>>ColinW+(OP)
URL should be https://lobste.rs/s/ukosa1/uk_users_lobsters_needs_your_help...

>>Symbio+93
Im guessing they linked the archive so that when Lobsters is geoblocked UK users will still be able to read it.

>>ColinW+(OP)
Block and route around failures.

>>ColinW+(OP)
The simple answer is to not recognize the authority of the UK government when you don't have a physical presence there, as long as they are failing to protect their citizens with sane, ethical digital policy.

Tough pill to swallow for some, but there is no difference between irrational demands made from the government of the UK, and say, North Korea. It's everyone's choice which side of history they'd like to be on.

>>ColinW+(OP)
ELI5: Why should a US-based site, hosted on US soil and run by a US citizen, care about laws in all the hundreds of other random countries located thousands of miles away?

>>ColinW+(OP)
Related, a list of other sites which are blocking the UK or shutting down altogether rather than deal with OSA:

https://onlinesafetyact.co.uk/in_memoriam/

>>ColinW+(OP)
They also block Brave browsers entirely. I tried reading into it, but it appears to be one of those "programmer personality quirks". The fellow that runs the site appears to think Brave is a scam of some sort, and just decided to block the entire browser.

Oh well, I'll stick to HN.

>>ColinW+(OP)
https://web.archive.org/web/20250108091906/https://lobste.rs...

>>ColinW+(OP)
Is a decentralized approach to communication an effective bulwark against this type of legislation? As is mentioned in the linked thread, the act itself is extremely hard to parse, so maybe it's not even possible to know the answer. Just curious if anyone has done research from that angle.

>>ss64+E4
That's a good point, but the thing to do in that case is post the original URL and add an archive link in the thread. I've done that now (>>43152546 ).

>>do_not+A5
Because they can be arrested and extradited to UK. Not a high chance, but not zero. And a realistic one is to be arrested while traveling in Europe and extradited to UK.

>>ColinW+(OP)
[stub for offtopicness]

>>soulof+t5
Just to play devil's advocate, the relationship between the EU and the US compared to North Korea is not at all similar. I think that's why this is listed as an option:

> A statement from the US Department of State that it does not believe the law applies to American entities and a commitment to defend them against it.

>>ColinW+(OP)
As much as I hate this legislation, this is really just a small forum deciding they don't have the time to understand the legislation and therefore it's easier to block IP's from the UK (while it's not even clear if that will exempt them from liability). Fair enough but hardly earth shattering. I remember several US based websites geo-blocking all of Europe after GDPR came in (I think the LA Times was one of the biggest) and that went on for years.

We need legislation that tackles the various issues this legislation aims to tackle but in much more targeted ways. It needs to specifically target the biggest social media companies (Meta, X, Reddit, etc). Smaller forums are irrelevant. If your algorithm recommends self-harm content to kids who then go on to kill themselves it is right that you should be held responsible. "We're so big we can't be expected to police the content we host" should not be an acceptable argument.

>>seposi+Y5
Neil Brown[0] has been attending the Ofcom online sessions and asking them about Fediverse servers but they've been unhelpfully vague as to how/if/why/when they fall under OSA.

[0] https://onlinesafetyact.co.uk

>>ColinW+(OP)
Question: why pro-active block some authoritarian countries like the UK, but not others like China? Is it because only the UK passes legislation that threaten people outside of its borders? Or does China do it too and we ignore it?

>>ColinW+(OP)
As someone who self-hosts Mastodon, should I be geoblocking the UK as well?

For the record, I only host it for myself, so I'm pretty sure I wouldn't have received any of the legal protections that the OSA is now stripping away, and thus geoblocking the UK wouldn't matter. But if there's something else I'm missing, please let me know.

>>do_not+A5
Because he can face legal consequences for breaking the (local elsewhere) law. The US do the exact same, look up FATCA.

>>seposi+o6
The UK is not a part of the EU.

I also recognize the potential for legal action or criminal charges. Those are great opportunities to fight these tyrants in one of the few battlefields available to us.

As Martin Luther King, Jr. said:

"I submit that an individual who breaks a law that conscience tells him is unjust, and willingly accepts the penalty by staying in jail to arouse the conscience of the community over its injustice, is in reality expressing the very highest respect for law."

Now, it may be that Lobsters simply doesn't have the highest respect for the law, or perhaps they value their community's survival over leading by principle and securing a bright future for posterity. Short-sighted thinking, but I understand the motivation.

