Mr Lucky
Well-known member
What makes it essential?
UK Online Safety Regulations and impact on Forums
- Thread starter lazy llama
- Start date
-
- Tags
- regulation
zappaDPJ
Well-known member
It's essential if you want to view the ever growing number of sites that block UK access. It appears site owners are geo-blocking the UK not because of the nature of their content but because it means less worry about falling foul of our draconian online laws.
zappaDPJ
Well-known member
And to add to the above, I've just been viewing a UK based site where the majority of the front page is plastered with huge notices proclaiming 'Content not viewable in your region'. You really need to think twice before allowing embedded content on your site.
[EDIT] I'm now seeing multiple sites, many hosted in the UK, displaying whole pages of the image below. I've also had admins and moderators based outside of the UK wondering why they are getting multiple reports from their members asking why they are being content blocked.
So yes in short if you live in the UK, a VPN is now essential because it's only going to get worse.
[EDIT] I'm now seeing multiple sites, many hosted in the UK, displaying whole pages of the image below. I've also had admins and moderators based outside of the UK wondering why they are getting multiple reports from their members asking why they are being content blocked.
So yes in short if you live in the UK, a VPN is now essential because it's only going to get worse.
Last edited:
webbouk
Well-known member
Another byproduct of the draconian laws, we're based in the UK with a UK hosted site, is more and more users within the UK are turning to VPNs.
The reason - so they don't have to prove their ages when viewing other site content.
This can and does cause issues with anti-spam registration filters as IP addresses don't equal the country the registrant is from. ie registering within the UK but IP says 'Norway' (as an example).
Another issue is that most VPN's have built-in adblockers. I've had to remove a splash screen requesting people remove the site from their adblocker because of too many people seeing it yet not knowing they had an adblock in the first place as it was part of the VPN.
The issue with the UK is that past and present governments set rules and laws based on the lowest common denominator. Someone must sit in an office somewhere trying to think up new ways of protecting a minority of people who can't protect themselves and in doing so come up with a carpet solution that's then implemented with little forward thought.
The reason - so they don't have to prove their ages when viewing other site content.
This can and does cause issues with anti-spam registration filters as IP addresses don't equal the country the registrant is from. ie registering within the UK but IP says 'Norway' (as an example).
Another issue is that most VPN's have built-in adblockers. I've had to remove a splash screen requesting people remove the site from their adblocker because of too many people seeing it yet not knowing they had an adblock in the first place as it was part of the VPN.
The issue with the UK is that past and present governments set rules and laws based on the lowest common denominator. Someone must sit in an office somewhere trying to think up new ways of protecting a minority of people who can't protect themselves and in doing so come up with a carpet solution that's then implemented with little forward thought.
Last edited:
chillibear
Well-known member
Surely if they have geoblocked the UK then they can't then have a significant UK user base and therefore would fall outside the act? I guess Ofcom could make some arguments depending on the exact timeline geoblocking happened, but that seems a bit unlikely.
I'd been recently thinking along similar lines given the act applies to those in the UK even if they are using a VPN to bypass geoblocking they are still in the UK (hard to tell that however) and so the act applies and how you'd deal with that (realistically you can't), however I then realised that presumably if your only UK traffic is via VPN then it is unlikely to be significant and therefore you'd be exempt under that clause.
I'd been recently thinking along similar lines given the act applies to those in the UK even if they are using a VPN to bypass geoblocking they are still in the UK (hard to tell that however) and so the act applies and how you'd deal with that (realistically you can't), however I then realised that presumably if your only UK traffic is via VPN then it is unlikely to be significant and therefore you'd be exempt under that clause.
zappaDPJ
Well-known member
I can only judge by the amount of blocked content in the UK which does appear to be quite significant. Here's the ICO's take on it:
Statement: Update on Imgur investigation
The thing is whether they host or not if they allow UK access they still have to jump through the same hoops as the rest of us - so online safety assessment/child assessment documentation that is regularly updated, potential age checks, formal and documented complaints processes, nominated points of contact etc - if UK traffic isn't a significant portion of your traffic it simply isn't worth the effort.
chillibear
Well-known member
The Imgur stuff was as I understand it in the context of GDPR laws rather than the OSA over children's data or something (I did skim the original press release, but...), or rather it appears the trigger was the ICO's investigation, of course it could just be Imgur happened to decide they were "done with the UK" anyhow!
Either way it is a timely reminder that if you make things too much faff people will just not bother or bypass, which defeats the purported objective of the law(s) in the first place. I mean I'm guessing knowledge of VPNs and use of them have probably increased greatly since the introduction of the OSA. I've not actually been looking for any stats data, but it'd be interesting to see if anyone has published anything - has VPN usage gone up for instance, has traffic to adult sites dropped off, etc...
Either way it is a timely reminder that if you make things too much faff people will just not bother or bypass, which defeats the purported objective of the law(s) in the first place. I mean I'm guessing knowledge of VPNs and use of them have probably increased greatly since the introduction of the OSA. I've not actually been looking for any stats data, but it'd be interesting to see if anyone has published anything - has VPN usage gone up for instance, has traffic to adult sites dropped off, etc...
zappaDPJ
Well-known member
Widely reported figures at the time the Act came into force suggest VPN usage increased by 1,400% while porn sites reported a 47% decrease in traffic.
