Imgur pulls out of UK as data watchdog threatens fine
express.co.uk566 points by ANewbury a day ago
566 points by ANewbury a day ago
There's an opportunity for a service like CloudFlare here give people a simple toggle that manages geoblocks on legal liability factors. It's way too much for every organisation to individually track every country's laws day by day in case just by being accessible there you incur a liability. And it sounds like the UK would have just self-selected out of the list of "safe" countries.
If something like this was in widespread use it would have much more impact since countries would see whole swathes of the internet immediately go dark when they make stupid laws.
I wish Wikipedia would take one for the team, and go dark in the UK. (And I'm in the UK).
Wouldn't work with somewhere like China, but the UK might still be capable of being shamed.
Wikipedia gets a lot of donations from the uk. I’m not sure how many Brits would continue putting £10-100/mo into a charity that explicitly doesn't operate in their borders.
Wouldn't make a dent in their budget. They are not poor by any means.
https://en.wikipedia.org/wiki/Wikipedia:Fundraising_statisti...
The annual cost is about 150 million, and they have a war chest of half a billion? If I remember correctly. Yeah, I don't think anything will do a dent, unless like everyone decides to never donate again.
Wikimedia's expenses and wikipedia expenses are not the same. wikipedia does not spend anywhere near $150 million a year.
Any stats on this? I'd be surprised if the number of Brits putting £10-100/mo into Wikipedia greatly exceeds 10.
https://meta.wikimedia.org/wiki/Fundraising/2023-24_Report
Best I can find
$ 132,466.01 Africa
$ 4,902,373.13 Asia
$ 49,423,340.29 Europe
$106,546,895.77 N.America
$ 2,509,299.46 Other
$ 6,082,217.76 Oceania
$ 944,844.22 S.AmericaIt looks from another chart like 21% of revenue is recurring, so $10 million annually for Europe.
Convert that to GBP and you get about £7.5 million.
Figure that the UK accounts for about 15% of the European economy and assume it contributes to Wikipedia at about an equal share.
That's about £1.125 million in estimated annual recurring contributions from the UK.
You said 10-100/mo, so let's assume £55/mo or £660/year as the mean.
That would be about 1,700 Brits, a surprising number.
Gotta factor in fire-and-forget donations vs repeat donations. So halve that number?
I'm surprised you're reiterating surprise: you were off by two orders of magnitude, and the initial surprise only had purpose as a rhetorical device, it wasn't based on anything (why is > 10 surprising? 70M people in UK...)
Yes, that was just reiterating the initial surprise which as you suggest was rhetorical mostly.
I assumed Britain would not be Europe but “other”
Why would you think that? Leaving the EU was not a geographical event
Just imagined on the day of brexit whole set of islands just started drifting few hundred kms towards west (or south-west given how canary islands often feels like british overseas territory?) to underscore the leaving part.
Dig up beaches on the east coast, dump as landfill on the west coast. Nothing's too much trouble for The Great Experiment.
Of course, Ireland will have to move out the way. (Wait, is this an actual metaphor for Brexit?)
Eh - for the world's audiences: EU is not Europe. I geddit how/why why people equate eu == europe - it would simplify things for all, one niggle less to consider. But - it ain't so, for better or worse. There are countries in Europe, that can't be members of the European Union, or could be, but don't want to be members. (e.g. UK, probably Island, Switzerland, some of the Nordics) There are no countries in the European Union, that are not part of Europe. So EU <= Europe. (unsurprisingly)
Cyprus isn't in Europe geographically, it's in Asia.
There are also the various territories of larger countries that aren't - French Guaiana in South America, Canary Islands are off the coast of Africa.
> probably Island
?
i think they meant Ireland, which is a member of the EU and has a populace that strongly desires to continue to be, according to https://gov.ie/en/department-of-foreign-affairs/press-releas...
Islands off the cost of a continent are still generally considered to belong to the continent. IE Japan is still in Asia, Cuba is still in North America, etc.
At this point, the UK government is beyond shaming. On the contrary, it shame and record-breaking unpopularity seems to empower them.
