networkstring
honked back 12 Feb 2025 10:12 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113990141732739818
networkstring
honked back 12 Feb 2025 10:12 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113990141732739818
networkstring
honked back 12 Feb 2025 09:21 +0000
in reply to: https://fosstodon.org/users/castaway/statuses/113990164210744328
networkstring
honked back 12 Feb 2025 08:12 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113989867731003090
@neil oh, the MX records have pointed to localhost since the DEA / BBFC / AV stuff got scrapped. Don't want to risk 'retroactive' enforcement by OFCOM. In essence the rough plan is; I've yet to decide whether it'd be done entirely by email or whether the website would display 'safe' thumbnail (GIF?..) with a 'safe' description and an ID. Consumers then email with a subject of the ID ( ~80% of the code is there, just waiting to see what OFCOM says. If it's legal I'll keep writing it to prove a point, if it's not, well it's been fun. I'll update the website with more info later.
mailto:
href to make everyone's lives easier) to retrieve the video/images.
networkstring
honked back 12 Feb 2025 08:01 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113989755529675492
networkstring
honked back 12 Feb 2025 07:15 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113989522441517293
@neil it would seem so. This service is either egregiously in breach or is perfectly legal there isn't a grey area here. If they can't bring themselves to say one way or the other what chance does anyone else have?
networkstring
honked 11 Feb 2025 23:22 +0000
OFCOM have replied to my email as to whether https://pornby.email is compliant with the OSA with;
networkstring
honked back 11 Feb 2025 19:48 +0000
in reply to: https://toots.dgplug.org/users/kushal/statuses/113986884467574511
networkstring
honked back 11 Feb 2025 19:37 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113986736834510288
@neil @aphyr @rachelcoldicutt @jaz so I've been thinking about this in the context of the DSA and the "cloudflare defense". If the content is proxied/mirrored rather than hosted/published then it's a different situation? The OSA sort of understands this which is why CSAM URLs are called out separately to content.
networkstring
honked back 11 Feb 2025 09:13 +0000
in reply to: https://toots.dgplug.org/users/kushal/statuses/113984401543455849
networkstring
honked back 10 Feb 2025 15:58 +0000
in reply to: https://ioc.exchange/users/troed/statuses/113980396244513579
networkstring
honked back 10 Feb 2025 15:51 +0000
in reply to: https://ioc.exchange/users/troed/statuses/113980351247224693
@troed because the UK Government thinks they can fine you or imprison you. Which is wild. And if I weren't in the UK I'd say the same thing to them that I'd say to Roskomnadzor... (and it isn't polite).
networkstring
honked 10 Feb 2025 15:49 +0000
Huh, in an unexpected turn of events Stripe.com seems to have lifted the restriction on https://over18.uk It can now process credit card payments again. Now, how do I check if it is "highly effective"?
networkstring
honked back 10 Feb 2025 15:36 +0000
in reply to: https://en.osm.town/users/InsertUser/statuses/113980266654324019
@InsertUser @russss @neil @steve no, I've emailed the porn supervision team about https://pornby.email and there's an FOI out too ( https://www.whatdotheyknow.com/request/definition_of_email_for_online_s#incoming-2905462 ) so hopefully we'll know soon enough.
networkstring
honked 10 Feb 2025 15:34 +0000
The confirmation from OFCOM that https://geoblockthe.uk is a compliant way to conform with the #OnlineSafetyAct; https://player.vimeo.com/video/1053682977?app_id=122963&autoplay=1#t=1h0m52s
networkstring
honked back 10 Feb 2025 15:18 +0000
in reply to: https://mstdn.social/users/pmdj/statuses/113980112187388939
networkstring
honked back 10 Feb 2025 14:22 +0000
in reply to: https://mas.to/users/plock/statuses/113979965194528879
networkstring
honked back 10 Feb 2025 14:21 +0000
in reply to: https://chaos.social/users/russss/statuses/113979977133684084
networkstring
honked back 10 Feb 2025 14:01 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113979944754051403
@neil @steve @russss I can't tell you the number of times someone has WAF'd their website to the ends of the earth and back again but left the graphql/api that their JS calls totally unprotected... I can easily see e.g. Cloudflare or something launching a "AV WAF" but obvs the server-to-service bit can't be gated in the same way. But this is getting deep into the weeds of hypothetical.
networkstring
honked back 10 Feb 2025 13:55 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113979911188988987
@neil @TheVampireFishQueen @johnmclear AIUI we're still waiting to find out how OFCOM is drawing the line between ASP and "user to user service" given that anything with Internet access is a user-to-user service.
