Ask HN: Online activities to be made impossible by the UK Online Safety Bill
I thought it might be interesting to compile a list of things which it might be impossible (or at least very difficult) for a private individual to do under the Online Safety Bill.
Starters for ten:
1) Minecraft / MineTest server 2) IRC server 3) Mastodon server 4) BBS 5) ... please continue
I'm not fully sure about all this - as I understand it, if you allow chat or user generated content, you become a private service provider, and then have a host of responsibilities including annual audits of whether a significant proportion of your users are minors. If they are then you need to use a (commercial?) age verification tool and monitor everything assiduously. Difficult to see most people being able to satisfy those requirements.
109 comments
[ 2.9 ms ] story [ 172 ms ] thread1. I think the lines have jitter now they're over IP anyhow.
2. Bit niche...
On the other hand, it could assume much less noise than an analogue phone line.
https://area-51.blog/2021/01/16/getting-a-dial-up-modem-work...
VoIP codecs are heavily optimized for human voice and have just a few kilobits of bandwidth. The analog phone network, before it went entirely digital, had a much higher bandwidth which is why modems were able to reach 56kbps. Phone calls in the 1980s were often crystal clear, almost on par with a broadcast radio station. Cell phones today along with VoIP are a muddy unintelligible mess in comparison.
ime both can be shitty or "crystal clear" but i totally agree that having a cell phone call today, with worse quality than an cross-continent analog connection in the 80s is very depressing
If quality means low latency and low jitter, and you can get T1/E1 digital telephone service, circuit switched end to end, that's almost certainly the lowest practical latency and jitter. It'll cost real money and you might not like the 8000Hz 8-bit sampling. ISDN calling is pretty much the same thing, but you only get two voice lines instead of 24 or 25.
If that's not an option, but low latency is still important, a solid wired connection with g.711 SIP is pretty close, but packets are 20ms of samples, so that adds to your baseline latency. G.711 is basically the same codec as used for t1. And internet jitter is probably not zero, but if your connection is well provisioned it's often not that bad.
If you want a wider audio band, maybe try to get SIP with G.722.2 (AMR-WB), this is the same codec used for 'HD Voice', and I don't think it adds too much delay.
That is actually completely false. The way that speed was achieved was by using multiple bits per symbol encoding (bitrate != baudrate), not by having some mysterious unused bandwidth available. This was the case for speeds above 4800bps up to 33kbps (V.34).
56kbps (V.90) was only possible with PCM (digital) modulation, while the actual symbol rate on the line was still only about 8000Bd - i.e. about 8kHz, which is about the maximum for a typical landline.
This is all due to how a typical phone line works and that there is a very strong attenuation of higher frequencies due to parasitic capacitance and inductance of the wiring.
I am not sure where do you live and what kind landline phones you had but modern digital cell phone codecs are light years ahead of the sound quality we had on land lines in 80s, esp. when calling long distance.
There is certainly a lot more nuance to reality than my blanket statement was meant to imply but I assumed that went without saying. But I believe the underlying gist is accurate. Fancy encoding techniques got us quite far on analog phone lines, but my point was that attempting to transmit digital information over a highly-compressed audio stream optimized within an inch of its life for a small subset of human vocal sounds is going to be MUCH slower than over the analog phone lines of yesteryear. And at the end of the day, there is no substitute for bandwidth. Take it up with Claude Shannon if you like.
> I am not sure where do you live and what kind landline phones you had but modern digital cell phone codecs are light years ahead of the sound quality we had on land lines in 80s, esp. when calling long distance.
I lived in the Midwest US (and then later the West, with frequent calls across the country) and I quite distinctly remember the audio quality of POTS being quite good overall. Of course, not EVERY call was great. Some exchanges were noisy, some people's local loop or wiring in their house had issues, and some phones themselves were just garbage. But it mostly sounded great.