I wouldn't put it passed them to require the digital ID to access the internet passed curfew.
Something that I think normal, decent people don't appreciate enough: you can join an organization without believing a word of what it stands for. It's perfectly possible to just pretend. It doesn't take a ton of resources or a big coordinated conspiracy to join and betray an organization, it just takes a bit of self-confidence, or chutzpah.
One person I believe knows this, is Keir Starmer. It's very hard to explain why things happen in UK politics without assuming he is trying to tank Labour.
What one might contribute to malice can normally be attributed to ignorance. I think the political class in the UK is just completely bifurcated from the public (not as much as the Tories were, but more than I though Labour would be), such that every decision senior Labour leaders are making is lauded in progressively smaller circles they keep and they're oblivious to the reality of the situation. They just don't feel the condemnation of the general public. I think current Labour genuinely thinks their popularity is higher than it is polling, and that they're doing what people want.
To caveate this, I am a Labour member (with the goal of advising tech policy such that they don't send our tech industry off a sharp cliff). I've spoken to a few in the cabinet now about growth and industrial policy, and there's no appetite for engagement outside of their think-tanks. I go to the conferences today, and in contrast to the Tory government days where the main topic of conversation was "what do people want" and "how do we gain seats in the election", it's now all navel-gazing about how "well" their policies poll (vs how well the party does, as if they're the same thing). It's baffling how out of touch the current power brokers are regarding the danger Labour are in. There's rose-tinted glasses, and then there's obsidian-tinted horse blinders.
Malice is a strong word. I think they (because as another commenter points out, he can't do this entirely alone) primarily just don't care, and secondarily, just assume there's going to be a reward. They aren't told by some shadowy cabal there's going to be a reward, they just assume it.
It's not an unreasonable assumption either. Nick Clegg did seemingly get rewarded for tanking the lib Dems. The ones lower in the party hierarchy will also have seen plenty of examples of pyrrhic loyalty being rewarded.
What modern parties effectively teach - UK Labour is just one of many examples, not even the only example in the UK - is that the supreme political virtue is loyalty to decisions taken in rooms you weren't invited to. That, they think, will eventually get them invited to those rooms.
The sad thing is that whether the rooms actually exist or not, the result is much the same.
"Don't obey in advance" is Tim Snyder's first rule against tyranny. While that is a great moral rule to follow in tyrannies, all organizations want people to obey beforehand, whether tyrannies or not. It's called showing initiative, doing what's needed without having to be told explicitly, and no organisation can function without it.
But in organizations with opaque power structures, where it's expected that decisions are taken unaccountably ("Noen har snakket sammen", loosely, "There has been discussion", used to be an ironic phrase in the Norwegian Labour Party), people may easily slip into obeying in advance a tyrant who doesn't even exist. They're trying to please the responsible people who are surely in charge somewhere nebulously above them in the hierarchy, but those people don't exist, it's bullshitters like Starmer all the way to the top.
Snyder's had his first rule, but I have a first rule too, which I keep repeating, and that is that powerful people believe in all the stupid things regular people believe in. They just act differently on the beliefs. A common person who thinks covid was an ethnically targeted bioweapon rants about it online and gets banned from Reddit. A powerful person who believes it, thinks "it's important that we too get such a weapon, and don't trust experts who say it can't be done, they probably just have scruples". A common person who thinks a Jewish cabal rules the world maybe pesters his relatives with it all day. A powerful person who believes it - well, he's more likely to do something like what Starmer has been doing the last decade. You don't try to fight Bilderberg, obviously, you try to get invited to it. Once you do, (like e.g Jens Stoltenberg was) you probably get disappointed and try to figure out who the real competent ones behind them too are, and how to join them - but you're not terribly disappointed, because on the way up you've been rewarded by all the others who thought they'd be rewarded for supporting someone like you.
I think to understand Starmer is to understand that he comes from a public prosecutors position and he still thinks like it. Which is why everything that screens "justice" is highest on his agenda, this means that privacy-invading things are justified if law & order can catch more perpetrators. Also explains why he is totally helpless wrt the economy (not his forte).