My comment is a call for people to consider their priorities with respect to the world we leave behind us. Taking the easy way out and avoiding conflict with an encroaching global authoritarian movement is not going to fix anything, and contributes toward an ever-darker future.

This is not a jab at Lobster, and I am glad to see them at least trying something before simply geoblocking the UK. But what if geoblocking isn't enough? What if knowing a VPN-enabled user is from the UK but not banning them is still grounds for a lawsuit or criminal charges?[0] What if more countries join in?

[0] This leads to the ironic outcome that the UK becomes less represented in the next generation of online discourse and slides further into backwater obscurity, despite being home to such rich culture and academia.

>>soulof+t5
Haven't you heard of FATCA and other similar local US laws which impact institutions everywhere in the world?

>>Red_Co+K5
Is it me, or is brave more of a cryptocurrency platform that pretends to be a browser?

A lot of people don't really like the toxic discussions that crypto usually tends to devolve in. So it makes sense to block the browser if you don't want those people on your server.

>>basisw+t6
Small forums run as hobby projects need to require little-to-no investment of time and money, or the ROI quickly goes negative and they just shut down instead.

A little while back there was the story [0] of a Mastodon admin who hated CloudFlare and its centralized protection, but found that he had no choice but to sign up for it anyway because a disgruntled user kept launching DDoS attacks and he had no other way to keep his instance online. A bunch of people here and elsewhere kept unhelpfully replying that, “you don’t need CloudFlare, you could just do [incredibly convoluted and time-consuming solution] instead”, and all of those people were missing the point: CloudFlare is “set it and forget it”, which is a non-negotiable requirement for anything which is run as a hobby instead of a full-time job.

It’s the same with this UK law: yes, you could spend weeks of your life learning the intricacies of laws in some other country, or you could just block them and be done with it. Businesses which might need revenue from UK users will do the former, but if I’m running a site out of my own time and money, I’ll do the latter. And I don’t want hobby sites to have to disappear: the Internet is commercialized enough as it is, and regulating passion projects out of existence would kill the last remaining independent scraps.

[0]: >>21719793

>>bb88+d8
I am no fan of Brave, but where is the logic here? Just because someone uses Brave, they will engage in toxic discussions on crypto? Am I missing something?

>>Adrian+36
Are there any previous cases of the UK intercepting and arresting a US citizen traveling through Europe for something that isn't a crime in the US?

>>bb88+d8
It’s my impression that it’s mostly a browser. But I don’t use it, because who needs another WebKit clone.

>>LAC-Te+b7
China probably can’t get the USA to extradite an American citizen for breaking a Chinese law. The UK can.

>>soulof+Z7
> The UK is not a part of the EU.

Ah, yes, my American brain made the association too easily. Regardless, it doesn't alter my point much, in that the US/UK relationship is still more friendly than North Korea. Of course, it may not stay that way.

> Now, it may be that Lobsters simply doesn't have the highest respect for the law, or perhaps they value their community's survival over leading by principle and securing a bright future for posterity. Short-sighted thinking, but I understand the motivation.

This argument seems to dismiss the fact that the original thread started with a statement that they do not have the financial stability to challenge such a law. Sure, they could go principally bankrupt, but what effect would such a small fry really have in the global geopolitical environment? I just don't think they have a stage that's anything close to the size of MLK's.

>>ykonst+O8
The crypto world is full of toxic.

>>ColinW+(OP)
I definitely get the proactive response here, as I’ve considered the same for my small platform. The biggest issue is the definitions of who the majority of the requirements apply to is quite hard to find. It’s buried on page 65 of this pdf:

https://www.ofcom.org.uk/siteassets/resources/documents/onli...

It defines “large service” as “a service that has more than 7 million monthly active United Kingdom users”. This is 25% of the UK population. If your service isn’t a household name, it mainly doesn’t apply to you, but the language they use makes it seem like this applies to more.

>>Analem+I8
It would be much easier for me to run a small business if I didn't have to worry about the intricacies of tax law or how the various company structures affect my liability - but that's life. If you want to do various things in life, you may have certain responsibilities. Again - I don't like this particular legislation, but if your hobby is a website where others can post content you have a responsibility that the content shouldn't be illegal or harmful to others. If you can't deal with those responsibilities you can't run the website. It's no different than being required to follow health & safety regulations in an IRL business, even if it's just my 'hobby'.

