I personally know how this works in Europe & UK. Not only government, this applies to big companies such as large banks as well. They recruit two kinds of staff. One that works to progress some work and one who puts an many hurdles as possible and call it risk management, compliance, security, regulatory etc (RCSR). They hire approximately 3 times more people into these RCSR positions compared to the technical and real work related positions. These RCSR guys dump thousands of pages of guidelines, making it impossible for any meaningful work to progress. My technical team has been running around for 4 months for approvals for testing an upgrade of a database.
Top management can never go against the RCSR guys, who are like priests of the church in medieval ages. And the RCSR guys have no goals linked to the progress of the real work. The don't like any thing that moves. It's a risk.
Management thinks that RCSR helps with controls around the work. But what happens is, you put more people in building controls, they deliver fort walls around your garbage bins.
xyzzy123 · 29m ago
It's also interesting how much worse security gets with all this RCSR oversight.
Because the policy teams don't understand the technical details, they get hung up on things that don't matter so all your "security budget" (in terms of dev effort available for improvement) gets spent on useless things.
Because there is a CIS guideline recommending "do not put secrets in environment variables" in k8s, a team I work with recently spent two weeks modifying deployments of all their third party charts to mount all secrets as volumes, this included modifying / patching upstream helm charts. This will be a maintenance burden forever lol. Actual security benefit in context is approximately zero.
Meanwhile they COULD have spent that time implementing broadly effective things like NetworkPolicy or CSP for the front-end but now there is no dev time for that.
At the top levels of their process there are plenty of risk x impact matrices but there aren't corresponding effort / payoff assessments, so the thing beings being done end up not being engineering.
baby_souffle · 7m ago
> This will be a maintenance burden forever lol.
Not if they never ever ship an update.
(i - briefly - worked for place that did things this way. They didn't update the chart, but they _did_ use `sed` to update the image tag from time to time.)
landl0rd · 2h ago
America has a similar (if less severe) version of this problem where nobody can contradict any compliance-adjacent function. Because if you get sued, someone will ask you "why did you ignore the guidance of your compliance team??" and might even try to use that to justify piercing the corporate veil. Of course compliance types have no incentive to let business happen just like business types have a limited incentive to operate in a compliant fashion, but lawsuits favor compliance always taking precedent with a hyper-cautious approach.
flappyeagle · 56m ago
And yet uber and Airbnb and polymarket and…
landl0rd · 29m ago
These are at some level businesses that do well because they avoid regulatory regimes. That risk is built-in from day one and basically their raison d'etre. I happen to think that's fine and good, but it's still the case.
In other words, the guys who actually believe in a normal level of compliance are hamstrung, defection is rewarded, classic failure mode of this kind of thing.
quotemstr · 2m ago
IOW, America also has a stagnant, risk-averse business culture, except that superimposed on this culture there's a thin, fragile, layer of risk taking, one geography- and sector-constrained, but in which ~all US value creation and economic differentiation happens.
MarkSweep · 45m ago
> My technical team has been running around for 4 months for approvals for testing an upgrade of a database.
Jeez, and I was just grumbling how it takes up to 24 hours for a change I make to appear in prod,
compared to about 4 hours at my previous job.
It should be possible to develop automated systems and processes to keep most changes on the “happy path” where approvals are quick. These sorts of organization responses were a new layer of people who can say “no” grow whenever a problem happens or a regulation changes are suffocating.
runlevel1 · 1h ago
In theory, when there's viable competition, a competitor will take advantage of their competitor's overly-cautious interpretation.*
But if the regulation is indeed oppressive or byzantine, everybody hurts and only the biggest survive.
*Social contagion effects on risk perception can be a confounding factor here, though.
Havoc · 2h ago
The act does seem poorly thought out practically & I really dislike the UK's overall mindset to online safety. The laws consistently feel like they were written by someone that prints out emails to read...
That said the thinking that smaller platform should equal exemptions seems a touch flawed too given topic. If you're setting out to protect a child from content that say is promoting suicide the size of the platform isn't a relevant metric. If anything the smaller less visible corners (like the various chan sites) of the internet may even be higher risk
crote · 2h ago
Smaller entities are rarely looking for a full exception, they just want the regulations to be implementable without being a megacorp.
Take something like a plastic packaging tax, for example. A company like Amazon won't have too much trouble setting up a team to take care of this, and they can be taxed by the gram and by the material. But expecting the same from a mom-and-pop store is unreasonable - the fee isn't the problem, but the administrative overhead can be enough to kill them. Offering an alternative fixed-fee structure for companies below certain revenue thresholds would solve that problem, while still remaining true to the original intention.
Havoc · 1h ago
I get the impossible bind this puts small companies in & having people resort to IP blocking the entire country is clearly a sign of a broken setup
But playing devils advocate a bit here if the risk profile to the kid is the same on big and small platforms then there isn't any ethical room a lighter regime. Never mind full exemption, any exemption. The whole line of reasoning that you can't afford it therefore more kids potentially getting hurt on your platform is more acceptable just doesn't play. And similarly if you do provide a lighter touch regime, then the big players will rightly say well if that is adequate to ensure safety then why exactly can't we do that too?
Platform size just isn't a relevant metric on some topics - child safety being one of them. Ethically whether a child is exposed to harm on a small or big website is the same thing.
Not that I think this act will do much of anything for child safety. Which is why I think this needs to go back to drawing board entirely. Cause if we're not effectively protecting children yet killing businesses (and freedoms) then wtf are we doing
No comments yet
nine_k · 1h ago
The question is whether the laws are efficient. Imagine that as a protection from the occasional meteorite, all buildings are mandated to upgrade their roofs to be 1 meter of solid concrete. We cannot allow another random space rock kill another innocent inhabitant.
This, or course, would disproportionately burden smaller buildings, while some larger buildings would have little trouble to comply. Guess who would complain more often. But it, while outwardly insane, would clear small huts off the market, while the owners of large reinforced buildings would be able to reclaim the land, as if by an unintended consequence.
Driving the risk tolerance of a society lower and lower interestingly dovetails with the ease of regulatory capture by large incumbent players, as if by coincidence.
beejiu · 1h ago
I have no idea what this service is, but clicking around on their site they mention it's 18+, that they don't allow "Child pornography, Sexualized depictions of minors, Heavy gore, Bestiality, Sexual violence".
I don't agree with everything in the Online Safety Act, but if anything needed a risk assessment, it's surely this?
skissane · 1h ago
From what I understand, it is just giving people access to AI models with minimal censorship - so illegal content [0] is still disallowed, but otherwise you can do what you want. And I’m sure a lot of that will be sexual material, but that’s more about the nature of the market demand for uncensored AI than anything inherent to the offering in itself
[0] “law” here isn’t just laws made by governments, but also regulations made by e.g. Visa and Mastercard
gh2k · 1h ago
Agreed. I read the article and I was thinking "this sounds pretty bad", but after clicking through to the main site my experience was "there's no explanation of what this is, but it looks like it probably falls within the need for some form of regulation".
Are there services which offer a less... risky... service that are similarly affected here?
strken · 1h ago
They appear to be objecting to the scope and extreme cost of the risk assessment rather than its existence.
beejiu · 1h ago
They're in scope because they provide a pornographic service, I don't see that is arguable. If you don't have the competence in house to follow the guidelines and need to hire expensive lawyers, then yes it's an "extreme cost", but that's not true of all businesses.
(Yes, the UK has effectively made it illegal to run a forum for people with pet hamsters.)
glaucon · 1h ago
The unfortunate, but understandable, fallback suggestion from thehamsterforum of all moving over to Instagram shows why large corps _love_ laws like this. More laws just raises the barrier to entry until only those that have entire office blocks of lawyers can afford to participate.
Vespasian · 12m ago
I'm now intrigued to know what prompted them to reopen the forum after "something" was done.
They deal with compliance in their terms and apparently did a reboot and apparently introduced new modding tools.
Did they reach the conclusion that they are not pose significant risks and that their tools are sufficient?
I'm very curious
sswaner · 1h ago
Makes Fleabag’s cafe more normal (Guinea Pigs are not Hamsters, I know).
NitpickLawyer · 2h ago
The way these laws and regs don't even consider the provider size is aggravating. Doubly so because they always use "big bad provider" and think of the kids as populist support gaining strategies, but in the end the same big providers benefit. They have the billions to spend on everything from lawyers to fiscal optimisation, and they rake in the entire market since they're the only ones left to serve that market.
That's happening with the AI act here as well. Almost no-one wants to even touch the EU shitshow and they're still going forward with it. Even Mistral was trying to petition them, but the latest news seem like it had no effect. Fuck us I guess, right? Both consumers and SMBs will lose if this passes as is.
skippyboxedhero · 2h ago
They did consider the provider size, it is probably the main element of this law: the problem is that the consideration was to assume that you are always dealing with mega-large companies with teams of lawyers...because these companies have been lobbying regulators and civil servants (not Parliament so much, they don't matter anymore) for years. This is extremely common in the UK (very low corruption by historical methods but when decisions are actually made, there is corruption almost everywhere). The provider size was an active choice.
It isn't populist either, no-one supports this. The UK has media campaigns run by newspapers, no-one reads the papers but politicians so these campaigns start to influence politicians. Always the same: spontaneous media campaign across multiple newspapers (low impact on other kinds of media), child as a figurehead, and the law always has significant implications that are nothing to do with the publicly stated aim.
Democracy has very little to do with it. Elections happen in the UK but policies don't change, it is obvious why.
No comments yet
edelsohn · 2h ago
Regulatory capture. The impact on small providers was intended.
librasteve · 2h ago
lobby fodder
arbuge · 1h ago
This kind of thing makes we wonder if the internet as a whole is heading for a Kessler Syndrome kind of situation.