Interesting comment. I don't think Starmer's trying to get invited to a Shadowy Jewish Cabal, though. That's... a bit out there.
Simpler take: The middle ground has been hollowed out. The old method (appeal to the centre) does not appear to be working. Starmer's throwing stunt policies at the wall to try to get some purchase.
> That's... a bit out there.
It certainly is. And he'd maybe use more classy words for it, if he ever could be convinced to talk about his sincere beliefs. But as I said, I'm fully convinced that powerful people believe all the out there things that regular people believe. We've seen so many examples of it over the decades, and it's otherwise very hard to explain why Starmer would keep doing things which are neither a popular thing to do or the right thing to do.
The simpler take you propose doesn't work for me, because "throwing things at the wall" suggest unpredictability to me, and Starmer has been very predictable if you assume what I have been assuming for a few years now. His actions are not the actions of someone who would try anything, quite the opposite.
Yeah, there's normal political corruption and graft, and then there are some who go above and beyond, taking unnecessarily destructive actions that don't even appear to benefit them in any visible way. Usually you can say, "So-and-so did X because Y," even if you disagree with X or think Y is a bad reason. You can at least see the motive.
When the action is clearly going to hurt their political career, and there's no indication that it will put money in their pockets, and they don't even make much of an attempt to claim they're fighting for a principle, yet they clearly have a purpose in mind and keep doubling-down on it, you have to start looking for a motive somewhere else. "They hate their own people" comes to mind, but that's not really an answer because it still leaves you looking for the reason why they hate their own people. Not all leaders do, after all.
> It's very hard to explain why things happen in UK politics without assuming he is trying to tank Labour.
Or they just focused on getting into government with very little plan about what to do when there, and with a particularly inexperienced team (few former cabinet ministers in the elected Labour MPs).
If Starmer were trying to do this alone, then what are the other ministers doing? The UK is a parliamentary democracy, not a presidential government, so it's not just him, it's the rest of the Labour stooges too.
Power is very concentrated in the PM's office and with the Cabinet Secretary. Even to the point where individual ministers are relatively weak within the system. One of the common lines you can find in almost any political autobiography in the UK (last... say... 30-40 years) goes something like "I entered government eager to grasp the levers of power, but never managed to truly find them".
The central party has frequently removed left wing candidates elected by local constituency members and imposes right wing blairite candidates by diktat.
something I think that needs to be taken into account here is that for 14 years the Tories made decisions far more harmful, far more disconnected, and--in isolation--far less popular with the public than anything Labour has even considered doing, and yet for most of that time actually gained in popularity. why? because most voters in this country read and read news sources in favour of right-wing politics, and even the news sources that are more "left-wing"--The Mirror and The Guardian--aren't as sycophantic anyway. if Labour had the sycophantic media support that the Tories or even Reform do, none of you in this thread would be saying any of this. you may ask "who even reads newspapers these days", but this is not really a useful point, as many people may not read them directly, but they still broadly set the narrative, the tone and the cycle, even if you're hearing it second or third hand via social media
this isn't to say that Keir Starmer is doing an amazing job. he's not. he's far too comfortable with authoritarianism and far too establishmentarian, and I would much rather someone like Andy Burnham in charge--even if you can trust his policy positions just as much as Starmer's from when he won the leadership--just because he has some energy and charisma about him, and you feel like he might be able to counteract Farage somewhat, but, at the same time, the level of scrutiny of Labour is incredibly unfair and before you criticise them yourself, you have to try and remember that you're viewing it all through that filter
Tbf, well implemented digital ID would be much preferable to the idiotic situation that we're in now. The emphasis on well implemented.
I still don't understand how someone is supposed to benefit from such a thing. If I want to use some service, I'll sign up for an account with it. The only thing a centralized ID is going to do is let the service correlate me with a different account on a different service, which is exactly the thing that I don't want.
How is someone supposed to benefit from a thing whose only function is to reduce the friction against forcing them to correlate their otherwise-independent activity against their will?
What I use my digital id for, is services, where the provider needs to know that I am me. I only use a small part of the services that we have in Norway that you can access with out digital id (BankID) solution, but those are useful for me, and I do not think all of them would exists without it.