networkstring
honked back 10 Feb 2025 13:49 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113979893912539796
networkstring
honked back 10 Feb 2025 13:26 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113979803691326701
networkstring
honked back 10 Feb 2025 13:07 +0000
in reply to: https://furry.engineer/users/ret/statuses/113979731611293237
@ret that was their starting point for the "Small Providers" session last week and hence why I'm annoyed.
networkstring
honked back 10 Feb 2025 13:06 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113979717343753710
networkstring
honked back 10 Feb 2025 13:01 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113979708486748697
@neil I really wish (for other peoples sake) the information started at; Waaaaaaay before we get to "XYZ Company with it's 500k/monthly users and 8 person strong moderation team..."
networkstring
honked back 09 Feb 2025 22:33 +0000
in reply to: https://socel.net/users/TheVampireFishQueen/statuses/113975936765917238
@TheVampireFishQueen @neil @cyberleagle what's annoying is that the "we campaigned for this" Telegraph are still acting like this only affects "Tech Giants". However it will be amusing if they have to defang it in such a way to be totally useless.
networkstring
honked back 09 Feb 2025 13:05 +0000
in reply to: https://social.vivaldi.net/users/Fonant/statuses/113974046605911375
@Fonant @bazbt3 @Szescstopni @neil exactly. I'm a huge fan of GDPR (even though I'm paying fees to the ICO for all of my companies!)
networkstring
honked back 09 Feb 2025 12:41 +0000
in reply to: https://social.vivaldi.net/users/Fonant/statuses/113973771097713502
@Fonant @bazbt3 @Szescstopni @neil As much as I'd love for the Internet to be entirely open and for blocking / filtering to be opt-in etc at the client side there is a good reason for blocking as many UK users as possible right now. As widely predicted at the time the IPA TCNs are biting (UK Gov ordering backdoor in Apple cloud storage encryption) so the press are latching onto "extra territorial overreach". If everyone starts finding out they suddenly can't reach websites because of another poorly written law with "extra territorial reach" we might get a ground swell to strike out or amend the law. And to be clear; I've less of a problem with multi-billion $ companies with a demonstrated history of causing harm being told "follow our new risk reduction regime or face enforcement action" than I do with folks who can't even get a straight answer of whether they are even in scope or not for their little gardening/knitting/butterfly blog. Sites below a threshold and with no evidence of harm should be simply and obviously carved out to the point where most folks don't have to care about the OSA anymore than they do the DSA, IPA etc etc.
We need to look at The Big Picture, and not rush to block UK users for no reason other than a Bad Law.
networkstring
honked back 08 Feb 2025 20:02 +0000
in reply to: https://infosec.exchange/users/jerry/statuses/113970018696558090
@jerry @pieceofthepie @Marcus @neil absolutely, they've even said that some of the egregious offenders might be single person services with a handful of users but causes a disproportionate amount of harm. Still it sucks for smaller folks who can't understand where they stand or whether they are even covered.
networkstring
honked back 08 Feb 2025 19:10 +0000
in reply to: https://social.n8e.dev/users/pieceofthepie/statuses/113969819177206672
@pieceofthepie @jerry @Marcus @neil indeed. It's just annoying that they refuse to quantify anything and simply say "if you're in scope you must comply".
networkstring
honked back 08 Feb 2025 19:00 +0000
in reply to: https://blimps.xyz/users/cardboard/statuses/113969749088310124
@cardboard at least we'll be 'safe'. With our backdoored encryption. And mass surveillance Internet Connection Records. And trade/freedom crushing Brexit. What joy we have to look forward to.
networkstring
honked back 08 Feb 2025 18:18 +0000
in reply to: https://thx.gg/users/interpipes/statuses/113969572495650623
@interpipes @stephen @neil ah I see what you mean now. It'll also be interesting to see how the (fear of) business disruption measures affect customer take up. As an ASP we have to comply with s100 notices but if the customer is just an email address to us and they ignore OFCOM will there be some naughty sidestepping like we used to see with the Police and CommsData or will they move to use their enforcement powers.
networkstring
honked back 08 Feb 2025 17:44 +0000
in reply to: https://social.treehouse.systems/users/dee/statuses/113968263669720243
networkstring
honked back 08 Feb 2025 17:43 +0000
in reply to: https://furry.engineer/users/ret/statuses/113969035281180379
networkstring
honked back 08 Feb 2025 17:10 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113968866901300800
@neil @steely_glint I did ask OFCOM if literally every ISP on the planet is a user to user service and they refused to "talk about specifics".
