63 comments

[ 3.0 ms ] story [ 38.1 ms ] thread
A shame the ruling party is indistinguishible from the Tory they were voted in to replace.
I think they probably should not have implied its accessible via VPN, the UK might still go after their asses for having UK users even with the IP block
How can they even enforce this? What happens if you run a plattform in let's say Germany and just tell them to fuck off, UK Law is of no interest to me.
I decided I will block signups to my web platform for UK users as well. Just because I don’t understand any of the requirements.
The law could be renamed to "Use VPN Act", this is the actual consequence..
I get both sides. Kids need some sort of protection online. But the UK law is maybe too harsh for small companies. Also hinting at VPN use to bypass the law isn't smart legally.
“if people find other methods to access the site, that is entirely on them - there are no legal consequences for users.”

For a site operator who seems really concerned about potential liability under this law, I sure wouldn’t have put this in writing. Feels like it really undermines the rest of the post and the compliance measures being taken.

Thats ok, i probably wouldnt use a site that uses ghbili style ai generated thumbnails anyway
Um this website offers LLM-powered chat bots that can simulate pretty much any situation the user wants, and most of the content appears to be sexual in nature.

I’m no prude, but I think this is a not-great thing to expose kids to, and the UK government is maybe not-terrible to want some sort of way to gate kids’ access.

Quickly spin up a VPN (with LLM help) and georedirect UK users to said VPN page.

Problem solved.

There's a explainer of the act here:

https://www.gov.uk/government/publications/online-safety-act... .

From what I'm reading, Amazon will have to implement age-checks over 8/10 of its book inventory, with the other 2/10 opening the company for liability about the very broad definition of "Age-appropriate experiences for children online." And yes, janitorai is correct that the act applies to them and the content they create, and a blanket ban to UK users seems the most appropriate course of action.

For what is worth, the act does not seem to apply to first-party websites, as long as visitors of that website are not allowed to interact with each other. So, say, a blog without a comment feed should be okay.

The way these laws and regs don't even consider the provider size is aggravating. Doubly so because they always use "big bad provider" and think of the kids as populist support gaining strategies, but in the end the same big providers benefit. They have the billions to spend on everything from lawyers to fiscal optimisation, and they rake in the entire market since they're the only ones left to serve that market.

That's happening with the AI act here as well. Almost no-one wants to even touch the EU shitshow and they're still going forward with it. Even Mistral was trying to petition them, but the latest news seem like it had no effect. Fuck us I guess, right? Both consumers and SMBs will lose if this passes as is.

“this is not just content moderation - it is a complete regulatory framework that assumes every platform is a tech giant.”
bro is making 0 sense and I think he fucked something up and he is trying to pin it on the legislation than himself.

it's an extremely trivial thing to do and the ofcom guidance is very easy to follow.

the UK has been a swirling toilet bowl for free speech for years... unfortunately it seems to have accelerated.

I really dont understand why parents don't bare the responsibility of their kids internet access as opposed to the expectation the internet raises their kids...

> i know that is terrible timing and im genuinely sorry about that.

This Twitter-style faux-casual way of writing is so common among AI people right now (see Sam Altman) and it’s extremely grating. I don’t know anything about this project, but if they really cared about their users, I would hope that they’d use capital letters and punctuation when addressing them in an official announcement.

My cursory understanding of the ruling is that it applies if you have several million users in the UK... [1]

Is that the case here (and it just happens that I have no clue what this particular site is about) ?

Or am I grossly misunderstanding the act (very likely I guess since IANAL) ?

[1] https://www.onlinesafetyact.net/analysis/categorisation-of-s...

-------------------------------------------

Ofcom’s advice to the Secretary of State

Ofcom submitted their advice – and the unerpinning research that had informed it – to the Secretary of State on 29 February 2024 and published it on 25 March. In summary, its advice is as follows: Category 1

Condition 1:

    Use a content recommender system; and
    Have more than 34m UK users on the U2U part of the service
Condition 2:

    Allow users to forward or reshare UGC; and
    Use a content recommender system; and
    Have more than 7m UK users on the U2U part of the service
Ofcom estimates that there are 9 services captured by condition 1 and 12-16 likely to be captured by condition 2. There is one small reference in the annex that the 7m+ monthly users threshold corresponds to the DSA (A6.15) Category 2a (search)

    Not a vertical search service; and
    Have more then 7m UK users
Ofcom estimates that there are just 2 search services that currently sit (a long way) above this threshold but that it is justified to put it at this level to catch emerging services. Category 2b (children)

    Allow users to send direct messages; and
    Have more than 3m UK users on the U2U part of the service
Ofcom estimates that there are “approximately 25-40 services” that may meet this threshold.

-------------------------------------------

The act does seem poorly thought out practically & I really dislike the UK's overall mindset to online safety. The laws consistently feel like they were written by someone that prints out emails to read...

That said the thinking that smaller platform should equal exemptions seems a touch flawed too given topic. If you're setting out to protect a child from content that say is promoting suicide the size of the platform isn't a relevant metric. If anything the smaller less visible corners (like the various chan sites) of the internet may even be higher risk

> I really dislike the UK's overall mindset to online safety. The laws consistently feel like they were written by someone that prints out emails to read

The UK is a leading example of what calls for regulation turn into in the real world.

