home tags events about rss login

Things happen.

networkstring honked back 12 Feb 2025 08:12 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113989867731003090

@neil oh, the MX records have pointed to localhost since the DEA / BBFC / AV stuff got scrapped.

Don't want to risk 'retroactive' enforcement by OFCOM.

In essence the rough plan is;

  • Publishers register
  • Consumers register
  • Publishers upload their content (via email TBD)
  • Consumers can send an email to retrieve Publisher content (keyword/ID based)

I've yet to decide whether it'd be done entirely by email or whether the website would display 'safe' thumbnail (GIF?..) with a 'safe' description and an ID.

Consumers then email with a subject of the ID (mailto: href to make everyone's lives easier) to retrieve the video/images.


~80% of the code is there, just waiting to see what OFCOM says.

If it's legal I'll keep writing it to prove a point, if it's not, well it's been fun.

I'll update the website with more info later.

networkstring honked 11 Feb 2025 23:22 +0000

OFCOM have replied to my email as to whether https://pornby.email is compliant with the OSA with;

  • Services are responsible for understanding whether they are in scope of the Online Safety Act.
  • We've developed some tools which are quick and easy to use which should help to answer your question.

networkstring honked 10 Feb 2025 15:49 +0000

Huh, in an unexpected turn of events Stripe.com seems to have lifted the restriction on https://over18.uk

It can now process credit card payments again.

Now, how do I check if it is "highly effective"?

networkstring honked back 10 Feb 2025 14:01 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113979944754051403

@neil @steve @russss I can't tell you the number of times someone has WAF'd their website to the ends of the earth and back again but left the graphql/api that their JS calls totally unprotected...

I can easily see e.g. Cloudflare or something launching a "AV WAF" but obvs the server-to-service bit can't be gated in the same way.

But this is getting deep into the weeds of hypothetical.

networkstring honked back 09 Feb 2025 12:41 +0000
in reply to: https://social.vivaldi.net/users/Fonant/statuses/113973771097713502

@Fonant @bazbt3 @Szescstopni @neil

We need to look at The Big Picture, and not rush to block UK users for no reason other than a Bad Law.

As much as I'd love for the Internet to be entirely open and for blocking / filtering to be opt-in etc at the client side there is a good reason for blocking as many UK users as possible right now.

As widely predicted at the time the IPA TCNs are biting (UK Gov ordering backdoor in Apple cloud storage encryption) so the press are latching onto "extra territorial overreach".

If everyone starts finding out they suddenly can't reach websites because of another poorly written law with "extra territorial reach" we might get a ground swell to strike out or amend the law.


And to be clear; I've less of a problem with multi-billion $ companies with a demonstrated history of causing harm being told "follow our new risk reduction regime or face enforcement action" than I do with folks who can't even get a straight answer of whether they are even in scope or not for their little gardening/knitting/butterfly blog.

Sites below a threshold and with no evidence of harm should be simply and obviously carved out to the point where most folks don't have to care about the OSA anymore than they do the DSA, IPA etc etc.

networkstring honked back 08 Feb 2025 18:18 +0000
in reply to: https://thx.gg/users/interpipes/statuses/113969572495650623

@interpipes @stephen @neil ah I see what you mean now.

It'll also be interesting to see how the (fear of) business disruption measures affect customer take up.

As an ASP we have to comply with s100 notices but if the customer is just an email address to us and they ignore OFCOM will there be some naughty sidestepping like we used to see with the Police and CommsData or will they move to use their enforcement powers.

networkstring honked back 08 Feb 2025 17:07 +0000
in reply to: https://infosec.exchange/users/jerry/statuses/113969188248913875

@jerry @Marcus sadly OFCOM refuses to clarify what significant means.

If you're interested in looking at the risk assessment / child access assessment stuff might I recommend the excellent resources that @neil has been maintaining over at https://onlinesafetyact.co.UK

Or there's https://geoblockthe.uk ;)

However as someone following a lot of folks on your instance my preference would be to ignore OFCOM just as you would any other tinpot regulator.

networkstring honked back 08 Feb 2025 13:55 +0000
in reply to: https://social.treehouse.systems/users/dee/statuses/113968538542900088

@dee @xenogon I think a confusion has arisen over my putting many things on the same page / context.

I want sites to block the UK to cause a backlash.

I don't want people to not be able to access said sites so suggested Tor to get to sites they can't reach (OFCOM can block sites themselves).