I'll grant that cell phone audio is more tolerable now than it WAS but it certainly was so bad for a while that from the early 2000's to the early 2010's, I pretty much only used cell phones for emergencies and actively avoided calling people on their cell phones if I could. The resulting audio was so distorted and muddy that I often could not understand the person on the other end. If it was someone I knew, I could often infer what they were saying from their speech patterns. But if it was someone I didn't know, or if they had a thick accent, there was always a lot of, "Can you repeat that again, more slowly this time?". I only cancelled my analog phone line after POTS network providers started switching their internal systems to VoIP (or something like it), bringing along all the same disadvantages of the bandwidth-constrained cell network.
Latency was also terrible, and continues to be. The analog POTS circuit-switched network was (modulo an audio buffer or two) speed of light. Modern digital voice communications buffer like crazy and up to two seconds of latency is extremely common. Maybe I'm an outlier as most people don't seem to notice but for some reason, even a half-second of latency is enough to make a conversation extremely awkward for me.
Call it IPOVOIP.
UK POTS is switching over to an IP based network, so does the bill specify the internet or ip based network?
If you submit a GDPR to your local constabulary, every phone call in the UK has a unique call identify much like a GUID now. Its quite insightful seeing just how much info is given out regarding the phone system capabilities via GDPR requests.
https://en.wikipedia.org/wiki/Li-Fi
https://www.taylorwessing.com/en/interface/2022/the-online-s...
Any Non Specified Entity uploading any data which could be accessed by another Non Specified Entity with or without public access is bound by this bill.
Can be used or accessed from the UK. This might be the UK expanding beyond its borders here, because its a given if it not geo restricted it it could be used in the UK. VPN's/Tor may not be able to offer privacy from the state which is my opinion anyway.
Applies to all services with a "significant" number of UK users. No definition of significant so dont know if this is the same use of the word significant found in medical studies or not.
Definition of search engine is a service which can search more than one website or database.
Largest players now have a legal duty to prevent paid-for fraudulent adverts on their service and other regulated content.
Clarification on identifying the users of the service, ie profile pics and other identifying data.
Exempt specified entities:
--------------------------
Software like antivirus, antispam cloud/online submissions where said data is never likely to be used for communication purposes but might be analysed to improve the performance of said software function, ie reverse engineering stuxnet, latest spam techniques.
Published Content with commenting for the content, ie online newspaper comments. Posting a link, with or with comments, including like, dislike buttons and emojis of Published Content to another Non Specified Entity.
SMS & MMS messaging.
Services solely used for specific tasks like education, childcare and possibly health care.
One to One Aural (realtime speech and sound only guessing telephone) communication with identifying data allowed with no additional data communication functionality like visuals, text messaging. No mention of recording said Aural data.
Any public body carrying out their public duty.
Any internal business resource or tool, like company message boards, company chat facility's in all forms. No mention of recording data, would assume business includes official organisations like charities, but not clear.
No mention of private paid for programming language groups which can be accessed using a password of sorts and costs
Case by case reviews and changes made by the secretary of state so the exemption list will probably grow.
So my opinion on the above is if you are a big (US) tech service, you can self regulate, but little users will be watched by the UK state as no one can be trusted. Other laws apply where applicable.
At any rate situations like these are what partially motivated me to write something like this: https://github.com/prettydiff/share-file-systems/blob/master...
1) we're talking about the legal situation, not what would be physically possible;
2) that it applies to citizens, not server location (otherwise affected companies wouldn't be saying they'll exit the UK market, they'd just serve UK users from a further away but friendlier 'edge')
Has Ofcom actually said what these regulations will be?
Is there any reason to expect them to be as dystopian as you predict? The interim codes of practice that the government published don't even apply at all to individuals. They also acknowledge that smaller companies should not be expected to be subject to the same level of regulation as large companies.
My experience with online activists' predictions of imminent dystopia is that they generally turn out to be extremely overblown. Hopefully that's true this time as well.