I’ve noticed a lot of calls for regulation in Hacker News comments lately. In the past week I’ve read multiple threads here where people angrily called for regulations and consequence for anything LLM related they didn’t like: When LLMs produced mistakes, when they produce content too close to copyrighted works, and so on.

There’s an idea that regulation is a magical function that you apply and then the big companies suffer consequences, products improve to perfection to avoid the regulations, and nothing is lost for consumers.

Then you look at real-world heavy handed technology regulation and see what really happens: Companies just have to turn off access to countries with those regulations and continue on with their business. People who use the tools get VPNs and continue operating with a little extra hassle, cost, and lag. Businesses avoid those countries or shut down because it doesn’t make sense to try to comply.

There’s a constant moving of goalposts, too: Every time someone points out the downsides of these regulations it’s imagined that better regulation would have exempted the small companies or made it cheap to comply (without details, of course).

I think heavy handed technology regulation is yet another topic where the closer it gets to reality, the less people like it. When you point out real world examples, the response is always “No, not like that

> When you point out real world examples, the response is always “No, not like that

My impression from this thread is that this is because the law was implemented in a way that's indicative of a lack of technical understanding on the part of the lawmakers and falls into a number of pitfalls that a law written by people competent in the field would avoid. Am I wrong?

UK's final goal to anything online always seems to be spying. They never seem to have a clue what to do with the data after that, but they're always damn eager to implement laws to allow for spying
Timely reminder to all UK people - your system is 100% set up to allow you to easily and legally change your government without bloodshed. This is the benefit of a constitutional monarchy.

By "changing your government" I don't mean "shuffle people in and out of parliament" or even "elect your 6th Prime Minister in 10 years".

I mean change your government.

The two parties who had/have a chance of winning the/an election both wanted this
You get the government you deserve
Do Iranian people get the government they deserve?
I personally know how this works in Europe & UK. Not only government, this applies to big companies such as large banks as well. They recruit two kinds of staff. One that works to progress some work and one who puts an many hurdles as possible and call it risk management, compliance, security, regulatory etc (RCSR). They hire approximately 3 times more people into these RCSR positions compared to the technical and real work related positions. These RCSR guys dump thousands of pages of guidelines, making it impossible for any meaningful work to progress. My technical team has been running around for 4 months for approvals for testing an upgrade of a database.

Top management can never go against the RCSR guys, who are like priests of the church in medieval ages. And the RCSR guys have no goals linked to the progress of the real work. The don't like any thing that moves. It's a risk.

Management thinks that RCSR helps with controls around the work. But what happens is, you put more people in building controls, they deliver fort walls around your garbage bins.

This is not limited to Europe. I worked for a company like this in the US. The problem of course is the incentive structure: The penalty for violating some minor regulation was that the company would cease to exist (or so management assumed) while there was effectively no penalty for not getting the mission accomplished.

Thus the only reasonable course of action was to do nothing.

I imagine it must feel like that. The reality is that engineers are blasé with data and have been since the personal computing revolution.

Legal frameworks are incredibly irritating and often defined by people who know nothing about what they're regulating. This can lead to very bad laws.

Given that we live in the real world and one can be sued for violating those laws, the stakes are quite high and low cost. Many states in the US allow individuals to bring suit based on these laws, meaning all that needs to happen is you make a mistake and some rando has time to hire a lawyer.

And that is, by the way, notwithstanding the reality that many of the annoying compliance requirements are actually not all that annoying in principle, they are annoying to implement because many software development practices involve the free flow of data.

Maybe that was fine when it was public blogs. But when it's someone's medical records or their financial data, or when it lands in the bucket of a Cambridge Analytica type, sorry, there's a higher burden.

It is frustrating, I know. But we as engineers need to take responsibility for the consequences and stakes of what we're building. It's lack of that awareness that caused many of the largest controversies in our industry.

This is a crude strawman argument at best. I don't disagree that compliance/regulation requirements can be overdone, but unfettered progress-at-any-cost has its own downside. History is overloaded with technological innovations followed by regulation efforts to mitigate the the unintended consequences.

Reality, as always, as much more nuanced than this hot take. It's a balancing act.

> These RCSR guys dump thousands of pages of guidelines, making it impossible for any meaningful work to progress.

This always reminds me of Darwin’s discovery — survival of the fittest — especially in the ruthless and highly competitive world of commerce. Yet this truth is often misunderstood or even outright rejected by those with a so-called "woke" mindset.

In such a competitive world, the only inevitable outcome for a business that isn’t fit enough is failure and eventual disappearance. Always remember: no one can be forced to buy a product or service if they live in freedom. Deals won’t happen because of burdensome frameworks like "RCSR." Trade flows naturally toward what creates the greatest value for both parties — usually better products or services at lower costs. From a Darwinian perspective, this kind of trade helps make the parties involved more fit. So why wouldn’t they choose it?

Hope all come to recognize this natural/divine will with reverence — and try our best to align with it and stay fit (while helping to keep those we love fit as well). This can truly help foster a competitive market and benefits all.

Once again, it seems like the regulations were likely written by the very people being regulated perfectly tailored to kill off any potential competition. An absolute classic.
Yeah I'm probably gonna have to block UK visitors from Marginalia Search as well. Just no way a single developer can comply with that stuff :-/
I've heard it caused all UK operated small forums to shut down. Basically a completely dumb anti free speech "regulation".