Another example: here in the USA we have 50 states vying to each regulate AI; my understanding is that the plan was to have the OBBB put them off from doing this for at least 10 years, but that effort failed, leaving them free to each do their own thing.
Complying with all rules and regulations in all jurisdictions to which a website/service could be exposed (i.e. worldwide, by default) seems like it's becoming a well nigh impossible task these days.
lmz · 6m ago
Well, if we make it expensive enough to operate everywhere, then there will probably be one or two huge "global" sites and hundreds of small local, region-locked ones. Maybe that is the future.
Cyberspace is not, eventually, independent[1] if you plan to make money off it and use real world IDs.
“if people find other methods to access the site, that is entirely on them - there are no legal consequences for users.”
For a site operator who seems really concerned about potential liability under this law, I sure wouldn’t have put this in writing. Feels like it really undermines the rest of the post and the compliance measures being taken.
ffsm8 · 1h ago
Fwiw, he very explicitly states that the end goal is to go back on the UK market and thus be compliant. They just misjudged the scope of the regulation, forcing him to ban the UK - at least temporarily until a solution is found.
PhoenixReborn · 2h ago
It's basically impossible to prevent people from using VPNs without some serious governmental control over every telco - which of course may be the case in the UK, but I don't think a site operator can be held liable for that in any sane way.
bink · 2h ago
It's one thing to not try to prevent people from circumventing the law, it's quite another to encourage them to do so.
iLoveOncall · 2h ago
As the website says, it's not illegal for users in the UK to circumvent the restrictions using a VPN, so they're not recommending anything illegal.
closewith · 2h ago
This is the kind of comment you get from someone who's never interacted with a Western legal system. Any kind of winking reference is immediately seen through.
lcnPylGDnU4H9OF · 48m ago
I’d personally be interested in a risk analysis by a lawyer for that statement but it doesn’t seem particularly problematic. It does not seem to be actual encouragement to use a VPN, just acknowledgement that they exist.
Spivak · 57m ago
I think you assume the fact that it's a winking reference means they have to use a winking reference. It seems like it would be legal for them to post a full guide for UK users on how to access their site using a VPN service.
There's literally "Best VPNs For Accessing Porn in the UK" articles, they'll be fine.
harvey9 · 2h ago
China's great firewall is reported to take resources the UK just couldn't muster. The UK is still at the level of storing highly classified information in Excel and sending it by email.
koakuma-chan · 1h ago
What's wrong with email? I keep seeing "email is not secure means of communication" but doesn't email use TLS?
loloquwowndueo · 57m ago
Not all the time. You don’t control the mta to mta protocol - it could be plain smtp over port 25.
foldr · 2h ago
> which of course may be the case in the UK
People aren’t prevented from using VPNs in the UK, in case anyone is unclear on this.
phtrivier · 2h ago
My cursory understanding of the ruling is that it applies if you have several million users in the UK... [1]
Is that the case here (and it just happens that I have no clue what this particular site is about) ?
Or am I grossly misunderstanding the act (very likely I guess since IANAL) ?
Ofcom submitted their advice – and the unerpinning research that had informed it – to the Secretary of State on 29 February 2024 and published it on 25 March. In summary, its advice is as follows:
Category 1
Condition 1:
Use a content recommender system; and
Have more than 34m UK users on the U2U part of the service
Condition 2:
Allow users to forward or reshare UGC; and
Use a content recommender system; and
Have more than 7m UK users on the U2U part of the service
Ofcom estimates that there are 9 services captured by condition 1 and 12-16 likely to be captured by condition 2. There is one small reference in the annex that the 7m+ monthly users threshold corresponds to the DSA (A6.15)
Category 2a (search)
Not a vertical search service; and
Have more then 7m UK users
Ofcom estimates that there are just 2 search services that currently sit (a long way) above this threshold but that it is justified to put it at this level to catch emerging services.
Category 2b (children)
Allow users to send direct messages; and
Have more than 3m UK users on the U2U part of the service
Ofcom estimates that there are “approximately 25-40 services” that may meet this threshold.
Everybody (who's not specifically exempted by Schedule 1, which has nothing to do with what you linked to) gets a "duty of care".Everybody has to do a crapton of specific stupid (and expensive) administrative stuff. Oh, and by the way you'd better pay a lawyer to make sure that any Schedule 1 (or other) exemption you're relying on actually applies to you. Which they may not even be able to say because of general vagueness and corner cases that the drafters didn't think of.
Also, it's not a "ruling". It's a law with some implementing regulations.
rafram · 2h ago
Ofcom’s “Does the Online Safety Act apply to your service?” questionnaire [1] doesn’t use those thresholds, and it makes it sound like the law would apply to any site with paying customers in the UK.
Just ran through the questionnaire, and it's crystal clear that anything that resembles a typical web forum will need to follow this law. No thresholds as you mention. Doesn't need paying customers as far as I could see, it's enough you have UK visitors.
landl0rd · 2h ago
I just basically struggle with the concept of "x people form our country chose to talk to your web server (hosted elsewhere, responds to anybody) so we now claim jurisdiction (with possible criminal penalties) over that server (hosted elsewhere) and you (who lives elsewhere)."
pseudo0 · 1h ago
Realistically they can't, unless the service owner lives in a country with an extradition treaty with the UK, and that country has an equivalent law in place. But most service operators don't want to deal with that stress, so they will just IP block the UK and Brits who know how to use a VPN will just keep using the service.
I wouldn't be surprised if this ends up being a topic in trade negotiations with the US in the future though, since this is a trade barrier that imposes significant regulatory cost on US companies for content that is legal in the US. Eg. the proscribed categories of illegal content include knives and firearms, hate, etc.
Vespasian · 1h ago
That particular approach is actually pretty sensible if you (as a law maker) want to get any results.
Otherwise everyone from small sites to Facebook would just shop around jurisdictions and formally operate their websites from wherever fits them best.
And if a service is used by citizens of your country it makes sense to scale requirements by the impact it is having on them.
This particular law may not be great overall but I've got no issues with this method. As a site provider outside the UK it's trivially easy to avoid liability (by blocking people)
landl0rd · 33m ago
Except we're not dealing with one of the web servers running out of reg-shopped countries where you can host just about anything. We're dealing with stuff that's legal as-is in most developed countries, including America. Aside from the basic question of whether it's ethical to regulate in that way (you're correct it's practical, but there are plenty of things that get results but are morally wrong) it doesn't bear on this case.
speerer · 2h ago
Your source is a 2024 piece about recommendations that had been made, not about how the law turned out.
boznz · 2h ago
A 250+ page law will have so many edge cases I doubt you would want to test it especially in a country with a government that has recently cracked down and arrested people for online "crimes". Sad the UK government has descended to this level of stupidity.
semiquaver · 2h ago
> the ruling
what ruling are you referring to? This is about the Online Safety Act, an act of parliament.
x0x0 · 1h ago
That's an incorrect understanding. It creates a range of requirements for essentially any service with users in the UK if there is UGC or messaging.
Then there are additional requirements applied to 3 classes of services: Category 1, 2A, 2B. The latter have the thresholds as discussed above.
But, as usual, poorly written. eg a "Content Recommendation System" -- if you choose, via any method, to show content to users, you have built a recommendation system. See eg wikimedia's concern that showing a picture of the day on a homepage is a bonafide content recommendation system.
The definition
> (2)In paragraph (1), a “content recommender system” means a system, used by the provider of a regulated user-to-user service in respect of the user-to-user part of that service, that uses algorithms which by means of machine learning or other techniques determines, or otherwise affects, the way in which regulated user-generated content of a user, whether alone or with other content, may be encountered by other users of the service.
From what I'm reading, Amazon will have to implement age-checks over 8/10 of its book inventory, with the other 2/10 opening the company for liability about the very broad definition of "Age-appropriate experiences for children online." And yes, janitorai is correct that the act applies to them and the content they create, and a blanket ban to UK users seems the most appropriate course of action.
For what is worth, the act does not seem to apply to first-party websites, as long as visitors of that website are not allowed to interact with each other. So, say, a blog without a comment feed should be okay.
The statement from Ofcom is at the very end, and they're very clearly saying you need to only allow moderator-approved on-topic comments on such a blog site in order to fall under the exemption. Any off-topic comment will be subject to the act.
How can they even enforce this? What happens if you run a plattform in let's say Germany and just tell them to fuck off, UK Law is of no interest to me.
crazygringo · 2h ago
Generally, if they identify you and you decide to visit London as a tourist for a week you could be arrested at the airport. If they wanted to enforce this. So obviously, it's of interest if you ever want to take a trip to the UK.
amelius · 3h ago
Then you might get blocked, I suppose.
For an extreme case, ask Julian Assange what might happen if a country doesn't like what you put on the internet.
aosaigh · 3h ago
I don’t agree with the legislation, but I assume the same way they can go after you for any crime they perceive as being committed in the UK: extradition. It’s obviously incredibly unlikely.
landl0rd · 2h ago
Something generally has to be a criminal offense in both nations for one to extradite to the other.
bpodgursky · 3h ago
Most sane countries will only extradite if users have broken a law which reciprocally exists in the country they actually live.
louthy · 2h ago
Or you travel to a 3rd country that has the same law and an extradition treaty with the UK.
Or, you travel to the UK! It’s a pretty popular destination and Heathrow is a major European hub. It would be easy to get caught out.
The law may well be onerous and misguided. But looking at that site, it seems they reeeeally should do their due diligence. Not just to avoid the long arm of UK justice, but other territories too. It looks extremely dubious.
Their mitigation doesn’t make sense either. If they don’t shutdown UK accounts and those accounts use UK credit cards which continue to use the service via a VPN. It could be reasonably argued that they know they’re providing a service to a UK resident. So, they really need to do their homework.