"[following amendments] The OSB continues to apply to any service that enables content generated, uploaded or shared by one user to be encountered by another user (user-to-user services) or that allows users to search more than one website or database (search services)."
My point is that there is no reason to think the regulations that eventually come into force for services which aren't exempted will be as ridiculous as you suggest.
I agree that the OSB gives Ofcom the power to regulate Minecraft servers, but those regulations must be reasonable and proportionate so I don't believe that it will affect a private individual running a private server, as you appeared to suggest.
What I don't see is the bit where it says that the audit responsibilities are limited to certain people or companies.
If you could point to the "reasonable and proportionate" bit in the legislation that would be interesting to check out.
The questions in my opinion then become,
Is it the law preventing these? Is it some people not yet seeing why they should do it? Are they purposefully not doing it initially to calm people?
If they don’t want to be able to do it, it could be rephrased.
These activists are claiming that the government is secretly intending the speed limit to be 1mph. The government are trying to ban driving!! The activists are demanding the enabling legislation be amended so that the speed limit, when set, must be no lower than Xmph.
But all this does is force all regulation to be done in primary legislation.
The debate about what the regulations should be is separate to there being a regulatory system at all.
It is right that the primary legislation just lays out in broad terms that the regulations must be "reasonable" and "proportionate" etc because it's only real purpose is to allow those regulations to be challenged in court in future.
And of course you seem to have to perform an audit to determine how many child users you have in order to be exempted.
Again, this is my reading of the very complex bill. The article from Taylor Wessing seems to concur though.
And the actual, practical meaning of these responsibilities will be defined in a yet-to-be-published Code of Practice...?
Encryption in communication is, to me, akin to the locks on the doors of your residence, on safes or other secure containers. It protects your privacy from prying eyes who want to snoop on what others are doing.
The activists are claiming that the government wishes to require that all locks be unlockable by one of a range of secret "master" keys, so that they can ensure you're not privately doing anything illegal. Not only that, but the government also wishes to institute a compliance regimen to ensure that all locks are indeed actually openable by these master keys.
Given the historic behavior of all governments, I don't trust them not to claim the most powerful interpretation of the laws and regulations that are instituted. Maybe not at first, but it will happen, because it has always happened this way.
The government doesn't care about the technology; it's all about corporate processes, and they're going to regulate it one corporation at a time. If you're not important to be asked to appear before a House of Commons Committee, you're not going to come to Ofcom's attention.
Sure. You are either demanding the impossible - or effectively banning encryption use because there is no other way how to comply with what the law demands, despite it ostensibly not banning anything.
So that's rather disingenuous argument, IMO. The problem is that the governments not only don't care about technology, they don't understand it either. And tend to imagine and demand things that are about as realistic as a square circle - but it is a law, we don't care how you do it, it is your problem!
I would prefer the bill not to be enacted, but I can live with it.
Or anyone who criticizes those in power
Previous laws relating to policing and investigatory powers have been widely criticised by civil rights groups for their overreach and lack of effective oversight and safeguards. We now know that some of those laws have in fact been abused in ways the critics predicted.
Secondary legislation has been widely criticised when used as a vehicle for government ministers to make rules with statutory authority while bypassing the usual requirements for Parliamentary scrutiny and approval of new laws. Our Home Secretary is currently attempting to use secondary legislation to implement controversial immigration policies after essentially the same measures were already explicitly blocked by Parliament when they were put forward via primary legislation.
So yes - there are unfortunately plenty of precedents both for broad legal powers being abused and for secondary legislation being used to circumvent our normal democratic processes for scrutinising and approving controversial measures.
There also seems to be no good reason to assume that the regulator that would be given these new powers and responsibilities actually has the necessary resources or expertise to understand the issues and perform their new role properly.
None of this looks encouraging and for rules that could have a profound effect on (among other things) our personal safety and the democratic integrity of our country it seems fair to question whether passing a very broad law that delegates the implementation details to a regulator that may or may not be competent to regulate these areas is really a good idea.