For governmental services, I use it for things like logging into health care services. Where I've used it for checking my prescriptions, and communicating with my doctor. If I had kids I would have used it for contact with the school. An other governmental use is tax filling and tax returns which comes around every year, and this is just scratching the surface.
When it comes to non governmental usage, it is mostly bank and bank adjacent usage. I do use it to log into my different banks, my stock broker, and insurance providers.
The solution we have in Norway, is not perfect and one of the persistent problems, are that not everyone can get one, and since it is used a lot by the government, not having it, makes you a bit of a second class citizen. I do believe that they are finally doing something about that, and that the system will be redone a bit next year, so even if the banks don't like you. You will be able to get one.
> where the provider needs to know that I am me
You and the provider may have different ideas about where that line is drawn.
seems like you're using your social security number and the same password for all your logins
A well implemented system would somehow allow you to use your ID to prove you have the attributes a service needs (being over 18, able to drive, no criminal records, not a communist or whatever it is they need) without providing any further information that would allow multiple services to correlate ID's against eachother.
Better, but still vulnerable to deanonymization, I think.
And doesn't address many of the other problems (eg accuracy)
You're mistaken, the proposed system isn't centralized. The IDs only exist in the wallet.
The wallet uses Digital Verification Services (DVS) to poll APIs in front of the data the government already holds on you. These services check details you enter against that data and return cryptographic signatures for each. The wallet puts these together as IDs in a bespoke way, depending on what you need to prove. You can have any number of variations of ID and none of them are centralized.
Some of these signed proofs can be disclosed using Zero Knowledge Proofs (a cryptographic means of demonstrating something without demonstrating anything else) which would actually make it harder to 'correlate' you in the way you describe.
Another thing to bear in mind, the ID is backed up by the Data (Use and Access) Act 2025 which reinforces data protection laws and actually wards against the use you describe.
There's a lot of misinformation flying around about this proposal, but the design itself doesn't match the negative characterizations. It's surprisingly good and weighted to the citizen.
> You're mistaken, the proposed system isn't centralized. The IDs only exist in the wallet.
That's a password manager or authenticator app. You don't need a government to do anything to have that.
> Some of these signed proofs can be disclosed using Zero Knowledge Proofs (a cryptographic means of demonstrating something without demonstrating anything else) which would actually make it harder to 'correlate' you in the way you describe.
People always bring this up as a theory, but most of the ZK systems don't actually do this, e.g. they give you a bitstring that "doesn't identify you" but they know who you are when they give it to you, and you're meant to present it to a third party who could collude with the service who does know who you are to map it back to you.
In other words, the ZK proof is an attempt to bamboozle people with complicated math rather than something that really works.
The only way to actually prevent this is to make the data the user presents to the second service indistinguishable for all users meeting the qualification, i.e. if you're over 18 then you get a secret, everyone over 18 gets the same secret, and then the second service just gets the secret and compares it, and you rotate it with some interval which is at least a week. (You can't rotate it continuously or you get timing attacks; even once a week is giving up a non-trivial amount of entropy because you can narrow down the user to the people who have requested the token in the last week and repeat the process every week that person uses it to keep winnowing it down.)
But the proposals don't ever seem to do that, most of them don't even use ZK proofs or don't use them properly.
> Another thing to bear in mind, the ID is backed up by the Data (Use and Access) Act 2025 which reinforces data protection laws and actually wards against the use you describe.
You can't fix this by making it illegal because you don't have a mechanism to identify when they're doing it. You give them data that could identify you and then whether they use it for that happens behind closed doors.
Then you get all of the chilling effects even if they're not (currently) doing it because with no way for people to corroborate, people have to assume that they are. And on top of that, you've now deployed a system that ties everyone's activity to their identity and then it's just the stroke of a pen before they're doing it openly, or it comes out that they're doing it illegally but nobody does anything to stop it a la Snowden.
I don't dispute your general sentiment that the ZK terminology is abused. However, at least one serious attempt exists to deploy a real ZKP system.