What they’re actually complaining about is the cost of doing business. It sounds pretty amateurish.
alexpc201 · 1h ago
It’s a damn liability. You take a plane to New York, but for some reason, it gets emergency diverted to Heathrow, and you end up arrested.
daveoc64 · 3h ago
Payments to your service from users in the UK could be blocked.
It's also possible for the owners or employees of the company to be held liable if they ever visit the UK.
jgilias · 3h ago
UK law may be of no interest to you. But they can still press criminal charges, and Germany _will_ extradite you.
prmoustache · 2h ago
Only if you are not a German national. Germany notified UK after a certain period after Brexit that they will not extradite their own citizen, they will only do that to other EU countries.
Having said that, it can limit a lot ones travel possibilities.
IlikeKitties · 3h ago
I'm a German National, so no, they won't extradite me.
nocoiner · 2h ago
I’m sure they won’t, but it might be annoying to never be able to take a flight that connects in London for the rest of your life.
I have no idea if this is a likely or even possible consequence, but that’s one way lots of people have gotten ensnared by the long arm of the law, even when jurisdiction is otherwise normally lacking.
closewith · 2h ago
Not at all. Many people avoid Heathrow because it's a terrible airport and many more because they don't want to submit themselves to the UK justice system, which is as classist and corrupt as they come.
kypro · 35m ago
You also have no human rights in British Airports. The state can just randomly decide to question you. They'll force you to hand over passwords to all electronic devices and slap you with a terror offence if you don't comply. You won't even have the right to remain silent.
You'd be well advised to avoid a country this like.
kaashif · 2h ago
To be clear - German nationals can be extradited to other EU countries under German law, but not third countries like the UK.
If the UK had remained in the EU, then extradition might be possible (depending on whether courts approve it) but right now it's pretty unambiguously impossible.
louthy · 2h ago
IANAL but there appears to be an agreement between the UK and Germany. Not sure if it’s just criminal cooperation, or whether extradition is part of that:
Not a lawyer, but that seems to be from the 60s and a quick Google search showed some court decisions that extraditions to the UK are not possible as staying silent can harm your defense, which contradicts German basic law where it states: "No German may be extradited to a foreign country. The law may provide otherwise for extraditions to a member state of the European Union or to an international court, provided that the rule of law is observed."
> How can they even enforce this? What happens if you run a plattform in let's say Germany and just tell them to fuck off, UK Law is of no interest to me.
If you are found criminally guilty in UK, sure you can avoid visiting UK, and of course, potentials business partners in Germany will see you guilty record in UK as a liability. It might impact your capacity to travel in other countries as well, if you have any sort of criminal record anywhere else, like Canada, Australia, New Zealand or US...
There are also extradition treaties between UK and Europe...
zb3 · 3h ago
Funny how it doesn't work this way if the country is US..
corford · 1h ago
So they're whining that the UK has laws with teeth which makes it hard for them to offer AI sex bots without investing in adequate protections for minors?
Ralfp · 54m ago
It may be so, but as somebody else mentioned every site that lets people register an account and share stuff is affected because having legal age verification on site requires you to pay a third party provider and writing paperwork for the gov is too much for your site about pet hamsters.
stevage · 43m ago
They don't seem to be objecting to the existence of such laws, but the specific ones which are extremely onerous.
maest · 25m ago
No, it's more nuanced tham it, as described in TFA.
Strawmanning their position isn't helpful to anyone.
nickdothutton · 1h ago
Way too much regulatory risk in the UK now. This particular law is full of vague terms. Easier to just count UK users out (and I am one of them).
marginalia_nu · 2h ago
Yeah I'm probably gonna have to block UK visitors from Marginalia Search as well. Just no way a single developer can comply with that stuff :-/
puppycodes · 2h ago
the UK has been a swirling toilet bowl for free speech for years... unfortunately it seems to have accelerated.
I really dont understand why parents don't bare the responsibility of their kids internet access as opposed to the expectation the internet raises their kids...
skippyboxedhero · 2h ago
Teachers are having to toilet train children as some come to school unable to use a toilet, more children are non-verbal, more children are unable to sit through lessons, the number of children with special needs has skyrocketed, in one council area there was a single taxi firm with a £20m contract to take children to school, not only are there free school meals but some schools are now running breakfast and dinner services because parents can't feed children...no, parents won't take responsibility.
SturgeonsLaw · 1h ago
And all this is because websites weren't doing age verification? Wow, I'm glad we could solve those problems once and for all with this excellent legislation that doesn't have any side effects whatsoever!
skippyboxedhero · 49m ago
no, the problem is parents. all of these are happening at the same time which proves that the issue is that a significant minority of parents are incapable (there is also a reason why this has happened but saying it is verboten).
the question of whether the state should try to fix this stuff is irrelevant, it cannot
kypro · 28m ago
My GF works in schools helping children who have special needs. It's really sad some of the things she tells me. Many parents of these children will spend all of their child's DLA on giving their hair or nails done. Kids regularly turn up to school hungry and sometimes don't even get presents on their birthdays.
Many kids from these backgrounds are seen as little more than cashcows to help their parents get homes and income without having to work.
skippyboxedhero · 25m ago
Yes...there is more I would like to say but that is the issue.
If you turn having children into a profit-seeking enterprise, you will get bad outcomes. The UK is in the bizarre position where people who should have kids aren't having kids but they are paying for the children of those who shouldn't have kids.
The statistics coming out about this are incredible. We are looking at 20-30% of this cohort likely being unable to work at any point in their lifetime.
stephen_g · 1h ago
That doesn't mean society should pass more laws so the state takes on more responsibility of raising children though. We're dumbing down people and allowing what you describe to happen even more... It's like manufacturing a cycle of increasing dependence on the state.
skippyboxedhero · 46m ago
there is no limit to this in the UK
the solution to children stabbing each other was to attempt to ban knives
i believe they are also gearing up for a ban on cigars, cigarettes have a scale which will make them effectively illegal for children born today, more types of pornography are being banned
...this is the same country which has legalised heroin use regionally btw...you need a licence to watch porn but your neighbour can shoplift, shoot up heroin, and you pay his rent...
however bad you think it is, it is much worse
closewith · 2h ago
Parents are responsible for keeping their children safe online, as they are in person.
Platforms are also responsible for not allowing their services to be used to abuse children, which is also true offline.
jadamson · 1h ago
No, McDonald's is not responsible if you send your kid to the bathroom unattended and there's a paedo lurking inside.
As a wise man once said:
> The British legal system is and always has been a litany of injustices dressed up in formal attire. To be avoided at all costs.
aosaigh · 2h ago
Do you have kids? I don’t, so I don’t have any idea how realistic this is. How do you ensure your kids aren’t skirting any blocks you put in place, looking things up with their friends, getting access to a VPN, etc.?
I also don’t think this act is the way to address these issues, but I don’t think it’s as easy as just putting everything at the feet of the parents as I imagine it almost impossible to police at home, not to mention at school.
When I think of older technologies like television, we have rules and regulations about what can be shown when.
Again, this isn’t to say this approach is right, but wanting to regulate isn’t an attack on free speech. It seems there is regularly a tension on HN between free speech absolutists, usually from the US and those more happy to accept regulation, usually from the EU
iLoveOncall · 2h ago
> How do you ensure your kids aren’t skirting any blocks you put in place, looking things up with their friends, getting access to a VPN, etc.?
I don't, because I don't need to.
I had unrestricted access to internet when I was my kids age and I turned out just fine, just like the extreme majority of my generation.
I know that serious discussions about important topics are enough to make sure that even if my kids do access content that's not meant for children, they're not negatively affected by them, just like I wasn't.
aosaigh · 2h ago
The world is a very very different place technologically then when you grew up.
Again I don’t have kids, so I’m not in a position to judge, but I can only imagine the pressures on children are completely different nowadays. For example, we didn’t have computers in our pocket 24/7 with all of our peers on the other end influencing us indifferent ways.
skippyboxedhero · 2h ago
So you agree the problem isn't the technology but other children...what is the solution then? Ban other children?
aosaigh · 2h ago
No I don’t agree with that. Technologies can exacerbate problems.
skippyboxedhero · 21m ago
We cannot legislate away this problem. We will try, we will fail, and the costs in this case are absolutely massive.
Just as an aside, the UK has been doing this for decades. One of the most permanent causes of legislative failure in the UK has been making laws based on media pressure that have potentially huge costs in the future. And as these costs emerge, guess what the only solution is? More interventions.
I would suggest that a country which cannot control crime, cannot control borders, has a collapsing economy, cannot house people, etc. has bigger problems than trying to arrest people for saying things on Twitter or shut down end-to-end encryption.
daft_pink · 2h ago
i’m really curious if the policy of simply blocking ip addresses from random states or countries with laws you don’t like is legally sufficient and making someone assert where they are located or from is necessary.
gerdesj · 14m ago
Nightmare!
There are normally two shift keys on your keyboard, try either one.
> UK users are a target market for your service; or
> It has a significant number of UK users
What is "significant"? Is it a percentage or a raw number?
I'll click "no" - maybe 5% of my users are from the UK. Great, wizard complete! I don't need to worry...except:
> Please note that this result is indicative only
hermitcrab · 1h ago
>Do you provide a “user-to-user” service?
We have a free-to-use technical forum for our (data wrangling software) forum, powered by Discourse. I believe that might allow users to directly message each other. Does that count?
beejiu · 1h ago
Yes, but if you fill out the rest of the questionnaire I suspect it says you are not in scope.
Ralfp · 45m ago
Nope, I’ve did questionnaire and it gave me big green „yes”.