What are you referring to here?
There is absolutely no legitimate justification for local authorities dealing with those kinds of issues to have access to the kinds of lawful surveillance and intrusion powers that RIPA is primarily concerned with. Even if you accept that those powers are justified and necessary in cases such as imminent national security threats or investigating organised crime that still doesn't explain why so many organisations that are not the police, security services or perhaps HMRC need them.
https://www.parliament.uk/business/news/2022/april/have-your...
>The Bill has five policy objectives:
> to increase user safety online.
> to preserve and enhance freedom of speech online.
> to improve law enforcement’s ability to tackle illegal content online.
> to improve users’ ability to keep themselves safe online.
> to improve society’s understanding of the harm landscape.
I guess UK government has solved all the issues include salaries inflation and ever rising price of living so they can finally go "preserve and enhance" freedom of speech.
This reminds me of UK's 90% tax rate, which caused many multi-millionaires to leave the country.
https://en.wikipedia.org/wiki/History_of_taxation_in_the_Uni...
"The highest rate of income tax peaked in the Second World War at 99.25%. It was then slightly reduced and was around 90% through the 1950s and 60s.[citation needed]
In 1971 the top rate of income tax on earned income was cut to 75%. A surcharge of 15% kept the top rate on investment income at 90%. In 1974 the cut was partly reversed and the top rate on earned income was raised to 83%. With the investment income surcharge this raised the top rate on investment income to 98%, the highest permanent rate since the war.[14] This applied to incomes over £20,000 (£221,741 as of 2021).
The Government of Margaret Thatcher, who favoured taxation on consumption, reduced personal income tax rates during the 1980s in favour of indirect taxation. In the first budget after her election victory in 1979, the top rate was reduced from 83% to 60% and the basic rate from 33% to 30%."
According to the history linked below, the super-tax/surtax was started in 1909, taxed only the top 0.05% of earners, and caused a constitutional crises as the budget was rejected by the House of Lords:
https://www.nuff.ox.ac.uk/Economics/History/Paper43/43atkins...
1972 - 2023 UK is powerless and poor.
I don't like 99% tax rates, correlation is not causation, but the decline is real.
“provider content” means content published on a service by the provider of the service or by a person acting on behalf of the provider.
It's unclear if there's a difference between hosting your own blog, or using a blogging service, because the bill is terrible.
The Online Safety Bill bans nothing. What it does do is create a regulatory framework for the Office for Communications (aka Ofcom, HM Government's regulator for the communications industry) to operate and enforce. The regulatory framework is based around risk assessments, and sets out specific risks (of the sort that most people would agree need to be minimised). Ofcom is empowered to decide that internet services are within scope, and then demand to see policies relating to ameliorating those risks within a service.
The regulatory framework does specify that end-to-end encryption is incompatible with the reduction of these risks. However, we do have to play the ball and not the person of unspecified gender here.
We are, after all, talking about the UK here. The phenomenon of 'those whom the law protects but does not bind, and those whom the law binds but does not protect' is still very much in effect here. This legislation has also been proposed by a government that responds to increasing crime (caused by insufficient police officers) by giving those police more powers (that they don't have the resources to exercise).
Ofcom has wide-ranging responsibilities: it regulates the press and broadcast media, it allocates EM spectrum bands, it regulates the telephone network, and regulates the Royal Mail. Like all organisations in the Home Civil Service, it is staffed by a core of 'generalists' with humanities degrees, assisted by a small cadre of 'specialists', who are put back in their cupboard once they've given their opinion.
What this all means is that the bill will only have the effects that the government has said it will in its press releases. Ofcom will go after the big social media companies and the likes of 4chan. Your Mastodon server or your Gitea server or your corner of the Tildeverse or whatever will never appear on their radar. Ofcom won't have the budget or the resources to go after individuals or small communities; they won't even know you exist.
