UK Online Safety Regulations and impact on Forums

Mr Lucky said:
Now edited to include that moderators have DBS checked. Not a huge thing but I imagine all the little things add up. In fact I know that having just had a chat with a neighbour who is a safety officer on a wind farm.

Our saxophone forum isn't a wind farm, but not far off.:)
Click to expand...

LOL. DBS check for moderation. Be easier just to block off any UK mod and/or restrict the region.
 
Mr Lucky said:
I don't understand, what would that gain?
Click to expand...
If the user base is low, why should you be required a DBS check for a Moderator? This is for employment but moderation is generally volunteer related. I just find it stupid. Having ran a forum for 23 years now, I shake my head at this
 
Suzanne O said:
Trump needs to be told to stick his nose out of the UK's laws on this.
Click to expand...
You're saying countries should stay out of other countries' business?


I agree with you.


If the UK wants a safer Internet environment, I'm all for that too. However, by current appearances, the intent is enforcement outside UK borders. Obviously that goes against nations minding their own business.

What's the answer? I have no idea. But I know what it isn't.
 
badmonkey said:
However, by current appearances, the intent is enforcement outside UK borders. Obviously that goes against nations minding their own business.
Click to expand...
But it's inline with what is actually happening whether it's some tax dodging mega rich American electric car manufacturer, the IRS rules imposed on ex-pats and influence over global financial institutions, or North Korea poking its nose into the war against Ukraine. Not meaning to open a political fracass just saying it's too late to complain about globalism.

EDIT oops sorry is it OK to say outside off topic forum?
 
badmonkey said:
You're saying countries should stay out of other countries' business?


I agree with you.


If the UK wants a safer Internet environment, I'm all for that too. However, by current appearances, the intent is enforcement outside UK borders. Obviously that goes against nations minding their own business.

What's the answer? I have no idea. But I know what it isn't.
Click to expand...
Uk should follow Australia's lead and introduce a working with children card.
Use that as a way of signing up to your forum.
It's a card letting others know you aren't a pedophile.
 
Mr Lucky said:
it's too late to complain about globalism.
Click to expand...
There's always time to complain. It's unlikely fruitful in a meaningful manner. Isn't that the crux of the Internet anyway - projecting our menial issues on distant strangers? 🤣🤣

But I digress. We'd certainly agree this shouldn't be a political issue either.
 
Is there any way to a) search for all users where the entered DOB suggests they are children, and then delete these members, and b) put a block on registrations for anyone below a certain age, according to the DOB field?

And what is the situation a child signs up but lies about their age on the DOB field? Are we liable?
 
If you announce that you don't accept underage registrations then most will just lie and you will end up with a bunch of minor members . If you don't announce this, then most will enter their true age. You can use @Xon 's moderator essentials addon to ban the account until adulthood has been reached.
 
Jon12345 said:
but lies about their age on the DOB field? Are we liable?
Click to expand...
Not quite sure liable is totally the right word, but essentially yes. The OSA documentation is very clear that unless you use a suitable method to determine age then you must generally assume you have users who are children. Things like self declaration (which is all DoB is) are not considered good enough.

Jon12345 said:
put a block on registrations for anyone below a certain age
Click to expand...
I think the shipped XF T&C says you have to be over 13, but again Ofcom wouldn't consider that good enough. So as far as I can see you either accept you may have children and complete that risk assessment or you put in some suitable solution for age checking and deicide if you're allowing both (with different permissions) or just 18+. You still have to do the adult risk assessment in either case.

I'd sit down and rough out the risk assessments first - then you'll have an idea what you consider might realistically be the problems of having <18 users. There might not be an issue in your view and as long as you can back that up in the risk assessment that's fair enough. However the general consensus so far is that certainly DMs/PMs probably represent the biggest risk (related suggestion), but there are various ways you might mitigate that other than age checks. At various points in this thread there are some links to templates for the risk assessments, or you can just plough through the ofcom docs.

For my own sites I think I'll be doing an age check to unlock some features. So basically if you want to use DMs/PMs you need to do the "highly invasive"™ age check, which we'll be charging for at cost. Since I've not done much PHP now for nearly 20 years that'll all be coded "outside" of XF in Ruby.
 
Jon12345 said:
And what is the situation a child signs up but lies about their age on the DOB field? Are we liable?
Click to expand...
I don't see it as a case of you being liable or not. All I can see at the moment is to do a risk assessment. The ability to lie about their age may be more of a risk than having an effective age verification. But the other side of that coin is that if a paedophile lies about their age to appear younger, then you could disallow or moderate DMs for those age groups. Hence my suggestion:

Mr Lucky

Thread 'Direct Message log, re: Online Safety Act'

Someone correct me if I’m wrong please but my understanding is that if direct messages could be moderated this goes a long way towards a low risk assessment for the online safety act.