I'd love to see more websites running on .onion (and IPv6).


At the end of the day if people don't block the UK they might be on the sharp end of OFCOMs enforcement - what they do is a decision for them (and/or their nonexistent legal team)

networkstring honked back 07 Feb 2025 15:00 +0000
in reply to: https://masto.galooph.com/users/galooph/statuses/113963158030945674

@galooph @neil @cyberleagle @Fonant @aphyr @derickr

:)

Seeing folks looking to 'fight' to keep their corners of the Internet alive has been quite refreshing.

My two biggest worries are about the folks who don't have the will/spoons to fight and what happens next.

(Next being massive expansion of ID requirements and/or 'legal but harmful' definitions (see the US' scrubbing of 'DEI/LGBTQI+' content)

networkstring honked back 07 Feb 2025 12:40 +0000
in reply to: https://socel.net/users/TheVampireFishQueen/statuses/113962567295853251

@TheVampireFishQueen @neil @hedders hey, I made https://over18.uk which is totally compliant (IMHO) and very privacy centric; https://over18.uk/privacy/

I mean, ok yeah, no-one can pay for the fast-track service right now cos the credit card providers keep ban-hammering me but still...

(Semi seriously; OFCOM murmured positively about a question on Monday for accounts that are themselves already 18 years old (on a dating app) and payment by credit card is an approved 'highly effective' method)

networkstring honked back 07 Feb 2025 10:33 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113962126728261016

@neil my feedback from reading your page was slight trepidation despite being reasonably certain of what I'm getting myself into.

Granted that's not a bad thing, this is a serious issue and people should be aware of their potential liabilities.

But maybe a flow chart showing e.g. "Ltd Company > Don't Lie > Don't destroy evidence > Don't be negligent = Ltd Liability Holds" might help some folks decide between spending £20 on incorporating a CiC/Ltd rather than shutting down?

I'd make one but my risk-appetite-is-no-one-elses-risk-appetite (and my understanding of the law goes as far as recognising the words are in English)

networkstring honked back 07 Feb 2025 10:26 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113961834640597894

@neil AIUI a person running a forum as an individual and a person running a forum as a named senior manager of a Ltd have slightly different personal liabilities?

E.g. in the event where a penalty fine (not s.109 / s.110 / s.202(2)) is issued against a company and the company folds the issue goes away. Where-as a penalty issued against an individual can't go away?

networkstring honked back 06 Feb 2025 11:22 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113956590762793462

@neil @cesarb FWIW my thinking for asking the question followed from my past 10 years of dealing with extra-territorial requests.

The only people who can put me in prison or fine me are the CPS. I must comply with UK law or face penalties.

On the flip side I quite happily tell the regulators in foreign authoritarian states which I'll never visit to get in the bin.

So; if I comply with the OSA by geo-blocking the UK and ignore everyone else what are the chances I'll be extradited? Probably quite low.

OFCOM know they can't enforce their will on foreign agents which is why the Access Restriction powers exist and I'll be intrigued to see if any other country attempts extradition over blocking.

networkstring honked back 06 Feb 2025 10:02 +0000
in reply to: https://mastodon.scot/users/simon_brooke/statuses/113956317298878771

@neil @simon_brooke not in Scotland but I run a LIR that has accounts with Datacenter providers who have facilities in Edinburgh, I've also got a bunch of limited liability shelf companies for shenanigans.

https://brasshorncommunications.uk / https://www.youtube.com/watch?v=4_F0TZBfKXc for ASNs/IPTransit

https://ablative.hosting for virtual machines / colo / websites etc.

As for cost; talk to me - I do this to fuck with the status quo, not to make money (see my accounts at Companies House!)

networkstring honked back 06 Feb 2025 09:32 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113956220189776992

@neil @Fonant I agree wholeheartedly.

Interestingly my takeaway from the sessions (with the repeated references to 'lots of things are of interest to children') is that OFCOM would consider any site without 'effective age verification' "likely to be accessed".

Either way; given your low/negligible risk (and willingness to engage in the process) if they disagree they (if they keep to their word) will simply poke you to say it's missing and that'll be that.

networkstring honked 06 Feb 2025 09:26 +0000

"First mover penalty" in the context of the Online Safety Act demonstrated with a small website;

https://efic.email/

(Why yes, I did have fun reading a Thesaurus)