>>ok_dad+b9
Are there any examples in history of the US extraditing someone with no UK ties to the UK?

>>bb88+d8
I use Brave for YouTube and other streaming, and I've never encountered any crypto stuff. They have/had their own BAT token that dealt with paid advertising but I've not seen it mentioned in quite some time.

As far as I can tell it's just another browser that blocks a lot of internet crap.

>>do_not+W8
Would you take the risk if it were you hosting the site?

>>bb88+d8
It's you.

>>basisw+Y9
Yes, I could do that, or I could block the only country which is imposing these burdens on me, keep my website running as it always has been, and call it a day. It’s a pretty easy choice.

>>do_not+W8
There are no documented cases of the UK intercepting and arresting a US citizen traveling through Europe for an act that is not a crime in the United States.

Extradition treaties, such as the UK–US Extradition Treaty of 2003, allow for extradition requests between the two countries.

They generally require that the alleged offense be a crime in both jurisdictions ("dual criminality") which ensures that individuals are not extradited for actions that are not considered crimes in their home country.

>>Red_Co+K5
You can scroll through the lobste.rs moderation log to get in impression of how moderation on lobste.rs works:

https://lobste.rs/moderations

Also incidents like this:

https://lobste.rs/s/zp4ofg/lobster_burntsushi_has_left_site

This kind of stuff gives me hugbox vibes, i would not feel safe there. I'm somewhat sure some of the moderators use the website as personal political leverage.

>>do_not+Z9
If you commit a crime in the UK then I would expect extradition to be a genuine risk.

It's a connected world, so online activities are probably pretty grey-areas. If you defraud someone (for example) but they're in another country, where did the crime happen?

>>regula+ka
100%. I'm very confident that, even if the UK wanted to upset this decades-long geopolitical equilibrium, they would not choose a small niche tech forum with a primarily non-UK userbase as the way they make their big splash on the global stage.

>>basisw+t6
I think the legislation does not name specifically companies (that would be quite shortsighted since new apps etc appear all the time and they don't want to be updating legislation every time something gets popular), but simply says if you have more than 7 million 30-day active UK users of the user-to-user part of your site, then you're in-scope. That's quite a big audience.

>>ColinW+(OP)
As a person living in the UK, I really hope the rest of the world gives the middle finger to this pathetic extra territorial law by totally ignoring it.

They can ask ISPs to do the censorship if they really want to keep us “safe”.

>>ykonst+O8
It's probably more of a "I don't like Brendan Eich" thing, but the maintainer can't really say that without sounding unhinged.

Then again, I actively go out of my way to be toxic on the internet, so maybe they have a point

>>jjcm+T9
7 million is about 10% of the UK population, not 25%.

>>basisw+Y9
You can still be fined for 'failing to comply' with the legislation even if no objectionable content has been posted. To be in compliance there is a whole list of things you need to do, some of which are expensive.

>>ColinW+(OP)
I don't know anything about lobste.rs, but they mention lfgss and when that was discussed on HN a couple months ago the person that runs lfgss mentioned these as things they would have to do to comply:

> 1. Individual accountable for illegal content safety duties and reporting and complaints duties

> 2. Written statements of responsibilities

> 3. Internal monitoring and assurance

> 4. Tracking evidence of new and increasing illegal harm

> 5. Code of conduct regarding protection of users from illegal harm

> 6. Compliance training

> 7. Having a content moderation function to review and assess suspected illegal content

> 8. Having a content moderation function that allows for the swift take down of illegal content

> 9. Setting internal content policies

> 10. Provision of materials to volunteers

> 11. (Probably this because of file attachments) Using hash matching to detect and remove CSAM

> 12. (Probably this, but could implement Google Safe Browser) Detecting and removing content matching listed CSAM URLs

A lot of those sound scary to deal with but upon closer look don't actually seem like much of a burden. Here's what I concluded when I looked into this back then.

First, #2, #4, #5, #6, #9, and #10 only apply to sites that have more than 7 000 000 monthly active UK users or are "multi-risk". Multi-risk means being at medium to high risk in at least two different categories of illegal/harmful content. The categories of illegal/harmful content are terrorism, child sexual exploitation or abuse, child sex abuse images, child sex abuse URLs, grooming, encouraging or assisting suicide, and hate.