Only escape hatch they give you later is if all communication between users is delegated to other medium, eg. email or phone or sms.
hermitcrab · 1h ago
I put 'don't know' for that question and the assessement was 'unclear'.
daedrdev · 3h ago
I think they probably should not have implied its accessible via VPN, the UK might still go after their asses for having UK users even with the IP block
userbinator · 1h ago
If they're coming via a VPN, it's hard to prove the users are even in the UK, or any other country for that matter.
louthy · 56m ago
Other than the UK credit card on their account, right?
hdb385 · 2h ago
You get the government you deserve
skippyboxedhero · 2h ago
There was an election, both parties said this Act was going to happen.
It depends what you mean by government but elected officials in the UK are almost completely irrelevant in this (and in most other things, their job is to get in front of a TV camera say how appalled they are that it has happened, no-one could have foreseen this, don't look back in anger, and that they are going to select from the same policy options that the Civil Service presented the last government with...which results in the same conclusion: more civil servants, more regulation, more corruption).
Ofcom has been making a massive power grab, this bill and other recent regulations are granting them massive new powers, and the UK has a system in which ministers have no functional capacity to block this.
celticninja · 1h ago
Oh give over. This is politician led. If you think this is some civil servant's unilateral wet dream you have a serious misunderstanding of how the UK government and the civil service work. You would do better reading up on these institutions than blaming all the countries ill's on some nebulous idea of "Civil Servants as Illuminati".
skippyboxedhero · 37m ago
I would read more about the new powers that Ofcom has...the type of person who bloviates online about everyone else being stupid tends not to have actually checked what is going on.
Also, none of these laws are led by politicians. All the communications-related offences were led by security services. Do you know when Molly actually passed? 2017? And you are telling me that a law passed in 2025 is related? A law which largely contains things unrelated to her passing (i.e. significant expansion of Ofcom powers).
It is genuinely funny that people who have no idea about politics...as in first-hand knowledge which will just imagine that everything works the way they assume it must work. At the very least, you should exercise some common sense: we have seen multiple Home Office ministers pass through, ministers are gaining no new extra powers, Ofcom staffing has gone up by thousands, the amount of graft that has already gone on is staggering...but the one's to blame are, conveniently, the ones who are always blamed...but seem to be strangely unable to do anything...you cannot possibly be this credulous.
foldr · 1h ago
I’m afraid this is nonsense. Elected officials aren’t irrelevant. The majority of them support this legislation and that is why it got enough votes to become law. You don’t have to like it (I’m not a huge fan either), but it’s a perfectly straightforward case of a popular policy becoming law via the democratic process. A process that’s notoriously imperfect and not guaranteed to yield the best outcome in all cases.
Don’t fall into the trap of thinking that this law must have come about by sinister machinations just because you don’t think it’s a good law.
skippyboxedhero · 27m ago
The reason I think this is because: 1. I know this first-hand and 2. You have to be completely blind to not see the same thing happen multiple times with multiple laws (this has been happening for decades).
Elected officials are irrelevant because, in this case, they are functionally unable to propose a reasonable alternative. Policy options were presented, all of the policy options offered in this case were to empower Ofcom (again, how old are you? are you unable to think of another situation like this: same thing happened with BoE/PRA in 2010, same thing happened with Border Force creation, same thing happened with illegal immigration where the only functional action presented was to increase Home Office staffing, I can go on and on) so what was the alternative?
You also may not understand what is going on here either: this legislation gave Ofcom new statutory powers but what you might not be aware of is that Ofcom has also been granted through non-statutory instruments significant new powers that interlock with this legislation...who voted on that? Again: media campaign by the powers that be, multiple Home Office ministers have been railroaded into this, Ofcom/security services have been granted new powers (the latter by the back door...again, tell me what that has to do with "social media abuse"? nothing).
Finally, elected officials are mostly pawns. The majority of "them" do not know what is in the legislation. They have been told the PM wants "Molly's Law" passed, so it is passed. Some of the scrutiny was laughable...do you understand that the law has a provision that requires tech companies to provide "end-to-end encryption" that the government can break? To their credit, this was questioned by legislators several times...it wasn't removed from the Bill, despite it obviously being unrelated to anything in the Act. Again, how are you this blind? Do you see why elected officials might be irrelevant if you are so blind?
zb3 · 3h ago
The law could be renamed to "Use VPN Act", this is the actual consequence..
vidarh · 2h ago
Mullvad has been running ads on London buses recently...
smallpipe · 3h ago
A shame the ruling party is indistinguishible from the Tory they were voted in to replace.
rafram · 2h ago
> i know that is terrible timing and im genuinely sorry about that.
This Twitter-style faux-casual way of writing is so common among AI people right now (see Sam Altman) and it’s extremely grating. I don’t know anything about this project, but if they really cared about their users, I would hope that they’d use capital letters and punctuation when addressing them in an official announcement.
landl0rd · 2h ago
"hello fellow humans im friendly and approachable lol"
Also:
> "and honestly? i..."
> "this is not just content moderation - it is a..."
These are two huge shibboleths of gpt-ese. He had to specifically tell the bot to write in that style.
rcruzeiro · 2h ago
Perhaps a bit of a personal conspiracy theory: I do wonder if this was "written" this way because having ChatGPT write it like this is the only somewhat guaranteed way to have it avoid putting em dashes everywhere.
blitzar · 2h ago
My personal prompt is 'make me sound like an insufferable twat'. Hate on LLMs all you want but 60% of the time, it works every time.
fourside · 2h ago
It reminds me of those affectations some kids back in high school picked up on purpose just to stand out. I knew a guy who went through a phase where he’d always talk about penguins and owned a bunch of penguin related paraphernalia because that was “his thing”.
That kind of posturing is forgivable when you’re a teen. When you do it as the CEO of one of the most influential companies today, it’s grating. When you do it because you’re another CEO in a similar market and you’re trying to signal that you’re part of the “in” crowd, it’s frankly embarrassing.
superb_dev · 59m ago
God forbid people have interests? I don’t think being really into penguins is a good example
wiredone · 2h ago
The great thing about language is that it changes over time.
eg the past decade has seen us remove “that” as a qualifier, and the word literally has become interchangeable with figuratively.
its worth considering whether you’re just losing touch…
rafram · 2h ago
> eg the past decade has seen us remove “that” as a qualifier, and the word literally has become interchangeable with figuratively
The latter didn’t happen just in the last decade, and the former hasn’t happened at all.
But no, I can pretty confidently say that the English language still has capitalization and punctuation in it, it’s mostly just on Twitter and in AI-related blog posts where people write like this.
raincole · 1h ago
Really lol. It's a situation where people are censored and potentially prosecuted by government and your first reaction is nitpicking grammar?
spiderfarmer · 3h ago
I decided I will block signups to my web platform for UK users as well. Just because I don’t understand any of the requirements.
dumbfounder · 3h ago
I hope you inform the user and show them how to easily complain to their representatives.
IlikeKitties · 2h ago
Nah, just send them code 451 and ignore them. UK is still democracy adjacent, uk citicens voted for this nonesense, let them deal with the consequences.
aosaigh · 2h ago
Citizens don’t vote on legislation in the UK.
prmoustache · 2h ago
They voted for representatives, not for a particular law and may have not understood the details of this law when it was passed.
HPsquared · 2h ago
In 2024, only about 15% of MPs were elected by a local majority. This is a historic low, I think.
There was a lot of "vote splitting" and spoiler effect going on due to FPTP.
Labour have a very weak mandate.
Silhouette · 28m ago
Most of the UK didn't even vote for a Labour representative at the last general election. The Labour party's current control of our government is the result of one of the most disproportionate parliamentary majorities ever relative to its actual popular vote at the election. It's a consequence of our broken "first past the post" voting system.
There's a certain irony in our politics right now that FPTP has been maintained by two dominant political parties because it has served their purposes to have little real challenge from smaller parties despite those parties collectively having quite a lot of popular support. That same system has now all but ended one of those two dominant parties as a force in British politics and at the next election it might well do the same for the other. The scariest question is who we might then get instead if Labour don't force through a radical change to our voting system while they still have the (possibly last) chance.
jonplackett · 2h ago
We did not
kypro · 24m ago
Most people in the UK are very pro-regulation like this though. We would vote for it if we could.
UrineSqueegee · 2h ago
i opened the ofcom link and it has this really easy to follow guide with 17 illegal contents the users my encounter on your website like terrorism/pdf content etc like extremely bad stuff and all you have to do is asses how likely the user is to run into one of these on your site if its over 0% how do you plan on mitigating that.
thats literally all there is to it.
fmajid · 2h ago
Keep in mind UK terrorism legislation has been abused and is continuing to be, from prosecuting the failed Icesave bank to proscribing the non-violent Palestine Action activist group. If the Terrorism Act 2000 had been in effect in the 1980s, you could have risked 14 years in prison for advocating for the ANC against Apartheid (Thatcher's government's official policy was that Nelson Mandela was a terrorist who had been convicted in a fair trial).
The UK doesn't have a First Amendment or a Bill of Rights other than the European Convention on Human Rights, that leading parties campaign of abolishing (if a bill of rights can be abolished by the legislature, it's not worth the paper it's printed on). Heck it doesn't even have a proper written constitution, it doesn't have separation of powers or an independent judiciary (the previous Parliament considered passing a law saying "Rwanda is a safe country to deport inconvenient asylum seekers to" in response to a court ruling (correctly) saying it manifestly isn't.
The UK and Australia are in a race to the bottom to see which one is going to be the worst enemy of the Internet. The only check against these authoritarian powers is popular juries, and they are trying to get rid of these as well.
"with its members demonstrating a willingness to use violence"
As far as I am aware, have only damaged property. Have they actually committed any acts of violence or advocated violence?