In the UK, an energy bill or council tax bill is an important identity document, necessary for opening a bank account, because any time someone starts talking about identity cards, the readers of the Daily Telegraph start muttering about the Gestapo. Ofcom isn't going to audit your homelab for online harms.
> What this all means is that the bill will only have the effects that the government has said it will in its press releases.
I don't really believe that for a second. Whenever sweeping powers are introduced, there is scope creep. Just look at how anti-terrorism laws have been abused. And it seems Apple and others don't believe it either.
> And it seems Apple and others don't believe it either.
Yes, Apple, Google, Microsoft, Signal, Meta, and all the other big players else who has turned up to the committee hearings will have their activities curtailed. Individuals running Minecraft and Mastodon servers for their friends needn't worry.
Because they're too insignificant to matter, or because they won't be covered by the law? It sounds like the former, but you seem to imply the latter.
Maybe it is me, who has already lived under a very similar set of laws and know that corporations are always the least hit by such laws. These are instruments that infringe on basic individual rights such as right to privacy. These instruments create systemic significant incentives to corruption, totalitarianism, (corporate and international) espionage, and so on.
Rights groups, activists, whistle-blowers, prosecuted or rather marginalised minorities, and other legitimate groups and individuals are going to be impacted by this.
Underplaying this is incredibly naïve and downright dangerous.
Good lord! That's the same logic one may employ as a criminal, say.. an inside trader!
Well of course you won't get nabbed, if they don't know!
So as soon as you do anything interesting, protest, stand up for a right, displease a cop, upset the wrong neighbour, you'll be noticed, eh?
What a great law!
Congrats, you made my neighbours wonder why I'm yelling at myself(seemingly) again.
"Poor bbarnett, yelling in his empty house again, wonder when they'll take him away Marge?"
This is a rather incredible mindset to have, IMO. Even for me who doesn't quite subscribe to the constant Big Brother panic.
This law gives the government a huge loaded gun that they can use to blast pretty much anyone they please with. But no worries, they aren't going to use it on you because you are too unimportant?
And that still completely ignores the various collateral damages - such as if encryption is effectively outlawed because the regulatory hurdles associated with it are simply too high to bother with (just look at how many US websites rather block access from the EU instead of having to deal with GDPR compliance), then even if you aren't a target for the enforcement of this law your life could be very badly affected when your service provider gets hacked or your data get intercepted and some account of yours gets hijacked.
When they suddenly do know you exist, for example because you started protesting about human rights, or climate change, or excessive governmental investigatory powers, or whatever, suddenly someone can show on your doorstep saying “Well well well, what have we got here then” and sucking their teeth.
Your argument isn’t only ill informed, it’s actively dangerous. Shame.
>Legislation is only as powerful as those enforcing it.
While this is generally true, it doesn't necessarily stop the provisions within the bill being used as a political weapon to wield against someone.
In other words, just because it's generally not used against small fry, doesn't mean it won't be used as a club against a particular small fry that's a thorn in the side of someone politically or judicially connected.
But with 10% more votes, this power will go into the hands of Le Pen ... and everyone, including Macron, knows what will happen.
(hell, I kind of suspect this is intentional on Macron's part. He wants to get re-elected by making the alternative to electing him catastrophic. It worked last time, sure, but obviously it needs to become more catastrophic if he's to be reelected)
Also Macron cannot be re-elected in the next elections as there is a term limit.
Context matters, and given the context of where we are as a country at the moment, how trustworthy our current government has (not) turned out to be, and even where they are in the election cycle - currently heading for being out of office for a decade - not to mention them pushing to leave the European convention on human rights, I'm a lot more concerned about the potential dangers of this bill than I might have been in a different context.
Even if you're right and I'm wrong, this statement seems a bit naive! (with respect):
> the bill will only have the effects that the government has said it will in its press releases.