Most smaller forums that are targeting particular subjects or interests probably won't be multi-risk. But for the sake of argument let's assume a smaller forum that is multi-risk and consider what is required of them.

#1 means having someone who has to explain and justify to top management what the site is doing to comply.

#2 means written statements saying which senior managers are responsible for the various things needed for compliance.

#3 is not applicable. It only applies to services that are large (more than 7 000 000 active monthly UK users) and are multi-risk.

#4 means keeping track of evidence of new or increasing illegal content and informing top management. Evidence can come from your normal processing, like dealing with complaints, moderation, and referrals from law enforcement.

Basically, keep some logs and stats and look for trends, and if any are spotted bring it up with top management. This doesn't sound hard.

#5 You have to have something that sets the standards and expectations for the people who will dealing with all this. This shouldn't be difficult to produce.

#6 When you hire people to work on or run your service you need to train them to do it in accord with your approach to complying with the law. This does not apply to people who are volunteers.

#7 and #8 These cover what you should do when you become aware of suspected illegal content. For the most part I'd expect sites could handle it like the handle legal content that violates the site's rules (e.g., spam or off-topic posts).

#9 You need a policy that states what is allowed on the service and what is not. This does not seem to be a difficult requirement.

#10 You have to give volunteer moderators access to materials that let them actually do the job.

#11 This only applies to (1) services with more than 7 000 000 monthly active UK users that have at least a medium risk of image-based CSAM, or (2) services with a high risk of image-based CSAM that either have at least 700 000 monthly active UK users or are a "file-storage and file-sharing service".

A "file-storage and file-sharing service" is:

> A service whose primary functionalities involve enabling users to:

> a) store digital content, including images and videos, on the cloud or dedicated server(s); and

> b) share access to that content through the provision of links (such as unique URLs or hyperlinks) that lead directly to the content for the purpose of enabling other users to encounter or interact with the content.

#12 Similar to #11, but without the "file-storage and file-sharing service" part, so only applicable if you have at least 700 000 monthly active UK users and are at a high risk of CSAM URLs or have at least 7 000 000 monthly active UK users and at least a medium risk of CSAM URLs.

>>ss64+2g
Which things are expensive?

>>seposi+G9
Yeah, regarding small forums, it only works if everyone participates at once. This situation is a classic prisoner's dilemma.

>>randun+38
I have very complex and mixed feelings about US tax law in general as it stands, and I certainly do not condone the current state of US foreign diplomacy in general, nor how our economic situation after Europe was shattered by war led to increased international economic control and influence, and economic consolidation under the dollar.

>>bluefl+Wa
I used to have an account on that site as well and left for the same reason: repeated messages telling me I had been flagged and I needed to reconsider when I dared to venture too far outside the desired narrative. There will be many others who have made or will make the same decision which leaves sites like this with a population which is mostly ideologically cohesive. Maybe that is a good thing for those sites and maybe the participants feel 'safe' in such an environment but it surely is lacking in stimulating curiosity and widening one's intellectual horizon.

>>ColinW+(OP)
Related ongoing thread: In memoriam - >>43152154

>>ok_dad+b9
The UK can't even get the USA to extradite an American woman who was driving on the wrong side of the road and killed a child.

The US-USA extradition treaties have always been one way.

>>hagbar+Cn
Sounds familiar, except here there's no notification when you get flagged/deaded/shadowbanned.

>>420_14+3q
At least HN allows you to come back under another name and with that is less at risk of totally succumbing to the echo chamber mentality. It also does not tie new users to existing ones nor are existing users who happen to invite new users who are deemed to be 'problematic' punished for those invitations.

>>ok_dad+b9
Yeah that makes sense.

I thought extradition laws usually had some kind of clause like "only applies if it'd be a crime in both jurisdictions", but now I think about that I can't remember where I heard that or why I think it so I will admit complete ignorance.

>>Red_Co+K5
This is why Brave was blocked [1.]. I'd have felt the same way, and people are entitled to their grudges. I think the grudge is reasonable.

[1.] https://github.com/lobsters/lobsters-ansible/issues/45#issue...

>>hagbar+sr
> At least HN allows you to come back under another name

You can also come back under the same account, which is what I did. I emailed dang, and promised to respect the site's guidelines this time.

