual online harms and risk factors and mitigations etc).
Apologies if people already know all this and I've only just fully worked it out. And there are probably other ways of doing record keeping and risk assessment as well.
Basically, by going through the online tool step by step, it gives you all the information needed to complete the record keeping and risk assessment. Your low risk, negligible risk selections on the online tool, need to tally with what you then record on the form. Adding your specific risks in words (or lack of them) and what is in place to mitigate them. Then state what evidence there is of that (I just stated screenshots of software like CSAM from cloudflare, spam settings etc as evidence and other software used).
The final bit of the online tool - recommended measures. Gives you all the measures for your circumstances (having completed the earlier part of the tool), which you then copy and paste into the relevant boxes (as above).
If doing it again next year, on review, I think I'd just type it as a word document, but completing the form was useful to know exactly what was needed for the record keeping and risk assessment. Horrible form to fill in though.'
I hope it isn't a similar lengthy process for a Child Risk Assessment, when it gets published.
Last edited:
Although at the top of the form it says
"This can be used alongside our ‘Check how to comply with the illegal content rules’ tool but using it does not guarantee your compliance."
So what does guarantee compliance then? I guess the info you put in the form for your mitigations?
"This can be used alongside our ‘Check how to comply with the illegal content rules’ tool but using it does not guarantee your compliance."
So what does guarantee compliance then? I guess the info you put in the form for your mitigations?
Still think youtube videos are a problem though. A link to another site which I'd be supposed to mitigate the risk of. There's all sorts on youtube. In fact external links generally are an issue. Members could have them in profiles - eg to their instagram accounts.
Last edited:
eva2000
Well-known member
Still confusing even with the tool. I whipped up an online form version of record keeping form - first revision at https://osa-act-form.centminmod.com. You can compare to pdf version to see if anything is missing should be close.
eva2000
Well-known member
from https://www.ofcom.org.uk/online-saf...-how-to-comply-with-the-illegal-content-rules basically means self-assessment can't guarantee you complied fully with the ActAlthough at the top of the form it says
"This can be used alongside our ‘Check how to comply with the illegal content rules’ tool but using it does not guarantee your compliance."
So what does guarantee compliance then? I guess the info you put in the form for your mitigations?
Yes AI says using the tool and document itself doesn't mean compliance - it's what you implement on site and mitigate for that provides compliance. So I'm still stuck on external links to youtube. Don't want to lose all the videos - but don't want them to link back to youtube. Simply because of the under 18 element. Back to hyperlink problems again. Even if they're not illegal harm ones. It's the whole "leading children offsite" thing. And that's just for the basic risk assessment.
Last edited:
dont the same rules apply for you tube? im a little foggy how sites like discord seem to be ignoring this but that seems unreasonable for you to be responsible for whats posted on an external site.....i mean most the world is not going to block the uk and call it a day....so maybe it is early still but by summer the whole internet is going to be censored more or less isnt it? anything where people talk to each other anyway right, then its just a matter of which exact topics and political views etc are disallowed, as they determine ever changing definitions....but it seems like that should loosen individual cross site liabilities? idk i still kind of feel the whole act is "illegal" and "corrupted" but they organized it so all we can do is try to understand where all these hoops are to jump thru.
It is like a really horrible exam paper IMO. And some of it still doesn't make sense. It requires you to be able to take something down quickly on your own site. But your site isn't really safe if it has links that could lead children to the whole of youtube. I did google what Youtube were doing to comply but it's a massive site and they may never be able to fully comply. It would be good to know if they were going to age verify anyone who arrived via a link from another site. But they aren't right now.
So it's the flaw in my risk assessment if I leave youtube videos on. Can't quite get my head around it. But you're supposed to mitigate for illegal harms - so even if they're not on your site, I guess youtube links could be seen as "potentially" harmful. I don't know.
I might write to MP about this and say - who is responsible here? But they do seem to put the onus on the site owner.