It is embarassing for the UK military that they were able to get into a base and spray paint military planes.
flumpcakes · 53m ago
Damage to property is a form of violence. If someone broke into your home and destroyed medical equipment needed to care for your dying relative, I'm sure you would 100% call it an act of violence.
Also, the group has directly harmed people too:
> A police officer was taken to hospital after being hit with a sledgehammer while responding to reports of criminal damage.
Yeah just interpret 3000+ pages of policy documents and if you screw it up, OFCOM can fine you 18 million pounds and hold you criminally liable. Their "simple guide" is 70 pages long and has numerous links to additional policy documents that have more details on how to interpret the law. Any sane company is going to hire UK legal counsel to deal with this, which is easily going to cost five or six figures. And that doesn't include the cost of adding additional technical mitigations to justify a lower risk assessment, or the ongoing compliance cost for services that aren't low-risk. So the rational move for any company that has minimal UK revenue is to just IP ban the country, like Iran or North Korea.
_dain_ · 1h ago
"extremely bad stuff"
people have literally been jailed for "hate speech" here because they clicked like on a tweet. labour is currently debating an official definition of "islamophobia" which would criminalize stating historical facts like "islam was spread by the sword" and "the grooming gangs are mostly pakistani". the govt put out a superinjunction forbidding anyone (including MPs) from mentioning they spent £7B bringing over afghans allegedly at risk from the taliban, and also criminalizing mention of the gag order itself, and so on recursively. nobody (other than judges and senior ministers) knows how many other such superinjunctions there are.
all this and more is covered by those 17 categories.
on top of this, britain claims global jurisdiction here. think a minute how absurd that is -- any website anywhere that any briton might access is in scope, according to ofcom. and they claim the power to prosecute foreigners for these "crimes" ...
hermitcrab · 1h ago
>people have literally been jailed for "hate speech" here because they clicked like on a tweet
I am aware that someone was jailed for encouraging people via social media to burn down a hotel with refugees in ( https://www.bbc.co.uk/news/articles/cp3wkzgpjxvo ). But not because they clicked like on a Tweet.
Reference please.
landl0rd · 2h ago
I have also blocked yookayers from my site because I would rather spend my time on GTM for my more valuable markets or have free time than waste it on the tiny chunk of my users who are yookay based.
Also I don't know what sort of weight "guidance" from a reg agency vs statute carries there, how much of a defense it is, etc.
ez8 · 1h ago
why is scrolling so heavy and lagged on this simple page
tomschwiha · 3h ago
I get both sides. Kids need some sort of protection online. But the UK law is maybe too harsh for small companies. Also hinting at VPN use to bypass the law isn't smart legally.
computegabe · 2h ago
Protection for the kids should fall on the parents or schools, not the companies. It's not the companies fault if the kid is given full access to the internet, especially at a young age. It's bad parenting. If it's such an important issue, make the parents liable in some way.
lijok · 2h ago
You're optimizing for "fairness". The UK government, however misguided, is optimizing for good outcomes for the next generation. The thing that solves this may well be parents taking accountability, but, putting these expectations on online platforms in place doesn't hurt and can only help.
userbinator · 1h ago
The UK government, however misguided, is optimizing for good outcomes for the next generation.
By "good outcomes" you mean "addicted to the government"... which is not entirely surprising.
alvah · 1h ago
>doesn’t hurt
Are you sure?
ocharles · 2h ago
This keeps getting parroted but it's flawed/overly idealistic/frankly naive. An awful of children are, unfortunately, poorly parented. This is not a new phenomenon, nor something we seem to be improving. OTOH, exposure to extreme material for young children is increasing, and has consequences beyond that child. Exposure to extreme pornography leads to a warped view of sex which affects everyone this child might have sexual encounters with. Exposure to extreme violent material leads to the murder of other innocent children.
I don't know where I stand on this legislation - my gut is that it's too heavy handed and will miss the mark. But I think we need to stop saying this falls solely on parents. The internet is far too big, and parenting is far too varied for this to work. I wish it would, but it won't. There simply aren't enough parents that care enough.
computegabe · 2h ago
Damned if you do, damned if you don't. I think it's a terrible thing, but in this case, I think doing nothing is better than doing something. The unintended consequences far outweighs the benefits. The kids that want to find extreme stuff will find it anyway, regardless of regulation.
xg15 · 2h ago
"But the unintended consequences" has been the standard response of tech startups to any kind of regulation, since they were started being regulated. At some point, it stops being believable.
computegabe · 2h ago
Yes, and my response is compare the tech companies and sizes between the US, Europe, and else where. Over regulation. The same thing is happening with AI in Europe. I am taking an economic stance here.
louthy · 38m ago
So, just be clear, your position is “fuck the children as long as US tech companies are making shit loads of money”?
Should society just be about the accumulation of wealth and no other human needs considered? Or, have I misunderstood your comment?
xg15 · 2h ago
This is the same tired excuse that is given every time. Requiring parents to police their kids' Internet usage 24/7 is about as practical or desirable as controlling their location 24/7. At the latest if those kids have their own phones - or simply visit friends, it's not possible anymore.
computegabe · 2h ago
Oh, so you want the government to police people's kids' internet usage 24/7, inadvertently screwing everyone else over in the process? I'm sure this will end well for the UK, especially the economy.
xg15 · 2h ago
So, if not the government and not the parents, then who should do it?
computegabe · 2h ago
No one. Nothing should be done. If parents aren't going to do anything, what's stopping the kid from getting the parents ID when they're not looking? Or better yet, the same parent which verifies the site for the kid just to get them to shut up? It's the same parental group.
Would you want to let a lonely kid who might already have self confidence issues and problems making real-life friends loose on that site?
shmerl · 2h ago
I've heard it caused all UK operated small forums to shut down. Basically a completely dumb anti free speech "regulation".
morkalork · 1h ago
Question: What if you don't comply but are outside of the UK and have no business operating there making money, filing taxes etc. What is the consequence, criminal charges in absentia and an attempt at extradition?
Also, at $1.50/user, what if users pay for accounts? Perhaps this will be the Band-Aid ripping moment that ushers in sane communities that are no longer under attack by endless bad actors with infinite free accounts?
Vespasian · 1h ago
The second part is something I've been pondering for quite a long time.
Having to verify your identity (without it being exposed to other users) sounds like it could reduce endless botting.
On the other hand such a system is basically begging for being abused by bad actors (state and non state)
Trowter · 3h ago
Yeah maybe mark this as NSFW? I didn't realise this was a blog for a weird AI festish website... Thanks virigns
Silhouette · 36m ago
Indeed. I usually expect that sites linked from HN will be reasonably safe and reputable so followed the link assuming it would be some sort of AI startup but not expecting anything like this. A warning would have been appreciated. @dang, maybe change the title to include some kind of NSFW tag?
muglug · 3h ago
Um this website offers LLM-powered chat bots that can simulate pretty much any situation the user wants, and most of the content appears to be sexual in nature.
I’m no prude, but I think this is a not-great thing to expose kids to, and the UK government is maybe not-terrible to want some sort of way to gate kids’ access.
tomschwiha · 2h ago
I think the point of the blog is still valid as the law applies to any content publisher/social media platform of any size. Even Hackernews could be a target if I understood correctly.
blibble · 1h ago
yeah, as a Brit I am against the OSA
it places a huge compliance burden on the 99.5% of small sites out there which are completely innocent
"janitor.ai" is not one of those sites...
an effective OSA should be targeted at sites like that
and saying "UK users, we can identify your accounts and have deliberately left them open cough VPN cough" isn't going to help them in the slightest (see Section 19)
kylestanfield · 2h ago
“this is not just content moderation - it is a complete regulatory framework that assumes every platform is a tech giant.”
hsuduebc2 · 2h ago
Once again, it seems like the regulations were likely written by the very people being regulated perfectly tailored to kill off any potential competition. An absolute classic.
CamperBob2 · 1h ago
just wanted to make that crystal clear
One way you can help make things crystal clear is by using conventional English capitalization and orthography.
Just sayin'.
LAC-Tech · 2h ago
Timely reminder to all UK people - your system is 100% set up to allow you to easily and legally change your government without bloodshed. This is the benefit of a constitutional monarchy.
By "changing your government" I don't mean "shuffle people in and out of parliament" or even "elect your 6th Prime Minister in 10 years".
I mean change your government.
flumpcakes · 2h ago
What do you mean then?
LAC-Tech · 14m ago
Regime change
basisword · 2h ago
They're using this as a nice marketing opportunity. "We don't understand the law...but here are our strong opinions on it...in lowercase".
Just because it's become really easy to spin-up a business doesn't mean your business should be allowed to ignore laws - regardless of your opinion on them. This should apply even more strictly to businesses selling/providing age restricted items. A small tobacconist is subject to the same laws around selling tobacco as a large supermarket. Why should this be different online?
I can understand basic disagreements with the general usefulness of the new law, but "I'm just a little guy" is a poor argument. Designing the law so you can only get your creepy AI porn from small businesses defeats the purpose of it.
stephen_g · 59m ago
Have you looked at the law though? Like actually? Elsewhere on the thread somebody posted a link where an owner of a forum for people who own hamsters as pets has to close down because they can't afford to comply with the law.
It is actually a really bad law.
UrineSqueegee · 2h ago
bro is making 0 sense and I think he fucked something up and he is trying to pin it on the legislation than himself.
it's an extremely trivial thing to do and the ofcom guidance is very easy to follow.
rimbo789 · 1h ago
It’s insane that “just follow the rules” gets downvoted
CommenterPerson · 2h ago
It's about time Tech Bros had some shock therapy. I hope the UK law holds, is adjusted appropriately for smaller user bases, and reduces some of the enshittification that's become standard business practice on the internet.
r33b33 · 2h ago
Quickly spin up a VPN (with LLM help) and georedirect UK users to said VPN page.