networkstring
honked back 08 Feb 2025 17:07 +0000
in reply to: https://infosec.exchange/users/jerry/statuses/113969188248913875
@jerry @Marcus sadly OFCOM refuses to clarify what significant means. If you're interested in looking at the risk assessment / child access assessment stuff might I recommend the excellent resources that @neil has been maintaining over at https://onlinesafetyact.co.UK Or there's https://geoblockthe.uk ;) However as someone following a lot of folks on your instance my preference would be to ignore OFCOM just as you would any other tinpot regulator.
networkstring
honked back 08 Feb 2025 17:03 +0000
in reply to: https://thx.gg/users/interpipes/statuses/113969198387312485
@interpipes @stephen @neil are you thinking of businesses disruption orders as an ASP or something else?
networkstring
honked back 08 Feb 2025 13:55 +0000
in reply to: https://social.treehouse.systems/users/dee/statuses/113968538542900088
@dee @xenogon I think a confusion has arisen over my putting many things on the same page / context. I want sites to block the UK to cause a backlash. I don't want people to not be able to access said sites so suggested Tor to get to sites they can't reach (OFCOM can block sites themselves). I'd love to see more websites running on .onion (and IPv6). At the end of the day if people don't block the UK they might be on the sharp end of OFCOMs enforcement - what they do is a decision for them (and/or their nonexistent legal team)
networkstring
honked back 08 Feb 2025 13:46 +0000
in reply to: https://socel.net/users/TheVampireFishQueen/statuses/113968518671924191
networkstring
honked back 08 Feb 2025 13:35 +0000
in reply to: https://sunny.garden/users/xenogon/statuses/113968392035813088
I recommend Tor as it has a special place in my heart given I run Exits and a .onion hosting company :)
networkstring
honked back 08 Feb 2025 13:32 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113968490889714121
networkstring
honked back 08 Feb 2025 13:01 +0000
in reply to: https://social.treehouse.systems/users/dee/statuses/113968263669720243
@dee ah, I hadn't even had a coffee yet when I knocked this together! Will double check for the OSS version. As for VPN, I had considered it but there's so many ads/shills and even the one I have by virtue of my email (proton) has become problematic that I didn't want to 'advocate' for a brand.
networkstring
honked back 08 Feb 2025 11:53 +0000
in reply to: https://social.coop/users/smallcircles/statuses/113968070110904741
@smallcircles @aral one day I hope that IPv6 and these multi-Ghz devices everyone carries around will unleash a form of P2P publication and communications the likes of which we've never seen before.
networkstring
honked back 08 Feb 2025 11:16 +0000
in reply to: https://mastodon.scot/users/CGM/statuses/113967946257421844
@CGM beautiful this is one of my big hopes; https://ablative.stream/u/networkstring/h/54w9gWqVm9gcRtdl6M Naturally I'd rather the Act be amended with a carve out for smaller sites but...
networkstring
honked back 08 Feb 2025 11:13 +0000
in reply to: https://kiwi.fuo.fi/notes/a3zmrclvvncj000u
@fuomag9 the act claims 'extra territorial' jurisdiction but how much that matters in reality is unknown to me.
networkstring
honked back 08 Feb 2025 11:20 +0000
in reply to: https://mastodon.ar.al/users/aral/statuses/113967943436411277
@aral indeed thank you. Edit: SmallWeb looks really interesting I'll have a read (now that I actually fully understood your reply!)
networkstring
honked 08 Feb 2025 09:56 +0000
I woke up angry and chose violence; https://geoblockthe.uk/ I'm going for a walk but please send me more guides (preferably the official documentation where possible) and I'll add them.
networkstring
honked back 07 Feb 2025 15:00 +0000
in reply to: https://masto.galooph.com/users/galooph/statuses/113963158030945674
@galooph @neil @cyberleagle @Fonant @aphyr @derickr :) Seeing folks looking to 'fight' to keep their corners of the Internet alive has been quite refreshing. My two biggest worries are about the folks who don't have the will/spoons to fight and what happens next. (Next being massive expansion of ID requirements and/or 'legal but harmful' definitions (see the US' scrubbing of 'DEI/LGBTQI+' content)
networkstring
honked 07 Feb 2025 14:20 +0000
networkstring
honked back 07 Feb 2025 13:33 +0000
in reply to: https://socel.net/users/TheVampireFishQueen/statuses/113962847627866945
@TheVampireFishQueen @neil @hedders what a juicy opportunity for Blair to get his ID cards in at last...