Specifically, our system [1] is available as open source [2] and work is underway to implement it in the EU age verification app [3]. I understand that this thread is about the UK and not the EU, and I make no claims about the UK. The system is not theory, but it is already shipping in Google Wallet [4] and in the Open Wallet Foundation multipaz system [5].
[1] https://eprint.iacr.org/2024/2010
[2] https://github.com/google/longfellow-zk
[3] https://ageverification.dev/av-doc-technical-specification/d...
[4] https://blog.google/products/google-pay/google-wallet-age-id...
Don't you want ai governance or something? If the last human, political act is to ensure deanonymised data online, and there is then the capacity to slurp all that data up and auto-governance is ushered in, you then just need think about how to tweak the algo to get the effect you want. Who owns the algo, is the question.
That would require trusting a government such as the British one to implement it well. That's far too big an ask for them, so the current situation is preferable.
Tbf, the team behind .gov websites has been exceptional and I think that part of the digitization of government services has been done really well. So I think it's definitely possible - the question is will the government do that, or will they pay someone few billion quid for an off the shelf solution from a company owned by someone's uncle/brother/cousin that will be a flaming mess.
It’s not the technical expertise that is the concern.
It’s what the UK government has shown time and again when they ask for more data: they use it for previously denied-aims to expand their surveillance state.
https://en.m.wikipedia.org/wiki/History_of_mass_surveillance...
Unlikely.
British politicians who covered up the rapes of thousands of british children are unlikely to be easily shamed by a website going dark.
Evidence?
https://hansard.parliament.uk/commons/2025-04-28/debates/2E7...
Rather than jump into the raging press coverage or as some see it raging press coverup - here is a link to debate in UK Parliament that indicates there is an issue.
Where does that say politicians covered up the scandal, as the flagged post accuses?
Jess Phillips certainly didn’t, and Chris Philp is referring to authorities not handling reports correctly: an issue that has been raised since the Rotherham abuse scandal. A scandal, I remind you, where the current Prime Minister was in charge of the CPS and whom Andrew Norfolk (who broke the news story) specifically credited as working hard to uncover and prosecute the perpetrators of in his last interview with The News Agents.
Also, you just quoted a fucking Parliamentary debate on the very issue that was claimed to be covered up! Just let that sink in.
I was providing evidence that there was an issue.
Not trying to take a side.
You can retract your f**.
Yes there is a debate now and it is very open, and there are many reports that it was not so open and people were hurt for a long time. Was that political cover up? Each can decide - but I think the debate shows there was a real issue.
> I was providing evidence that there was an issue.
I never said there wasn't, so no, I won't retract my "fuck." I asked for evidence that politicians are covering up child trafficking gangs, and what you provided was not that.
> Yes there is a debate now and it is very open, and there are many reports that it was not so open and people were hurt for a long time. Was that political cover up?
No, it fucking wasn't. Get a grip. This is a serious issue and you're playing word games. That's why I'm talking to you like this.
There was a debate at the time the Rotherham scandal occurred. Multiple local inquiries were held. I pointed you at the News Agents episode that talked about this and you clearly paid no attention because you're still trying to argue semantics. Grow up.
Here is the results of the following Google search “uk coverup of rape gangs” and the results
https://www.thefp.com/p/muslim-grooming-gangs-cover-up-keir-...
https://www.economist.com/britain/2025/06/18/the-grooming-ga...
https://www.aljazeera.com/news/2025/6/17/what-is-the-casey-r...
https://www.theguardian.com/society/2025/jun/16/grooming-gan...
https://news.sky.com/story/grooming-gangs-scandal-timeline-w...
How the grooming gangs scandal was covered up https://www.telegraph.co.uk/gift/f247768ad7912bdc
https://theweek.com/crime/the-grooming-gangs-scandal-explain...
https://womenagainstrape.net/statement-rape-and-grooming-gan...
None of your sources back up the claim.
Straight up FP is lying, so you’re off to a fucking awful start. You can verify this against the News Agent interview I’ve mentioned for the third time now. Watch it on YouTube.
I don’t have an Economist account but it doesn’t seem to mention coverup in be lede. Given it would be the biggest political story in Britain, I doubt it says coverup by politicians.