Problem solved.
prmoustache · 2h ago
I am pretty sure helping your users circumventing the blockage would make you liable the same way.
r33b33 · 2h ago
So? If the law is stupid, they should get what's coming to them.
laincide · 3h ago
Thats ok, i probably wouldnt use a site that uses ghbili style ai generated thumbnails anyway
rimbo789 · 1h ago
Good. Tech companies have acted far too long like the law is something like they can get to next week.
This firm doesn’t care a whit about the impact on users - they are just too cheap to follow the rules.
If your business can’t operate without regulation it shouldn’t operate at all because it clearly relies too heavily on exploiting labour and or consumers
transcriptase · 1h ago
Do you have more of your writing available anywhere? I’m fine-tuning a model to act as someone with uncritical deference to authority, a paternal view of government, and no apparent awareness of what it takes to comply with regulation or operate a real business. Your material could be the perfect training data!
burnt-resistor · 39m ago
Not just LOL, but I nearly fainted from laughter. Best takedown of illiberal authoritarian bootlickers on the internet today. People must be crazy or broken if they are so brainwashed or misinformed to believe even for a second that illiberalism or government oppression will somehow make their or everyone lives better.
davesmylie · 1h ago
> This firm doesn’t care a whit about the impact on users - they are just too cheap to follow the rules.
I'm old enough to remember when one of great things about the web was the low barrier to entry.
Not every site has a large company with deep pockets behind it. Some of the websites I've run, I've run at a loss because I was interested in the subject and thought it provided real value for other people. Probably the income from these sites was in the hundreds of dollars a year range, the cost in time and effort waaay beyond that.
I don't know the actual compliance costs here - I know the cost of a UK lawyer just to review obligations and liabilities is probably going to be a few hundred quid, if not substantially more. I don't know of many non-professional, or FOSS sites that could afford that.
Your curt dismissal of this huge chunk of the internet saying they shouldn't be operating at all is mind boggling
rimbo789 · 1h ago
To be clear, I think a huge chunk of the tech giants also should not be operating! They need to be regulated heavily with algorithic feeds banned, anyone under 18 banned and better compensation for content creators.
The wild west of the internet was largely a mistake and created massive social disruption for the benefit of a tiny few and was caused by regulators being asleep at the switch. It is good they are finally catching up.
AJ007 · 1h ago
I have no idea why we need to require site operators to verify users ages? Just force the mobile phone companies do it. It would be pretty trivial for apple, with a front facing camera, face detection, and then just read everything on the screen. If something bad or offensive is shown, the phone is disabled and a notification is sent to the parents and the police.
The western internet as we knew it is dead. Privacy is dead, we already live in a post-Snowden panopticon. With multiple always-on microphones in every public room and often in private rooms too. HD cameras are everywhere. If you live in any major city, hundreds to thousands of hours of footage, which might contain you, is being uploaded for public view and AI training daily.
There have been other open source deathblow laws passed in the EU like the Cyber Resilience Act and the Product Liability Directive which have been repeatedly dismissed by other commenters on hn. Earlier stuff like the GDPR was dismissed too as only affecting big companies. The arguments in support of these laws have basically been you are small so you don't need to follow them. That seems like lot of disrespect for the EU's legal system but maybe it's well deserved.
It's only a matter of time until ID verification will be mandated even to make a post like this one on sites like hn. Western companies assisted authoritarian prison states in monitoring, censoring and controlling their citizens, when they should have been doing the exact opposite. Now it's really hard to argue that it isn't possible here.
pullchair · 1h ago
Yes and also their business sounds risky as hell to impressionable children. I'm sure the creators of the Online Safety Act had websites like this in mind. They're doing the UK a favor by blocking, no-one needs these porn AI bots or whatever it is they're pushing.
18172828286177 · 1h ago
Nice bait
rimbo789 · 1h ago
It’s wild that this is a forum where the take “follow the law even if it’s annoying for your company” is considered bait
marmarama · 1h ago
It's run by a startup incubator, and a pretty large chunk of the user population has the notion that they will eventually end up part of the rarefied population of company founders that hit the jackpot and make their fortune.
Of course that affects attitudes here, even if most people on here will never actually be a founder, let alone a highly successful one.
Top management can never go against the RCSR guys, who are like priests of the church in medieval ages. And the RCSR guys have no goals linked to the progress of the real work. The don't like any thing that moves. It's a risk.
Management thinks that RCSR helps with controls around the work. But what happens is, you put more people in building controls, they deliver fort walls around your garbage bins.
Because the policy teams don't understand the technical details, they get hung up on things that don't matter so all your "security budget" (in terms of dev effort available for improvement) gets spent on useless things.
Because there is a CIS guideline recommending "do not put secrets in environment variables" in k8s, a team I work with recently spent two weeks modifying deployments of all their third party charts to mount all secrets as volumes, this included modifying / patching upstream helm charts. This will be a maintenance burden forever lol. Actual security benefit in context is approximately zero.
Meanwhile they COULD have spent that time implementing broadly effective things like NetworkPolicy or CSP for the front-end but now there is no dev time for that.
At the top levels of their process there are plenty of risk x impact matrices but there aren't corresponding effort / payoff assessments, so the thing beings being done end up not being engineering.
Not if they never ever ship an update.
(i - briefly - worked for place that did things this way. They didn't update the chart, but they _did_ use `sed` to update the image tag from time to time.)
In other words, the guys who actually believe in a normal level of compliance are hamstrung, defection is rewarded, classic failure mode of this kind of thing.
Jeez, and I was just grumbling how it takes up to 24 hours for a change I make to appear in prod, compared to about 4 hours at my previous job.
It should be possible to develop automated systems and processes to keep most changes on the “happy path” where approvals are quick. These sorts of organization responses were a new layer of people who can say “no” grow whenever a problem happens or a regulation changes are suffocating.
But if the regulation is indeed oppressive or byzantine, everybody hurts and only the biggest survive.
*Social contagion effects on risk perception can be a confounding factor here, though.
That said the thinking that smaller platform should equal exemptions seems a touch flawed too given topic. If you're setting out to protect a child from content that say is promoting suicide the size of the platform isn't a relevant metric. If anything the smaller less visible corners (like the various chan sites) of the internet may even be higher risk
Take something like a plastic packaging tax, for example. A company like Amazon won't have too much trouble setting up a team to take care of this, and they can be taxed by the gram and by the material. But expecting the same from a mom-and-pop store is unreasonable - the fee isn't the problem, but the administrative overhead can be enough to kill them. Offering an alternative fixed-fee structure for companies below certain revenue thresholds would solve that problem, while still remaining true to the original intention.
But playing devils advocate a bit here if the risk profile to the kid is the same on big and small platforms then there isn't any ethical room a lighter regime. Never mind full exemption, any exemption. The whole line of reasoning that you can't afford it therefore more kids potentially getting hurt on your platform is more acceptable just doesn't play. And similarly if you do provide a lighter touch regime, then the big players will rightly say well if that is adequate to ensure safety then why exactly can't we do that too?
Platform size just isn't a relevant metric on some topics - child safety being one of them. Ethically whether a child is exposed to harm on a small or big website is the same thing.
Not that I think this act will do much of anything for child safety. Which is why I think this needs to go back to drawing board entirely. Cause if we're not effectively protecting children yet killing businesses (and freedoms) then wtf are we doing
No comments yet
This, or course, would disproportionately burden smaller buildings, while some larger buildings would have little trouble to comply. Guess who would complain more often. But it, while outwardly insane, would clear small huts off the market, while the owners of large reinforced buildings would be able to reclaim the land, as if by an unintended consequence.
Driving the risk tolerance of a society lower and lower interestingly dovetails with the ease of regulatory capture by large incumbent players, as if by coincidence.
I don't agree with everything in the Online Safety Act, but if anything needed a risk assessment, it's surely this?
[0] “law” here isn’t just laws made by governments, but also regulations made by e.g. Visa and Mastercard
Are there services which offer a less... risky... service that are similarly affected here?
https://www.thehamsterforum.com/threads/big-sad-forum-news-o...
(Yes, the UK has effectively made it illegal to run a forum for people with pet hamsters.)
They deal with compliance in their terms and apparently did a reboot and apparently introduced new modding tools.
Did they reach the conclusion that they are not pose significant risks and that their tools are sufficient?
I'm very curious
That's happening with the AI act here as well. Almost no-one wants to even touch the EU shitshow and they're still going forward with it. Even Mistral was trying to petition them, but the latest news seem like it had no effect. Fuck us I guess, right? Both consumers and SMBs will lose if this passes as is.
It isn't populist either, no-one supports this. The UK has media campaigns run by newspapers, no-one reads the papers but politicians so these campaigns start to influence politicians. Always the same: spontaneous media campaign across multiple newspapers (low impact on other kinds of media), child as a figurehead, and the law always has significant implications that are nothing to do with the publicly stated aim.
Democracy has very little to do with it. Elections happen in the UK but policies don't change, it is obvious why.
No comments yet
Another example: here in the USA we have 50 states vying to each regulate AI; my understanding is that the plan was to have the OBBB put them off from doing this for at least 10 years, but that effort failed, leaving them free to each do their own thing.
Complying with all rules and regulations in all jurisdictions to which a website/service could be exposed (i.e. worldwide, by default) seems like it's becoming a well nigh impossible task these days.
Cyberspace is not, eventually, independent[1] if you plan to make money off it and use real world IDs.
[1]: https://www.eff.org/cyberspace-independence
For a site operator who seems really concerned about potential liability under this law, I sure wouldn’t have put this in writing. Feels like it really undermines the rest of the post and the compliance measures being taken.