This is partly why I wanted age verification. Just to keep the site in tact. If I had to lose the videos I can't really comply without losing all the threads! Far too many videos to go back and remove them all. Maybe there's an addon could do that, but it would spoil the site then. Might as well just start from scratch in that case.
All the Ofcom blurb - say you need to read and understand the long lasting effect of harms etc, when making your risk assessment. It's heavy stuff. Just wouldn't want to get fined for having "risks for children" on my site - ie links to a site with adult content. Except my site is for adults as well. Despite being safe. Hence wanting to keep kids off and have age verification! Why should the adults have a dumbed down site?!!
I think everyone is " a little foggy" about much of it! I don't see why youtube shouldn't be responsible for any kids accessing it via other sites.......but you are responsible for your site, if kids can access it. It's a bit of a grey area. It would be nice if Ofcom could clarify that. Can't see a way to contact them - I guess you have to just write to your MP to get a response.
The only "kids" aspects youtube seem to have - for parents/parental controls, is where kids access youtube directly from devices, as opposed to following links.
Apparently you can embed youtube videos without the link by copying an embed thing on the video - but I couldn't retrospectively do that for all videos. And it would take a lot of monitoring if users forget or don't do it that way.
So it's the flaw in my risk assessment if I leave youtube videos on. Can't quite get my head around it. But you're supposed to mitigate for illegal harms - so even if they're not on your site, I guess youtube links could be seen as "potentially" harmful. I don't know.
I might write to MP about this and say - who is responsible here? But they do seem to put the onus on the site owner.
This is partly why I wanted age verification. Just to keep the site in tact. If I had to lose the videos I can't really comply without losing all the threads! Far too many videos to go back and remove them all. Maybe there's an addon could do that, but it would spoil the site then. Might as well just start from scratch in that case.
I don't know what Discord are doing exactly, but I do know they have scanning and auto moderator bots and say they will report people to the police/shut a server down if they see any illegal harms. They can probably afford fines
All the Ofcom blurb - say you need to read and understand the long lasting effect of harms etc, when making your risk assessment. It's heavy stuff. Just wouldn't want to get fined for having "risks for children" on my site - ie links to a site with adult content. Except my site is for adults as well. Despite being safe. Hence wanting to keep kids off and have age verification! Why should the adults have a dumbed down site?!!
I think everyone is " a little foggy" about much of it! I don't see why youtube shouldn't be responsible for any kids accessing it via other sites.......but you are responsible for your site, if kids can access it. It's a bit of a grey area. It would be nice if Ofcom could clarify that. Can't see a way to contact them - I guess you have to just write to your MP to get a response.
The only "kids" aspects youtube seem to have - for parents/parental controls, is where kids access youtube directly from devices, as opposed to following links.
Apparently you can embed youtube videos without the link by copying an embed thing on the video - but I couldn't retrospectively do that for all videos. And it would take a lot of monitoring if users forget or don't do it that way.
Last edited:
I asked Chat GPT and it says what I was thinking. That I'd be "enabling" children to access potentially harmful content elsewhere with links from the site.
"So in short: No, you’re not directly liable for everything on YouTube, but if your site gives children easy, unmoderated access to the broader platform, then you may need to show that you've done what’s reasonably possible to prevent that."
The only way I can see of preventing that is removing all videos! Although I think upthread it was discussed whether it would be possible to remove the youtube access via Xenforo somehow........... Anyone know if that's possible?
If not, it's going to be expensive age verification. Or nothing.
"So in short: No, you’re not directly liable for everything on YouTube, but if your site gives children easy, unmoderated access to the broader platform, then you may need to show that you've done what’s reasonably possible to prevent that."
The only way I can see of preventing that is removing all videos! Although I think upthread it was discussed whether it would be possible to remove the youtube access via Xenforo somehow........... Anyone know if that's possible?
If not, it's going to be expensive age verification. Or nothing.
Mr Lucky
Well-known member
But surely, Google gives children easy unmoderated access to the broader platform?