Al Jazeera talks about the inquiry being ordered, still no coverup.
Guardian talks about the disgustingly bad reporting standards of the police. Still no coverup by politicians.
Sky News is a timeline of inquiries. Literal opposite of a fucking coverup.
Telegraph is talking about the inquiry that Labour eventually launched. It’s lying about the use of the term coverup: no abuse was covered up by politicians by running, or not, an inquiry.
The Week is an explainer for the scandal, no coverup by politicians.
Women Against Rape are talking about the police, not politicians. Anyone knows, and I already mentioned, the failures of the police here.
Did you seriously just waste your time finding links you obviously didn’t read to still fail to answer a simple fucking question:
Where is the evidence that POLITICIANS covered up child abuse rings? That was the flagged comment and you have failed to back the claim.
This has been happening for years but if you're in the US you don't realize. For example I can't access my local Montana newspaper web site from the UK "because GDPR" (even though the UK isn't in the EU).
There is a UK GDPR, it’s the same framework but adopted under UK law:
https://ico.org.uk/for-organisations/data-protection-and-the...
There are several US news websites that are completely blocked in the EU and UK since GDPR came into effect, because it was easier than caring about data collection. Probably many of them adapted since then, because everyone realized GDPR has no teeth and most websites that are not global platforms are not compliant.
The ironic thing is that in the UK/imgur case:
>The ICO also confirmed that companies could not avoid accountability by withdrawing their services in the UK.
Wonder if it could also apply to American news sites (and Japan's 5ch/2channel, I was told they engage in this as well).
No, they claim they can't "avoid accountability" by withdrawing services in the UK. What Imgur cares about is where its staff live and work and pay taxes, which is America. The odds that America will cooperate in going after Imgur if they just block the UK go from slim to none.
I don't remember the exact details now but that was mostly out of spite from presumably one entity (or a handful at most) that owns many US local newspapers though. They're not subject to GDPR anyway as they explicitly don't target EU users as customers, they just wanted to put pressure, pass a message to the EU.
And as you can see they didn't even bother updating their block after Brexit.
> in case just by being accessible there you incur a liability.
This is a dangerous precedent though that IMO everyone should fight against.
It's how we get the balkanization of the internet, and the death of it as a global network.
TBH we also shouldn't put the onus on blocking "unsafe" countries on the website owners, nor an intermediary like CloudFlare. If a nation wants to block certain content, let the nation deal with it by getting their own ISPs to block and make sure the citizen's anger gets correctly placed on their government and not the site operators.
> If a nation wants to block certain content, let the nation deal with it by getting their own ISPs to block and make sure the citizen's anger gets correctly placed on their government and not the site operators.
I don’t really understand comments like these. Even if you’re exactly right about how it should work, how would you make this happen in the world we live in? Neither the tech community nor ISPs nor cloud companies decide these things. Just because a matter affects us doesn’t mean we have much of a voice in it especially if it’s legal.
Laws about tech are decided by (idiot) politicians/parties/governments and the consequences are enforced by massive fines, imprisonment, etc. by law enforcement and selective (and often politically motivated) prosecution. In some of the worst places the consequences could include death.
Afghanistan just lost access to the internet almost entirely. China and North Korea are famous for their firewalls. Much of Asia has internet blackouts whenever there are large scale protests. The western world’s government has more legal jurisdiction/economic influence on the companies that run these things and are increasingly leveraging that for their desired censorship.
If the answer to this is democratic influence, the populations of many countries don’t really have that, the majorities in countries that do have it certainly doesn’t know or care about these things and wouldn’t vote for the pro-censorship politicians in the first place if they’d then vote to cut off their nation’s access to uncensored internet while preserving the uncensored variants, and even if the majority ever did care to get the system to work in this way there’s a global trend away from having their opinions on such things matter anyway.
I’m equally baffled by all of these calls for extensive regulation and enforcement of Internet rules on HN. Someone in the comment section is unironically calling for imprisoning parents who let their kids use the internet. There are suggestions throughout the comment section calling for ID checks on websites.