Lobste.rs on the other hand has terrible moderation, with moderators arguably being from one political clique. You can find details about the ridiculous ban they issued on my account in this X thread: https://x.com/sridca/status/1751586241110519837

pushcx then tried to argue with me here after 3 months, lying about the ban: https://news.ycombinator.com/item?id=40166912#40176320

>>kmeist+c7
I would as a matter of principle, but also just to be safe.

>>randun+u7
That's a bit different though. If it was similar, he would just be blocked from interacting with the US at all. FATCA doesn't require arrests of non-US people breaking the law, it just harshly punishes those who do by excluding them from the US and holding a 30% amount of any money. (Note: I oppose FATCA in its entirely, just pointing out the difference here).

>>basisw+Y9
> but if your hobby is a website where others can post content you have a responsibility that the content shouldn't be illegal or harmful to others

I’m not entirely sure I agree with this sentiment. It certainly isn’t true from a legal standpoint in America, where section 230 explicitly absolves you from any such responsibility. I also don’t think most of the objections to the OSA center around a need to remove child pornography, but instead the fact that you are forced to employ technological measures that don’t currently exist to remove child pornography. All of this is a little besides the point though because…

> If you can't deal with those responsibilities you can't run the website.

I absolutely can. If the law is unreasonable, I can block all users from the host country, and keep running my website. Which is exactly what Lobsters and a lot of other people are choosing to do.

>>acaloi+xE
There's millions of much stronger reasons to hold grudges against Google and Microsoft, yet their browsers are somehow fine? It's incredibly arbitrary. For what it's worth I think crypto has been a scourge on society so I'm not making this point for any crypto shilling reasons.

>>ColinW+(OP)
Lobsters blocking UK users because it's a highly reactive hugbox*

>>tzs+9h
Hiring lawyers, attending compliance training courses, writing software to scan for CSAM, modifying your website so that it can verify the identity and age of every poster.

>>maeil+I11
Not only is not "incredibly arbitrary" for lobsters to respond in kind to Brave's specific, targeted action against lobsters -- it's not arbitrary whatsoever.

>>ColinW+(OP)
The UK saftey act is horrific. I guess that would invalidate any UK based SSL certs? I just don't really get how they plan to enforce any of this... but if anyone could make math illegal its the UK.

>>Adrian+36
Idk about you but I tend to avoid travel to police states and places where being rude is a crime.

Extraditing someone because their website uses encryption would force them to prosecute so many people and organizations it would be a joke. You would have to really piss them off.

>>srid+2I
Yes, well, I probably would be lying if I did so so I just reincarnate instead. All my bans have been over the same thing, this me not following the 'west coast narrative' in some clearly political discussions. I can't promise to say what I consider to be closer to the truth and I do think sites like these are better off with a more diverse [1] group of participants so I'll just settle for a short lifespan while I wait for the place to become more accepting to different viewpoints.

[1] diverse in the only way which really matters, this being diversity of opinion. On the internet nobody knows you're a dog after all.

>>tzs+Qg
I'd like to make a prediction:

The requirements will be modified to include a larger number of sites whenever the government may find this to be convenient. The MAU will limit will be reduced, and/or the scope of "illegal/harmful content" will be expanded.

>>jjcm+T9
Many of the requirements apply to services of any size. This is why I will be blocking UK access to my little service (hosted in my home in the UK) when the act comes into force.

>>ss64+EH1
The compliance training requirement isn't that you attend training. It is that when you hire people to design or operationally manage your site you train then in how the site handles compliance. It also only applies to large sites or multi-risk sites.

The scanning for CSAM only applies to (1) large sites that are at medium or high risk for image-based CSAM and (2) services that are at high risk of image-based CSAM and either have more than 700k monthly UK users or are file-storage or file-sharing services.

I might have missed it but the only age verification requirement I'm seeing is that if the site is a large service that has a medium risk for grooming or it has a high risk for grooming and it already has a means to determine the age of users, then the site has to do some things like when recommending new contacts not recommend connections between adults and children and not allowing adults to send unsolicited DMs to children.

A small to medium sized forum site that is already doing to kind of monitoring and moderation that you have to do to keep your site from being completely overrun with spam and off topic material shouldn't really have to make many changes. Mostly it will just be writing some documentation.

>>regula+ka
It's probably an order of magnitude smaller than the risk of getting into trouble in more or less any country for not effectively keeping tabs on the kind of content that's being posted in the forum you're hosting.