Porn site traffic plummets as UK age verification rules enforced
Data suggests leading adult site ******* lost more than one million visitors in two weeks.
www.bbc.co.uk
Forsaken
Well-known member
They did use to allow adult content, and only changed it several years ago.
They do still allow content that falls within the Ofcom guidelines.
That said, Imgur has been trash for a while now, and will likely go the same route as PhotoBucket in the future.
zappaDPJ
Well-known member
UK internet users thinking of entering their PII in order to access age-gated content and services might want to think again.
www.bbc.co.uk
While there's nothing to suggest this example of age-gating is linked to the OSA, it is a good example of why you should think twice before uploading PII rather than employing a VPN.
ID photos of 70,000 users may have been leaked, Discord says
The platform says hackers targeted a firm that helped to verify the ages of its users.
www.bbc.co.uk
While there's nothing to suggest this example of age-gating is linked to the OSA, it is a good example of why you should think twice before uploading PII rather than employing a VPN.
chillibear
Well-known member
This was one of the reasons some of the "verification" companies I looked at I totally discounted, their retention of the data was too long or gave me too much access to the uploaded data and quite frankly I really don't want that data, which surely was one of the core tenants of GDPR - gather and retain only the absolute minimum needed.
Anyhow there is a little more on the Register about the breach and it looks like it might be more the home-brew ID verification that was breached. Extrapolating from the little out there, but it seems like it may be users essentially had photos of themselves and their ID in a customer support ticket system, presumably with the support staff manually checking the IDs in each ticket and it was this system that was breached. I guess because it wasn't designed primarily for the purpose it wouldn't have had any concept of "cleaning up" or removing data in a timely fashion.
Anyhow there is a little more on the Register about the breach and it looks like it might be more the home-brew ID verification that was breached. Extrapolating from the little out there, but it seems like it may be users essentially had photos of themselves and their ID in a customer support ticket system, presumably with the support staff manually checking the IDs in each ticket and it was this system that was breached. I guess because it wasn't designed primarily for the purpose it wouldn't have had any concept of "cleaning up" or removing data in a timely fashion.
Yep I found that today on a site as well! What was odd though, it was only all the images blocked - the text was still readable (it was a US pet forum).
zappaDPJ
Well-known member
Imgur is geo-blocking its service to the UK . If I upload an image to Imgur and place a link to it on this site, everyone can view the image except those of us on a UK IP. As far as I know there is no relationship between Imgur and phpBB.
chillibear
Well-known member
If you're interested in some OSA reading a lot of the Ofcom vs 4Chan case has now been published at https://prestonbyrne.com/2025/10/16/the-ofcom-files/
chillibear
Well-known member
Apologies for the double post, but ploughing through the documents a couple of bits stood out that I thought I'd pull out.
So the first is that I can't see this ever getting resolved where a US company pays a UK regulator a fine, not going to happen, so that suggests the only outcome of this can be (unless Ofcom issue a fine knowing it will go unpaid and leaves it at that) is an enforcement to UK ISPs to block access to the site(s) in question which Ofcom explicitly state they will do. That presumably will set some kind of precedent for that being the default outcome. Anyone bidding for that great firewall contract for the UK?
Second I know upthread (way upthread) we mused over what "significant" meant. There are a few bits that Ofcom have written that:
Ofcom state that they consider 4Chan to be a small to medium sized service, I seem to recall some numbers are given in the OSA guidance about numbers and service size. I assume this lines up with those?
Then finally again reading through the paperwork the judgement is on the basis of 4Chan not complying with the Act and investigation paperwork, rather than for some piece of content or similar that has actually caused someone in the UK harm. That seems similar to some of the other investigations. So it still feels a little like the cops arresting a burglar for not doing a risk assessments and method statements rather than for all the stuff they were going to nick!
Since it's way way down in the docs the actual fine is £20,000 and they are imposing a £100 per day until they comply (to a max of £6000).
So the first is that I can't see this ever getting resolved where a US company pays a UK regulator a fine, not going to happen, so that suggests the only outcome of this can be (unless Ofcom issue a fine knowing it will go unpaid and leaves it at that) is an enforcement to UK ISPs to block access to the site(s) in question which Ofcom explicitly state they will do. That presumably will set some kind of precedent for that being the default outcome. Anyone bidding for that great firewall contract for the UK?
Second I know upthread (way upthread) we mused over what "significant" meant. There are a few bits that Ofcom have written that:
It's a shame we still don't have clarity over if 4Chan had (say) 100 users and 7 of them were from the UK if that would be significant. That I feel is still the ambiguity in the Act. Still they clarify that hundreds of thousands is significant and I might take the "is material" to mean if you say cut off your UK traffic would that result in any material loss to your service in (presumably say) advertising revenue for instance.
Ofcom state that they consider 4Chan to be a small to medium sized service, I seem to recall some numbers are given in the OSA guidance about numbers and service size. I assume this lines up with those?
Then finally again reading through the paperwork the judgement is on the basis of 4Chan not complying with the Act and investigation paperwork, rather than for some piece of content or similar that has actually caused someone in the UK harm. That seems similar to some of the other investigations. So it still feels a little like the cops arresting a burglar for not doing a risk assessments and method statements rather than for all the stuff they were going to nick!
Since it's way way down in the docs the actual fine is £20,000 and they are imposing a £100 per day until they comply (to a max of £6000).