Is nobody thinking about what this actually means? Do you really want the entire internet to require ID validation every time you use it? Do you want your government deciding if your content is okay to view, or okay to post? Do you welcome the level of tracking of privacy violations that inherently come with this much government intervention?
It seems people on HN have a sudden wake up call whenever these rules get too close to reality, like when access to websites gets cut off or ID verification is added to websites that they use. My theory is that they’re imagining a world where only the services they dislike get regulated: The TikToks and Facebooks of the internet. None of these people calling for extensive regulation are thinking that sites they use would ever end up on the regulated sites list, but if you enjoy any site with user submitted content (Hacker News included) then you’re calling for additional regulation and tracking of yourself when you demand these things.
Requiring businesses that provide products or services that we've already decided should be age gated to check ID is not the same as requiring all sites to check ID. Stores that sell porn or drugs or guns in person need to check ID. That hasn't resulted in all stores checking ID, or even stores that sometimes check ID (e.g. grocers selling alcohol) checking it all of the time. They only do for restricted items. No reason web businesses can't do the same.
Sites with user generated content already have to have some level of moderation to remove copyrighted or illegal materials (e.g. child porn). So it's not a big difference to say if you want to have user generated content and not be considered an adult site, you need to take down any submitted adult content (or only allow it in adult verified areas or whatever). If HN doesn't allow people to post their amateur smut stories, it could then be unaffected.
> No reason web businesses can't do the same.
These aren't equivalent though. I can flash my ID to someone to buy cigarettes at my gas station and reasonably believe that no third party is storing my ID. The clerk looks at it (or scans it? I have actually never purchased anything requiring an ID before), and I go about my merry way.
If I go online to consume adult content, I definitely do not want my identity to be associated with my proclivities, and I certainly don't trust any third party to handle my ID with the sensitivity it ought to have.
At least in the US, some grocery stores will scan IDs when someone buys alcohol. In some states they are required to do so. I would be very surprised if they didn't then store that information. As far as I know there's no law against it, and they'll gather whatever they can. Firearms dealers are required to keep information about their customers. In contrast, the recent laws here that I've looked at all make it illegal for the service to store information related to online age verification. So you actually have better privacy protections with online adult content.
Okay: Now define "adult content."
Sure, fine - we can agree on the hardcore porn. Maybe we can even agree on exposed female nipples?
What about sex education material? What about any content that includes an LGBT person? Because if you think I'm being hyperbolic, read page five of Project 2025.
That's not in any way unique to online ID checks. If a jurisdiction decides sex education material falls under "adult", then it does, and you have to handle that if you want to serve that jurisdiction. If it doesn't then it doesn't. Same as someone who wants to run a physical bookstore and wants to carry such things. I'm not seeing the complexity. If you don't like the line a jurisdiction draws, the thing to do is complain about that, not say that online businesses can just ignore laws that everyone else has to follow (and sites like imgur are well-resourced businesses with 10s of millions of dollars backing them. They can absolutely be expected to follow laws).
It's also easy for almost everyone to avoid worrying about the lines by just... not trying to exist right along them. If your photography discussion site just has a "no nudity" rule (or blanket puts nudity into its own adult-only section), then you don't have to worry about whether your photo is tasteful art or porn. These are normal rules anyway because sometimes people want to look at their hobby sites in public or at work and just see bird photos or whatever and not have passersby think they're a gooner, or see a surprise decapitation, etc. Even 4chan moderates their hobby boards and separates which ones allow adult material.
The balkanization is being caused by the UK. No technical solutions prevent this.
It’s rather ironic, because the very kind of “social credit score” that we were told the Chinese are subject to is has existed in the West and is being implanted in a far more sly way with things like tone policing; arbitrary accusation of rule breaking of ever increasingly narrow, convoluted, and subjective rules enforced by faceless mods and surely son by AI bots, bans, and even extraordinary lengths to hunt down anyone that “evades a ban”.
I just heard about that TikTok has already implement a censorship regime that excludes topics and concepts for which you get a ding on your social credit score. Not even something that was done when China was racially in control of TikTok.