networkstring
honked back 07 Feb 2025 13:08 +0000
in reply to: https://socel.net/users/TheVampireFishQueen/statuses/113962675405529087
@TheVampireFishQueen @neil @hedders too much money to be made by the AV snakeoil crowd. Plus the "think of the children" folks will go nuclear. My feeling from this weeks presentations is that OFCOM thinks AV is perfectly reasonable :/
networkstring
honked back 07 Feb 2025 12:40 +0000
in reply to: https://socel.net/users/TheVampireFishQueen/statuses/113962567295853251
@TheVampireFishQueen @neil @hedders hey, I made https://over18.uk which is totally compliant (IMHO) and very privacy centric; https://over18.uk/privacy/ I mean, ok yeah, no-one can pay for the fast-track service right now cos the credit card providers keep ban-hammering me but still... (Semi seriously; OFCOM murmured positively about a question on Monday for accounts that are themselves already 18 years old (on a dating app) and payment by credit card is an approved 'highly effective' method)
networkstring
honked back 07 Feb 2025 10:33 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113962126728261016
@neil my feedback from reading your page was slight trepidation despite being reasonably certain of what I'm getting myself into. Granted that's not a bad thing, this is a serious issue and people should be aware of their potential liabilities. But maybe a flow chart showing e.g. "Ltd Company > Don't Lie > Don't destroy evidence > Don't be negligent = Ltd Liability Holds" might help some folks decide between spending £20 on incorporating a CiC/Ltd rather than shutting down? I'd make one but my risk-appetite-is-no-one-elses-risk-appetite (and my understanding of the law goes as far as recognising the words are in English)
networkstring
honked back 07 Feb 2025 10:26 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113961834640597894
@neil AIUI a person running a forum as an individual and a person running a forum as a named senior manager of a Ltd have slightly different personal liabilities? E.g. in the event where a penalty fine (not s.109 / s.110 / s.202(2)) is issued against a company and the company folds the issue goes away. Where-as a penalty issued against an individual can't go away?
networkstring
honked back 07 Feb 2025 10:07 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113962004432467831
networkstring
honked back 07 Feb 2025 10:02 +0000
in reply to: https://gts.lyrion.ch/users/zilti/statuses/01JKF34YKYCPWFK3KKTB8JFM5K
@zilti yup. UK Law is now "hand over ID or be treated like a child" for all websites that might have "harmful content" on it.
networkstring
honked back 07 Feb 2025 07:57 +0000
in reply to: https://mas.to/users/hedders/statuses/113961270300105602
networkstring
honked back 06 Feb 2025 23:08 +0000
in reply to: https://hachyderm.io/users/TheDragon/statuses/113959259530589902
@TheDragon from overseas sadly. But given how much Radxa stock RS has I'm hoping they'll have them in soon enough.
networkstring
honked back 06 Feb 2025 17:25 +0000
in reply to: https://social.vivaldi.net/users/Fonant/statuses/113957984947503481
@Fonant @plock @neil @tony of course it's bonkers. As are most of the "we must destroy the Internet to save the children" ideas that float around certain policy circles. No amount of collateral damage is too much to save the children. And of course, said children will be sooo grateful for the Internet they'll inherit as a result...
networkstring
honked back 06 Feb 2025 15:43 +0000
in reply to: https://mastodon.scot/users/bitterdonald/statuses/113957355115540752
@solene @bitterdonald I'm about to be so far both guides I've seen (https://github.com/qbit/mastodon_openbsd / https://www.ipv6.rs/tutorial/OpenBSD/Mastodon/) deploy nginx. Given both use nginx solely for it's proxying capability my gut feel is that we'll need to go with relayd rather than httpd (whose 'proxy' capabilities are restricted to fastcgi IIRC)
networkstring
honked back 06 Feb 2025 14:30 +0000
in reply to: https://socel.net/users/TheVampireFishQueen/statuses/113957331573976891
@TheVampireFishQueen @Fonant @neil my gut feeling is that US companies are less scared of OFCOM than they are of the EU/GDPR and so it'll all be met with complete indifference. IF OFCOM get in touch then it'll be 50/50 compliance or block (as we saw with GDPR/cookies).