There's literally "Best VPNs For Accessing Porn in the UK" articles, they'll be fine.
People aren’t prevented from using VPNs in the UK, in case anyone is unclear on this.
Is that the case here (and it just happens that I have no clue what this particular site is about) ?
Or am I grossly misunderstanding the act (very likely I guess since IANAL) ?
[1] https://www.onlinesafetyact.net/analysis/categorisation-of-s...
-------------------------------------------
Ofcom’s advice to the Secretary of State
Ofcom submitted their advice – and the unerpinning research that had informed it – to the Secretary of State on 29 February 2024 and published it on 25 March. In summary, its advice is as follows: Category 1
Condition 1:
Condition 2: Ofcom estimates that there are 9 services captured by condition 1 and 12-16 likely to be captured by condition 2. There is one small reference in the annex that the 7m+ monthly users threshold corresponds to the DSA (A6.15) Category 2a (search) Ofcom estimates that there are just 2 search services that currently sit (a long way) above this threshold but that it is justified to put it at this level to catch emerging services. Category 2b (children) Ofcom estimates that there are “approximately 25-40 services” that may meet this threshold.-------------------------------------------
https://www.ofcom.org.uk/siteassets/resources/documents/cons...
Everybody (who's not specifically exempted by Schedule 1, which has nothing to do with what you linked to) gets a "duty of care".Everybody has to do a crapton of specific stupid (and expensive) administrative stuff. Oh, and by the way you'd better pay a lawyer to make sure that any Schedule 1 (or other) exemption you're relying on actually applies to you. Which they may not even be able to say because of general vagueness and corner cases that the drafters didn't think of.
Also, it's not a "ruling". It's a law with some implementing regulations.
[1]: https://ofcomlive.my.salesforce-sites.com/formentry/Regulati...
I wouldn't be surprised if this ends up being a topic in trade negotiations with the US in the future though, since this is a trade barrier that imposes significant regulatory cost on US companies for content that is legal in the US. Eg. the proscribed categories of illegal content include knives and firearms, hate, etc.
Otherwise everyone from small sites to Facebook would just shop around jurisdictions and formally operate their websites from wherever fits them best.
And if a service is used by citizens of your country it makes sense to scale requirements by the impact it is having on them.
This particular law may not be great overall but I've got no issues with this method. As a site provider outside the UK it's trivially easy to avoid liability (by blocking people)
what ruling are you referring to? This is about the Online Safety Act, an act of parliament.
Then there are additional requirements applied to 3 classes of services: Category 1, 2A, 2B. The latter have the thresholds as discussed above.
But, as usual, poorly written. eg a "Content Recommendation System" -- if you choose, via any method, to show content to users, you have built a recommendation system. See eg wikimedia's concern that showing a picture of the day on a homepage is a bonafide content recommendation system.
The definition
> (2)In paragraph (1), a “content recommender system” means a system, used by the provider of a regulated user-to-user service in respect of the user-to-user part of that service, that uses algorithms which by means of machine learning or other techniques determines, or otherwise affects, the way in which regulated user-generated content of a user, whether alone or with other content, may be encountered by other users of the service.
https://www.legislation.gov.uk/uksi/2025/226/regulation/3/ma...
If you in any way display UGC, it's essentially impossible not to do that. Because you pick which UGC to display somehow.
https://www.gov.uk/government/publications/online-safety-act... .
From what I'm reading, Amazon will have to implement age-checks over 8/10 of its book inventory, with the other 2/10 opening the company for liability about the very broad definition of "Age-appropriate experiences for children online." And yes, janitorai is correct that the act applies to them and the content they create, and a blanket ban to UK users seems the most appropriate course of action.
For what is worth, the act does not seem to apply to first-party websites, as long as visitors of that website are not allowed to interact with each other. So, say, a blog without a comment feed should be okay.
https://onlinesafetyact.co.uk/ra_blog_with_comments/
For an extreme case, ask Julian Assange what might happen if a country doesn't like what you put on the internet.
Or, you travel to the UK! It’s a pretty popular destination and Heathrow is a major European hub. It would be easy to get caught out.
The law may well be onerous and misguided. But looking at that site, it seems they reeeeally should do their due diligence. Not just to avoid the long arm of UK justice, but other territories too. It looks extremely dubious.
Their mitigation doesn’t make sense either. If they don’t shutdown UK accounts and those accounts use UK credit cards which continue to use the service via a VPN. It could be reasonably argued that they know they’re providing a service to a UK resident. So, they really need to do their homework.
What they’re actually complaining about is the cost of doing business. It sounds pretty amateurish.
It's also possible for the owners or employees of the company to be held liable if they ever visit the UK.
Having said that, it can limit a lot ones travel possibilities.
I have no idea if this is a likely or even possible consequence, but that’s one way lots of people have gotten ensnared by the long arm of the law, even when jurisdiction is otherwise normally lacking.
You'd be well advised to avoid a country this like.
If the UK had remained in the EU, then extradition might be possible (depending on whether courts approve it) but right now it's pretty unambiguously impossible.
https://www.gov.uk/government/publications/international-mut...
Apparently Germany is also (at least as of 2023) not extraditing non-citizens to the UK due to the condition of British jails as well so: https://www.theguardian.com/society/2023/sep/05/germany-refu...
If you are found criminally guilty in UK, sure you can avoid visiting UK, and of course, potentials business partners in Germany will see you guilty record in UK as a liability. It might impact your capacity to travel in other countries as well, if you have any sort of criminal record anywhere else, like Canada, Australia, New Zealand or US...
There are also extradition treaties between UK and Europe...
Strawmanning their position isn't helpful to anyone.
I really dont understand why parents don't bare the responsibility of their kids internet access as opposed to the expectation the internet raises their kids...
the question of whether the state should try to fix this stuff is irrelevant, it cannot
Many kids from these backgrounds are seen as little more than cashcows to help their parents get homes and income without having to work.
If you turn having children into a profit-seeking enterprise, you will get bad outcomes. The UK is in the bizarre position where people who should have kids aren't having kids but they are paying for the children of those who shouldn't have kids.
The statistics coming out about this are incredible. We are looking at 20-30% of this cohort likely being unable to work at any point in their lifetime.
the solution to children stabbing each other was to attempt to ban knives
i believe they are also gearing up for a ban on cigars, cigarettes have a scale which will make them effectively illegal for children born today, more types of pornography are being banned
...this is the same country which has legalised heroin use regionally btw...you need a licence to watch porn but your neighbour can shoplift, shoot up heroin, and you pay his rent...
however bad you think it is, it is much worse
Platforms are also responsible for not allowing their services to be used to abuse children, which is also true offline.
As a wise man once said:
> The British legal system is and always has been a litany of injustices dressed up in formal attire. To be avoided at all costs.
I also don’t think this act is the way to address these issues, but I don’t think it’s as easy as just putting everything at the feet of the parents as I imagine it almost impossible to police at home, not to mention at school.
When I think of older technologies like television, we have rules and regulations about what can be shown when.
Again, this isn’t to say this approach is right, but wanting to regulate isn’t an attack on free speech. It seems there is regularly a tension on HN between free speech absolutists, usually from the US and those more happy to accept regulation, usually from the EU
I don't, because I don't need to.
I had unrestricted access to internet when I was my kids age and I turned out just fine, just like the extreme majority of my generation.
I know that serious discussions about important topics are enough to make sure that even if my kids do access content that's not meant for children, they're not negatively affected by them, just like I wasn't.
Again I don’t have kids, so I’m not in a position to judge, but I can only imagine the pressures on children are completely different nowadays. For example, we didn’t have computers in our pocket 24/7 with all of our peers on the other end influencing us indifferent ways.
Just as an aside, the UK has been doing this for decades. One of the most permanent causes of legislative failure in the UK has been making laws based on media pressure that have potentially huge costs in the future. And as these costs emerge, guess what the only solution is? More interventions.
I would suggest that a country which cannot control crime, cannot control borders, has a collapsing economy, cannot house people, etc. has bigger problems than trying to arrest people for saying things on Twitter or shut down end-to-end encryption.
There are normally two shift keys on your keyboard, try either one.
> Your online service has links with the UK if:
> UK users are a target market for your service; or
> It has a significant number of UK users
What is "significant"? Is it a percentage or a raw number?
I'll click "no" - maybe 5% of my users are from the UK. Great, wizard complete! I don't need to worry...except:
> Please note that this result is indicative only
We have a free-to-use technical forum for our (data wrangling software) forum, powered by Discourse. I believe that might allow users to directly message each other. Does that count?
Only escape hatch they give you later is if all communication between users is delegated to other medium, eg. email or phone or sms.
It depends what you mean by government but elected officials in the UK are almost completely irrelevant in this (and in most other things, their job is to get in front of a TV camera say how appalled they are that it has happened, no-one could have foreseen this, don't look back in anger, and that they are going to select from the same policy options that the Civil Service presented the last government with...which results in the same conclusion: more civil servants, more regulation, more corruption).
Ofcom has been making a massive power grab, this bill and other recent regulations are granting them massive new powers, and the UK has a system in which ministers have no functional capacity to block this.
Also, none of these laws are led by politicians. All the communications-related offences were led by security services. Do you know when Molly actually passed? 2017? And you are telling me that a law passed in 2025 is related? A law which largely contains things unrelated to her passing (i.e. significant expansion of Ofcom powers).
It is genuinely funny that people who have no idea about politics...as in first-hand knowledge which will just imagine that everything works the way they assume it must work. At the very least, you should exercise some common sense: we have seen multiple Home Office ministers pass through, ministers are gaining no new extra powers, Ofcom staffing has gone up by thousands, the amount of graft that has already gone on is staggering...but the one's to blame are, conveniently, the ones who are always blamed...but seem to be strangely unable to do anything...you cannot possibly be this credulous.