Edit: I tend to put a lot of stock into analysis put out by the EFF [0]. I think they said it well here:
> If it passes, the Online Safety Bill will be a huge step backwards for global privacy, and democracy itself. Requiring government-approved software in peoples’ messaging services is an awful precedent. If the Online Safety Bill becomes British law, the damage it causes won’t stop at the borders of the U.K.
[0] https://www.eff.org/deeplinks/2023/07/uk-government-very-clo...
But I will think this quote from one of the bill's most dogged critics is illustrative[0]:
> ... this Bill, whatever DCMS and its ministers may claim, is not a “fixing” Bill, one which has been designed to be constructive and positive in order to fix problems. It is a “getting” Bill, once which has been designed to be vindictive and negative in order to get specific companies. OnlyFans in this particular example, the usual suspects in others.
> The second is that this Bill has been designed by people who are so out of touch that OnlyFans is their idea of the average small digital business.
> And the third is that this Bill has been designed by people who are so out of touch that they think the harms issues raised by OnlyFans are the harms issues in the average small digital business.
As for your distrust of the government, my opinion on this comes from that same position. My complacency rests not on their goodwill (because I don't think they have any) but on their disinterest in actually understanding anything.
[0] https://webdevlaw.uk/2022/07/13/heres-why-your-project-is-in...
Ok we definitely share common ground on this point then :)
I think it's worth remembering the equal amounts of - what could have been described as - "hyperbole" by remainers about what Brexit would really mean for the country, leading up to that vote. Much of the concern expressed was dismissed or downplayed, and though I voted to remain, I too actually thought the case against Brexit may have been made too strongly at the time. Well I was wrong about that - and many leave voters would also agree now that a lot of those forewarnings turned out to be correct, and in some cases, worse than predicted.
Brexit has had the negative impact on the UK that it has, due to two things. One of those is debatable; whether it was actually a bad idea from the beginning - (I personally think it was) and the second reason is not debatable at all: its very poor implementation by the Government.
The Online Safety Bill also may turn out to be a terrible decision for one or both of these same reasons: a) it was a poor concept b) it was implemented badly by the government. We only need one of those to be true for things to go badly. I worry that both will turn out to be true.
It provides a legal mechanism for authorities to require that individuals disclose encryption keys for encrypted data that was legally obtained or intercepted (i.e. with a warrant) by those authorities, and there are penalties (jail time) for refusing to do so.
The worry at the time was that random data is indistinguishable from encrypted content, so there might be times when people are jailed when they don’t even have the keys because there’s no encrypted data - just random bytes! Or, what happens if you lose the keys?
The reality is that there’s a court system that ‘regulates’ all this. No-one is going to be jailed unless the courts find that they are not providing keys they really do have. Of course, in a conspiracy where the authorities and the courts are all colluding, they could jail people pretending that they knew they had the keys - but there are far easier ways for the authorities to do this than some elaborate scheme with fake encrypted data.
At the time I was fully convinced that it was a step down a slippery slope to authoritarianism. Really, it was just bringing the ‘virtual’ world into line with the physical one.
[I suspect there are a few here who were also around at the time and still believe it’s all a nefarious governmental plot - I’d ask them to show where, in the 23 years since it passed, harm - or suspicion of harm - has happened].
Now, maybe this is different. I certainly don’t want end to end encryption to be banned. But there’s a bit of a ‘cried wolf’ happening in my brain.
A person received a 16 week prison sentence for not disclosing a password. In the context, it’s possible that had he disclosed the password, police would have discovered material that would have attracted a far more severe punishment.
So one might argue that the RIP was too weak, and failed to compel disclosure of the password (four months in jail is light in the circumstances).
He was accused of murder. Ultimately, he was found guilty and sentenced to 33 years: https://www.hampshire.police.uk/news/hampshire/news/news/201...
And then there's the other direction, which I must confess I thought would have involved the RIP Act but ultimately didn't, instead it used anti-terrorism legislation.