My current risk assessment shows direct messages to have the highest risk level.

Currently seeing direct messages of others as a moderator (with no access to the database) is possible only via a login as user add-on. However having to check individually for every member would be impractical in most cases.

So this suggestion is for a log of all direct messages with mod viewing permissions so that they can...
 
Mr Lucky makes a very good point here. Unless there is a an easy way to identify younger members on your board then our hypothetical groomer may well have a hard time choosing the target. Such a choice would have to be made on the basis of implied age gauged on public posts. Certainly something worth considering in the risk assessment.
 
H00lio said:
If there was a plugin or API service that offered to block

1. CSAM
2. Any nudity

That would be good. I'm for a scatter gun effect - block it all.

If some dudes bare arms in a photo gets false flagged to moderators from time to time - who cares?
Click to expand...
Check out https://openrouter.ai/ they have LLM models that support image inputs and usual text.

I just recently found out about OpenRouter so for the last few days, I have been developing my script or-cli.py https://github.com/centminmod/or-cli for processing text and images for my usage, including using Cloudflare AI Gateway and proxy prompt request caching and Microsoft LLMLingua for prompt token compression to reduce prompt token size by up to 60% :cool: It also supports using local self-hosted LLM models via Ollama :D

For image inspection https://github.com/centminmod/or-cli#working-with-images

Bash: 
wget -O amazon.png https://assets.aboutamazon.com/2e/d7/ac71f1f344c39f8949f48fc89e71/amazon-logo-squid-ink-smile-orange.png

python or-cli.py -p "Describe what you see in detail:" -m "logo" -i amazon.png --model google/gemini-2.0-flash-001

python or-cli.py -p "Describe what you see in detail:" -m "logo" -i amazon.png --model google/gemini-2.0-flash-001

----- Assistant Response -----
The image shows the Amazon logo. The word "amazon" is written in a dark gray sans-serif font. Below the word is a curved orange arrow that starts under the "a" and ends at the "z", resembling a smile. The background is black.
Click to expand...

Cost of processing via Google Gemini 2.0 Flash for that image = US$0.000499 :)

1740170502779.webp

Cloudflare AI Gateway only has guestimate costs

1740170661913.webp

repeated calls to same prompt and image will be cached by Cloudflare AI Gateway reducing my OpenRouter AI API costs :D

1740171359124.webp
 
Last edited:
Jon12345 said:
Is there any way to a) search for all users where the entered DOB suggests they are children, and then delete these members, and b) put a block on registrations for anyone below a certain age, according to the DOB field?

And what is the situation a child signs up but lies about their age on the DOB field? Are we liable?
Click to expand...

The Ofcom guidance says unless you put robust age assessment in place you cannot conclude that children are not accessing your forum.
They specifically say that self declaration of age without further evidence is not regarded as age assurance.


It would be nice to see Xenforo step up here and give us some mechanisms for verifying user ages with some integrations with third-party services as many of us are going to need this if we are going to avoid the "measures to protect children" part of the act.
 
Jon12345 said:
I have a forum with over 100,000 members. Most of these are from many years ago because the forum has been run for about 25 years now. They are dormant accounts. And then there are all the spam accounts. To age verify all these accounts from all over the world would cost a fortune and bankrupt me. And also impossible.
Click to expand...

I reckon if someone has been on your forum for 25 years it is probably safe to say they are over 18. In fact unless 5 year olds sign up for forums it is probably safe to say that anyone who joined more than 13 years ago is going to be over 18, so you can rule all of those out straight away. I have already applied a rule like that on our forums in case we have to restrict the use of conversation messages which we obviously don't monitor, and I am sure I can argue that this is actually a stronger verification method than some of the ones Ofcom say are acceptable.
 
rogerl said:
The Ofcom guidance says unless you put robust age assessment in place you cannot conclude that children are not accessing your forum
Click to expand...
Isn’t this about children accessing the site, but not necessarily as signed up members? So age measures purely based on registered users isn’t relevant ? Maybe I’m misunderstanding.

And that part of the act being mainly about porn sites.
 
Last edited:
Mr Lucky said:
Isn’t this about children accessing the site, but necessarily as signed up members? So age measures purely based on registered users isn’t relevant ? Maybe I’m misunderstanding.

And that part of the act being mainly about porn sites.
Click to expand...

How I understand it is that simply accessing the site read only shouldn't be an issue if your site doesn't contain porn, its only U2U services that are covered by the act (ie. interaction with other users)

Part 5 of the act relates to porn sites, so won't affect most forums. Part 3 which is the document I linked to above relates to forums (U2U sites)
 
rogerl said:
its only U2U services that are covered by the act (ie. interaction with other users)
Click to expand...
But wouldn’t that also cover guest posting? I think it’s probably important to make clear in your risk assessment whether you allow guest posting.
 
You must log in or register to reply here.
Back
Top Bottom