Don’t fall into the trap of thinking that this law must have come about by sinister machinations just because you don’t think it’s a good law.
Elected officials are irrelevant because, in this case, they are functionally unable to propose a reasonable alternative. Policy options were presented, all of the policy options offered in this case were to empower Ofcom (again, how old are you? are you unable to think of another situation like this: same thing happened with BoE/PRA in 2010, same thing happened with Border Force creation, same thing happened with illegal immigration where the only functional action presented was to increase Home Office staffing, I can go on and on) so what was the alternative?
You also may not understand what is going on here either: this legislation gave Ofcom new statutory powers but what you might not be aware of is that Ofcom has also been granted through non-statutory instruments significant new powers that interlock with this legislation...who voted on that? Again: media campaign by the powers that be, multiple Home Office ministers have been railroaded into this, Ofcom/security services have been granted new powers (the latter by the back door...again, tell me what that has to do with "social media abuse"? nothing).
Finally, elected officials are mostly pawns. The majority of "them" do not know what is in the legislation. They have been told the PM wants "Molly's Law" passed, so it is passed. Some of the scrutiny was laughable...do you understand that the law has a provision that requires tech companies to provide "end-to-end encryption" that the government can break? To their credit, this was questioned by legislators several times...it wasn't removed from the Bill, despite it obviously being unrelated to anything in the Act. Again, how are you this blind? Do you see why elected officials might be irrelevant if you are so blind?
This Twitter-style faux-casual way of writing is so common among AI people right now (see Sam Altman) and it’s extremely grating. I don’t know anything about this project, but if they really cared about their users, I would hope that they’d use capital letters and punctuation when addressing them in an official announcement.
Also:
> "and honestly? i..."
> "this is not just content moderation - it is a..."
These are two huge shibboleths of gpt-ese. He had to specifically tell the bot to write in that style.
That kind of posturing is forgivable when you’re a teen. When you do it as the CEO of one of the most influential companies today, it’s grating. When you do it because you’re another CEO in a similar market and you’re trying to signal that you’re part of the “in” crowd, it’s frankly embarrassing.
eg the past decade has seen us remove “that” as a qualifier, and the word literally has become interchangeable with figuratively.
its worth considering whether you’re just losing touch…
The latter didn’t happen just in the last decade, and the former hasn’t happened at all.
But no, I can pretty confidently say that the English language still has capitalization and punctuation in it, it’s mostly just on Twitter and in AI-related blog posts where people write like this.
There was a lot of "vote splitting" and spoiler effect going on due to FPTP.
Labour have a very weak mandate.
There's a certain irony in our politics right now that FPTP has been maintained by two dominant political parties because it has served their purposes to have little real challenge from smaller parties despite those parties collectively having quite a lot of popular support. That same system has now all but ended one of those two dominant parties as a force in British politics and at the next election it might well do the same for the other. The scariest question is who we might then get instead if Labour don't force through a radical change to our voting system while they still have the (possibly last) chance.
thats literally all there is to it.
The UK doesn't have a First Amendment or a Bill of Rights other than the European Convention on Human Rights, that leading parties campaign of abolishing (if a bill of rights can be abolished by the legislature, it's not worth the paper it's printed on). Heck it doesn't even have a proper written constitution, it doesn't have separation of powers or an independent judiciary (the previous Parliament considered passing a law saying "Rwanda is a safe country to deport inconvenient asylum seekers to" in response to a court ruling (correctly) saying it manifestly isn't.
The UK and Australia are in a race to the bottom to see which one is going to be the worst enemy of the Internet. The only check against these authoritarian powers is popular juries, and they are trying to get rid of these as well.
https://hansard.parliament.uk/commons/2025-06-23/debates/250...
"with its members demonstrating a willingness to use violence"
As far as I am aware, have only damaged property. Have they actually committed any acts of violence or advocated violence?
It is embarassing for the UK military that they were able to get into a base and spray paint military planes.
Also, the group has directly harmed people too:
> A police officer was taken to hospital after being hit with a sledgehammer while responding to reports of criminal damage.
https://www.bbc.co.uk/news/articles/c0mnnje4wlro
people have literally been jailed for "hate speech" here because they clicked like on a tweet. labour is currently debating an official definition of "islamophobia" which would criminalize stating historical facts like "islam was spread by the sword" and "the grooming gangs are mostly pakistani". the govt put out a superinjunction forbidding anyone (including MPs) from mentioning they spent £7B bringing over afghans allegedly at risk from the taliban, and also criminalizing mention of the gag order itself, and so on recursively. nobody (other than judges and senior ministers) knows how many other such superinjunctions there are.
all this and more is covered by those 17 categories.
on top of this, britain claims global jurisdiction here. think a minute how absurd that is -- any website anywhere that any briton might access is in scope, according to ofcom. and they claim the power to prosecute foreigners for these "crimes" ...
I am aware that someone was jailed for encouraging people via social media to burn down a hotel with refugees in ( https://www.bbc.co.uk/news/articles/cp3wkzgpjxvo ). But not because they clicked like on a Tweet. Reference please.
Also I don't know what sort of weight "guidance" from a reg agency vs statute carries there, how much of a defense it is, etc.
By "good outcomes" you mean "addicted to the government"... which is not entirely surprising.
Are you sure?
I don't know where I stand on this legislation - my gut is that it's too heavy handed and will miss the mark. But I think we need to stop saying this falls solely on parents. The internet is far too big, and parenting is far too varied for this to work. I wish it would, but it won't. There simply aren't enough parents that care enough.
Should society just be about the accumulation of wealth and no other human needs considered? Or, have I misunderstood your comment?
Yeah. It’s called “parenting”.
Beyond the obvious response about parenting: do they?
There was absolutely no restriction on the web when millenials were growing up, and we didn't become a generation of degenerates.
I'd like to see actual proof that there is a need for mass online protection for children.
Their business is creating virtual AI friends, often with sexually suggestive themes.
You can browse through the characters here: https://janitorai.com/
Would you want to let a lonely kid who might already have self confidence issues and problems making real-life friends loose on that site?
Also, at $1.50/user, what if users pay for accounts? Perhaps this will be the Band-Aid ripping moment that ushers in sane communities that are no longer under attack by endless bad actors with infinite free accounts?
Having to verify your identity (without it being exposed to other users) sounds like it could reduce endless botting.
On the other hand such a system is basically begging for being abused by bad actors (state and non state)
I’m no prude, but I think this is a not-great thing to expose kids to, and the UK government is maybe not-terrible to want some sort of way to gate kids’ access.
it places a huge compliance burden on the 99.5% of small sites out there which are completely innocent
"janitor.ai" is not one of those sites...
an effective OSA should be targeted at sites like that
and saying "UK users, we can identify your accounts and have deliberately left them open cough VPN cough" isn't going to help them in the slightest (see Section 19)
One way you can help make things crystal clear is by using conventional English capitalization and orthography.
Just sayin'.
By "changing your government" I don't mean "shuffle people in and out of parliament" or even "elect your 6th Prime Minister in 10 years".
I mean change your government.
Just because it's become really easy to spin-up a business doesn't mean your business should be allowed to ignore laws - regardless of your opinion on them. This should apply even more strictly to businesses selling/providing age restricted items. A small tobacconist is subject to the same laws around selling tobacco as a large supermarket. Why should this be different online?
I can understand basic disagreements with the general usefulness of the new law, but "I'm just a little guy" is a poor argument. Designing the law so you can only get your creepy AI porn from small businesses defeats the purpose of it.
It is actually a really bad law.
it's an extremely trivial thing to do and the ofcom guidance is very easy to follow.
Problem solved.
This firm doesn’t care a whit about the impact on users - they are just too cheap to follow the rules.
If your business can’t operate without regulation it shouldn’t operate at all because it clearly relies too heavily on exploiting labour and or consumers
I'm old enough to remember when one of great things about the web was the low barrier to entry.
Not every site has a large company with deep pockets behind it. Some of the websites I've run, I've run at a loss because I was interested in the subject and thought it provided real value for other people. Probably the income from these sites was in the hundreds of dollars a year range, the cost in time and effort waaay beyond that.
I don't know the actual compliance costs here - I know the cost of a UK lawyer just to review obligations and liabilities is probably going to be a few hundred quid, if not substantially more. I don't know of many non-professional, or FOSS sites that could afford that.
Your curt dismissal of this huge chunk of the internet saying they shouldn't be operating at all is mind boggling
The wild west of the internet was largely a mistake and created massive social disruption for the benefit of a tiny few and was caused by regulators being asleep at the switch. It is good they are finally catching up.
The western internet as we knew it is dead. Privacy is dead, we already live in a post-Snowden panopticon. With multiple always-on microphones in every public room and often in private rooms too. HD cameras are everywhere. If you live in any major city, hundreds to thousands of hours of footage, which might contain you, is being uploaded for public view and AI training daily.
There have been other open source deathblow laws passed in the EU like the Cyber Resilience Act and the Product Liability Directive which have been repeatedly dismissed by other commenters on hn. Earlier stuff like the GDPR was dismissed too as only affecting big companies. The arguments in support of these laws have basically been you are small so you don't need to follow them. That seems like lot of disrespect for the EU's legal system but maybe it's well deserved.
It's only a matter of time until ID verification will be mandated even to make a post like this one on sites like hn. Western companies assisted authoritarian prison states in monitoring, censoring and controlling their citizens, when they should have been doing the exact opposite. Now it's really hard to argue that it isn't possible here.
Of course that affects attitudes here, even if most people on here will never actually be a founder, let alone a highly successful one.