A French employee of radical French publishing house that the French government is very cross with, arrived in Britain for a book fair. He was arrested and held for 24 hours using anti-terror legislation. The cops also confiscated his phone and laptop, and held onto them for more than 10 weeks, and they threatened him "with never being able to travel overseas if he failed to hand over a password to his confiscated iPhone and MacBook": https://www.theguardian.com/uk-news/2023/jul/21/police-watch...
The general concern is that France is not allowed to do that, so asked Britain to do it for them, and Britain did it. There wasn't even a hint that he'd broken the law in Britain, and all that was wanted was for the French government to get ahold of the contents of his phone and laptop. Perhaps this is the only reason (that they had absolutely nothing on him) that they didn't twist the knife and use the RIP Act to imprison him simply for not unlocking his devices for them: https://www.theguardian.com/uk-news/2023/apr/19/french-publi...
Of course it will when your gitea or mastodon instance is in the right crosshair. Do we just surrender rights on a hope this time we can stay under the radar? If you are not a terrorist or a pedophile you have nothing to worry etc. When you disagree enough you will become a terrorist. That's the reality in my country because it works an have worked for centuries.
>Ofcom won't have the budget or the resources to go after individuals or small communities; they won't even know you exist. >Ofcom isn't going to audit your homelab for online harms.
Pinky promise?
Not sure what your deflection is in aid of.
The basic principle is that what people do online can have negative consequences in the real world, and the bill basically holds online service operators (such as yourself) at least partially responsible for those negative consequences. Operators need to demonstrate that they're mitigating those consequences risk assessments and policies.
Judging by your profile, you're offering e2ee to family groups, so your intended users are low-risk for sending harmful content. However, your service is freely available to anyone with the app, so it could potentially be used by terrorist organisations, gangs or CSAM sharing groups. e2ee services like this are pretty much the only service that is outright incompatible with the requirements of the bill, so I think you'll be in trouble as soon as Ofcom comes knocking, if they do so. I think the chance of them doing so is small, but that's just my personal opinion, and you will have to make your own decisions.
The family tree and calendar features look like they're low risk, and could be adequately covered by risk assessments, but the file and photo sharing features are also problematic, because (I think) they're encrypted.
You're very unfortunate to be at the intersection of the three factors that could make Ofcom care about you:
* service freely available to the public; * arbitrary user-to-user communication; and * no means of checking for harmful conduct on your service.
The only way forward that I can see for you is to make the backend a selfhost-only affair, which would make your UK-based users responsible under the bill.
[0] https://webdevlaw.uk/about/
Like, imagine you're running a team developing an end-to-end encrypted application in Britain, and you're seeking funding. The potential investors are going to ask what your plan is to not get owned by this bill, you won't have a good answer outside of "hope they don't notice us", and they won't invest. This happens merely because the British government publicized the Online Safety Bill, and exactly zero enforcement effort was required to stifle the funding, development, and subsequent use of this hypothetical application.
Anyhow, the short of my point is that government laws have a ton of power to shape behavior outside of prosecuting people, and sensible risk-management shapes the behavior of non-government bureaucrats and decisionmakers.
They depend on a 5 year old's view of the world where there are "good guys" and "bad guys" and nobody is a bit in-between. They also use the same oversimplification that economists are famous for - that everyone has perfect information, acts completely rationally, has infinite motivation, etc. etc.
In the real world, criminality is a spectrum and difficulty is a real thing.
and usually the issues with results are not because information asymmetry
Just curious, do you support the death penalty?
Unfortunately if you're a tech hobbyist in the UK your best option is to leave, especially if you're any good with technology. There are plenty of other countries that will treat you far better than the UK ever would.
For those who want to read more, there's a great archive site here: https://clp.bbcrewind.co.uk/history and an interesting book from MIT Press (https://mitpress.mit.edu/9780262034036/now-the-chips-are-dow...) which covers this period.
And then I just block the UK instead, let's hope this just doesn't go through.