Ask HN: How will the OSA affect small Mastodon instances?
27 Digit-Al 15 7/29/2025, 12:40:13 PM
I am not currently a user of Mastodon, but I have some interest in the project. I was looking at some stuff that seemed to indicate to me that the OSA could make it difficult to self host Mastodon without providing age verification. I was then reading the provisions and realsised that it didn't really affect you unless you have at least 3 million monthly users, so in theory would not affect self hosters with only a few users. But then I thought that if you are federated with a very large instance then your users could potentially be able to interact with enough users to fall under the provisions.
This could potentially be a grey area that could expose self hosters to considerable risk if they are not careful.
I wonder if there any UK based Mastodon hosters out there who are considering this. Are you considering shutting down to prevent any liability? Could this be the "death" of Mastodon hosting in the UK?
If it allows unmoderated communications, it might be higher risk. See https://www.ofcom.org.uk/siteassets/resources/documents/onli...
But most of the requirements are stuff that Mastodon services should be doing anyway - responding to complaints, have a code of conduct, have moderators, perhaps use a CDN to filter out CSAM etc. See https://www.ofcom.org.uk/siteassets/resources/documents/onli...
If you're self-hosting purely for yourself, there are no users other than yourself - so no need to worry.
Until you're not.
The moment a Mastodon instance is found to be hosting content the OSA is meant to protect minors from, that instance will be investigated and explored to the most liberal interpretation of the law, and that individual is going to find themselves either implementing age verification, shutting down that instance, or fighting their stance in court.
Risk, as ever, is about likelihood, not just impact. How likely are you to find yourself hosting such content? Could you self host just for you and people known to you? Your question implies you want to set up a centralised instance with lots of people you don't know, but that's the exact scenario Mastodon is meant to counter, it's meant to be federated. And if it's just you and your mates, what's the issue? If you want to give children access, you're into another World of problems, so maybe for your own sanity - and arguably, theirs - just don't do that.
The fediverse is full of material which is illegal in many countries. Especially drawn CP and hosting a node means that you may start to host that material itself, that is part of the fediverse.
IMO the risk of a life ruining lawsuit is very substantial. Law is complex and you are not able to figure out yourself whether you are actually liable, especially when there is so little precedent.
You choosing to host that material is illegal. You finding yourself hosting that and taking action to remove it and aid the authorities, is not.
If I slip illegal content into your bag, the law may challenge your possession of that content, but if you can show you had no knowledge of possessing it and no intent to distribute and that in fact you've been setup, the law is going to treat you very differently to you obtaining that material and putting it in your bag yourself.
Servers aren't much different. It's what you do when you notice the problem that counts.
These are serious offences and you should take them seriously.
2. I don’t think Mastodon will be tangibly affected because it’s too niche and not corporate.
But since the penalty is a fine proportional to revenue, I suspect there is not much Ofcom can do about non-commercial hosting anyway.
https://news.ycombinator.com/item?id=44710221