32 comments

[ 3.2 ms ] story [ 55.9 ms ] thread
The list's probably going to get a lot longer. I wonder how it's going to compare to the list of sites who block Europeans due to GDPR concerns. I've only ever noticed two sites that did that, even though the amount of noise from Americans was not insubstantial. The OSA is a lot more invasive than the GDPR though.
> reddit discussion about a type of bowel surgery

Are they really going to register individual topics for Reddit?

Wait,

> Post on social media website X claiming that content relating to protests has been age-gated due to the Online Safety Act.

Now we're reporting individual tweets?!?

Stop smoking subreddit and irish music site considered harmful to children.

The amount of geoblocked/shutdown sites by far exceeds the "intended" [0] targets.

[0] Everyone knows that the collateral damage is intentional and this was never about porn.

This is insane, how long will it take them to overreach and abuse their power for political gain?
100 years ago the British Empire tried to thought-control India. Today the empire is a bunch of demented aristocrats who are thought-policing those few who are still under their control.
At this point, I am pretty confident I can live the rest of my life without ever entering British air space.

So I ask myself - could I come up with a simple HTML page that would be illegal in the UK without age verification checks? I won't host pornography, but it seems to cover a lot more than that. Photos from contests? Calls to overthrow the government?

I'd put it under some creative commons license so other people could host the exact same content. What if there were thousands, or tens of thousands of sites that did it. It'd be wonderful if people were willing to put their money where their mouth is how them how impotent and illegitimate their laws really are.

Fully understand the reasons for the site - and the title on HN is shutdowns and site blocks - but the site itself displays self-enforcinging sites and shows them as potential government blocks.

There are blocked sites but you have to look for them in different sections of the site.

One site shown at the start of the other pages, adult friend finder is showing as blocked, however I can access it from my UK provider so honestly not sure what value this site brings (yet) apart from highlighting those that have a self-enforced blackout due to "451 Legal Reasons".

I'm on mobile so difficult to copy and paste - but that site was the top of an alphabetical list after I made my way past a few VPNs.

This is a confusing mix of sites that have decided to geoblock UK users because they don't want to deal with the regulations (fair enough) but also ones that have age verification and no geoblock
What's frustrating me about this is that theoretically this list should include every MUD and BBS, if they don't want to get in trouble. It's a horrible law, which forces people into the pockets of the largest sites which can afford to do the age verification.

Speaking as a Brit, I wish Wikipedia would just go black for the UK. That might focus some minds.

Yeah, the government that let the strets go rampant with crime, that they don't even bother tracking anymore, is concerned about the people's "online safety"...
EDIT: I was wrong in this comment, I thought it was blocked but the owners decided to take it down.

Original comment follows: They blocked irish.session.nz: "Resources for learning Irish music by ear". This is either a mistake or a very early example of a political abuse of the OSA. Both are wrong of course and prove what a stupid and concerning thing OSA truly is.

The data quality here seems poor, eg it lists reddit.com as having shut down, which is clearly false. I think some list like this would probably come across better with some curation so it isn’t largely a list of unsympathetic porn sites and no-name blogs being blocked to spite the UK.
Why are people so bothered with govt requiring a single photo for some websites when private companies already have all the data of almost all humanity?
> bsky.app | @greg.org on Bluesky https://bsky.app/profile/greg.org/post/3lvt3mjvskk2i Reported: 07 August, 2025 at 19:53 Shut down on: 07 August, 2025 Geoblocking due to OSA Statue of |david behind age verification filter

So, going forward, will similar pieces of art be blocked in the British Museum as well? Like physically?

I’m in the uk. No vpn. I tried several of these links and they all worked for me…

Is there any verification on submissions to this?

I learn about nice sites / pages there I did not know before.
It's never a good idea for the authority to block something

It's an even worse idea to make the block list public lmao

One thing I’ve realised over the past few weeks is that some parents must be delighted to have the government control the web for them.

When the parent does the enforcement themselves then they can be put under direct pressure by their children to drop the ban. When the government does it then the parent can say, honestly, sorry, there’s nothing they can do about it: It’s out of their hands. The child only has access to tier 1 support [parent] and the support agent’s only response is “sorry, corporate policy [law] requires AV for certain sites, there’s nothing I can do. Is there anything else I can help you with today?…”

I don’t say this to make the laws easier to swallow but the social economics of it make it more understandable why this law might be so popular with anyone already overloaded with angry teenagers.

Next up: the Bedtime Is At Nine PM Act 2026, Tuck Your Shirt In Act 2027, and No We Have One At Home Already Act 2028.

I'm not victim blaming here, but does anyone have this nagging feeling that in this case, we, the "techies" caused this by refusing to engage with lawmakers?

In the case of E2E encryption, it's definitely a hill to die on, there is no way to make a backdoor "only the good guys" can access. But in this case, the long standing refusal for the tech industry to engage in even the lightest of lobbying towards having legal regulation for standards seems to bite us in the ass every now and then. We've seen it time and time even for things that are non controversial and would clearly benefit everyone: why is BCP 38 not mandated by law in any country? Why is IPv6 at the ISP consumer edge not mandated by law?

All of this could have had the same effect if instead of putting the onus of age verification on millions of websites, you instead put it onto the "customer end device", with some definition as to have it only apply to anyone who sells devices used to access online content with more than X% market share (meaning effectively Microsoft, Google on behalf of all Android OEMs and Apple, plus TVs and console makers).

You'd also put into law what content providers need to do to become compliant. It drops from "having a robust system of age verification" into "if you're serving content over HTTP and your content is for over 18, you need to send a specific over 18 header". If you're publishing an app on a walled garden app store, you need to specify the age rating (as one does already). If you state your page is good for under 18s when it's actually over 18, you then incur a fine.

Then it's really just up to OS makers to build support for the above into the parental controls functions that mostly already exist. Implement the header checking on the browser. Then restrict over 18 apps and outside app store that aren't explicitly authorised: this ensures no alternate browsers could be installed or ran by a child, while leaving them freedom to roam the web and install under 18 apps. The issue with existing parental controls is twofold: the web is a wild place and manually vetting every single app your kid wants to install is overbearing so everyone gives up on parental controls.

Then it's a matter of, when you buy a phone for your kid, you click a button "the user is a child, enable parental controls, set the grown up password". If parents fail to even do this, then clearly it's their own fault?

You'd specifically leave out non-HTTP protocols and leave a bunch of technical loopholes that could be exploited by technically minded people. It would both limit the amount of wreckage to things the common people doesn't even know it exists and make sure this wouldn't creep into places it doesn't belong. Sure, teenager who downloads Arch into a USB pen drive and boots off it can then access whatever they want, or someone who finds they can get into IRC and XDCC a bot for hot JPEGs, but at that point they clearly earned it.

I get the feeling that we've fucked it, left very important regulations up to people who have no clue and now we get the most onerous and worst implementation possible of things every single time put into law. We could have done the same with cookies, there's like, three browsers. Remember P3P? https://en.wikipedia.org/wiki/P3P

> In the case of E2E encryption, it's definitely a hill to die on, there is no way to make a backdoor "only the good guys" can access.

You can make a backdoor that only the good guys can access--it's not even hard thanks to public key cryptography. The problems are:

(1) The good guys might be sloppy in how they handle you data, so they might leak or or they themselves might get hacked.

(2) The good guys might later become the bad guys.