networkstring
honked back 06 Feb 2025 12:36 +0000
in reply to: https://mas.to/users/plock/statuses/113956872389433911
@plock @neil @Fonant @tony funny you mention driving licenses; it wasn't too long ago that the "think of the children" pearl clutchers has latched onto the idea of "identity stained IP headers". https://johncarr.blog/2017/08/11/more-on-moderation-and-car-number-plates/ And the wife of the author of that blog is in the House of Lords...
networkstring
honked back 06 Feb 2025 12:05 +0000
in reply to: https://social.vivaldi.net/users/Fonant/statuses/113956828899174101
@Fonant @TheVampireFishQueen @neil Remember when everything "went dark" due to SOPA/PIPA? https://en.wikipedia.org/wiki/Protests_against_SOPA_and_PIPA I wonder if we can loop in BigBrotherWatch / Privacy International / Open Rights Group and grass roots something similar?
networkstring
honked back 06 Feb 2025 11:22 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113956590762793462
@neil @cesarb FWIW my thinking for asking the question followed from my past 10 years of dealing with extra-territorial requests. The only people who can put me in prison or fine me are the CPS. I must comply with UK law or face penalties. On the flip side I quite happily tell the regulators in foreign authoritarian states which I'll never visit to get in the bin. So; if I comply with the OSA by geo-blocking the UK and ignore everyone else what are the chances I'll be extradited? Probably quite low. OFCOM know they can't enforce their will on foreign agents which is why the Access Restriction powers exist and I'll be intrigued to see if any other country attempts extradition over blocking.
networkstring
honked back 06 Feb 2025 10:02 +0000
in reply to: https://mastodon.scot/users/simon_brooke/statuses/113956317298878771
@neil @simon_brooke not in Scotland but I run a LIR that has accounts with Datacenter providers who have facilities in Edinburgh, I've also got a bunch of limited liability shelf companies for shenanigans. https://brasshorncommunications.uk / https://www.youtube.com/watch?v=4_F0TZBfKXc for ASNs/IPTransit https://ablative.hosting for virtual machines / colo / websites etc. As for cost; talk to me - I do this to fuck with the status quo, not to make money (see my accounts at Companies House!)
networkstring
honked back 06 Feb 2025 09:54 +0000
in reply to: https://social.vivaldi.net/users/Fonant/statuses/113956317645661309
networkstring
honked back 06 Feb 2025 09:47 +0000
in reply to: https://social.vivaldi.net/users/Fonant/statuses/113956291045098629
networkstring
honked back 06 Feb 2025 09:46 +0000
in reply to: https://social.vivaldi.net/users/Fonant/statuses/113956284079670822
networkstring
honked back 06 Feb 2025 09:41 +0000
in reply to: https://social.vivaldi.net/users/Fonant/statuses/113956248958881522
networkstring
honked back 06 Feb 2025 09:37 +0000
in reply to: https://social.vivaldi.net/users/Fonant/statuses/113956217921225903
@Fonant @neil Not wishing to derail the previous conversation with a tangent but AIUI if one were a Part5 service (or had otherwise decided that children were at high risk) then my understanding is that the expectation is that you must treat HTTP verb without an "Age Verified" flag (cookie/whatever) as a child.
networkstring
honked back 06 Feb 2025 09:32 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113956220189776992
@neil @Fonant I agree wholeheartedly. Interestingly my takeaway from the sessions (with the repeated references to 'lots of things are of interest to children') is that OFCOM would consider any site without 'effective age verification' "likely to be accessed". Either way; given your low/negligible risk (and willingness to engage in the process) if they disagree they (if they keep to their word) will simply poke you to say it's missing and that'll be that.
networkstring
honked 06 Feb 2025 09:26 +0000
"First mover penalty" in the context of the Online Safety Act demonstrated with a small website; (Why yes, I did have fun reading a Thesaurus)
networkstring
honked back 06 Feb 2025 09:14 +0000
in reply to: https://mastodon.neilzone.co.uk/users/neil/statuses/113956157074166042
networkstring
honked back 06 Feb 2025 08:14 +0000
in reply to: https://rrier.fr/users/pc/statuses/01JKC9T28V50SVEK98TQJZ58TY
networkstring
honked back 06 Feb 2025 07:33 +0000
in reply to: https://woof.group/users/aphyr/statuses/113954543496272761
@aphyr somewhere there's an exchange admin trying to find the powershell that regexes
(fedi|mastodon|my)
and replies with "No. We hope that all UK citizens get to enjoy a (bowdlerized) Internet. We will however attempt to fine you into bankruptcy or jail you if you make a mistake."