Welcome to Schufa in Germany, the “social credit score” without which is almost impossible to rent or buy in most German cities, if the report (which most folks hardly know how it gets calculated) doesn't have the right numbers on it.
That's just a basic financial credit score, and you can easily rent without one (even though some financial accountability is probably reasonable to balance the strong renter protection laws here). What's so nefarious about it?
Tell that to all the landlords I have met during the last 20 years, easily is not a word that comes to mind.
Only my very first rental back in January 2005 wasn't required, however I would say either it wasn't as widespread, or I was very lucky getting the flat from a university student leaving the apartment and her father (the landlord) fancying me.
Most of folks on my friends circle have similar experiences.
The intransparency and the constant attempts to get access to more and more data troves. And the borderline extortionate pricing - it's not the landlords who have to pay for each score report, it is expected that interested renters pay. Close to as vile as the real estate broker pages where you are chanceless until you pay for a premium membership.
It's how we get the balkanization of the internet, and the death of it as a global network.
That ship sailed at least a decade ago.
From small instances like your employer blocking certain web sites (Google Translate, seriously?) to China's Great Firewall to nations restricting access in certain regions (India, many others), to nations restricting access to certain web sites (Turkey, many many others), to entire countries taking themselves entirely offline (Afghanistan, most recently).
It depends on the kind of website. If you're not advertising, selling anything, or otherwise doing any business through your website you're much more emboldened to not care about every jurisdiction.
But if you're trying to make money through your website... well sorry you're doing business in those countries and I don't have a ton of objection to you needing to follow foreign laws.
I'm fine with "balkanization" (I know some people from the Balkan countries... maybe they'd object to the use of that word) if it means a freedom divide and actual consequences for countries ever eroding freedoms.
> But if you're trying to make money through your website... well sorry you're doing business in those countries.
Say, I'm the provider... well sorry, you (the customer) are doing business with a foreign country (mine) and you should do it in accordance with YOUR laws about YOUR country's foreign trade.
That's the only way to properly conform to jurisdiction, amirite?
In other words, UK has no jurisdiction over US businesses who conduct business from US soil, UK cannot force them to obey UK law just because a UK citizen decided to buy something over the internet. The UK can punish THEIR citizens for what the UK considers unlawful trades and that's always the case no matter what.
Claiming jurisdiction over foreign businesses ends up in a completely lunatic situation where every business, in every country, has to obey the laws of every other country just because some people might decide to order from abroad. Block, ban, punish only where you have jurisdiction, everything else ends up in sheer insanity.
OK, but that's not true, pretty much anywhere. If it's illegal to provide a service to people in a country, it's illegal wherever your site is based. It may be hard to enforce, and in most cases the authorities won't try, but if it's serious enough then they totally will. This is the same basis for extraditing people who sell rootkits or CSAM, or for when the US imprisoned the bosses of European gambling companies on charges of providing services to US customers. BetOnSports was a listed companies in London, and sports betting is legal in the UK. Didn't stop the US authorities arresting and imprisoning the CEO for years when he took a flight that connected via Dallas. (http://news.bbc.co.uk/1/hi/world/americas/8339338.stm)
In other words, might makes right. Law is only as valid as the implied violence if you break it.
> That's the only way to properly conform to jurisdiction, amirite?
No, you're not? It's pretty obvious that if you try to, say, sell illegal drugs to my citizens, I as a country will come after you even if it's legal on your side.
The internet blurred the lines because you don't "show up" in the buyer's country but there's nothing new here: both seller and buyer need to respect the law.
The thing about the Internet is it made cross-border interactions common and trivial.
If party A and B are interacting in jurisdictions A and B, which party has to abide by which jurisdiction's laws?
Is the consumer moving into the producer's jurisdiction or is the producer moving into the consumer's jurisdiction?
Laws tend to apply more to the business than the consumer around the world and it's probably fair that this remains to be true, but really it is a hard problem when to parties separated by a border are just sending messages back and forth and you're trying to figure out who has to follow which laws.
I love this idea of businesses doing and selling whatever the F they want and citizens being punished based on laws in their country. not sure why US businesses even have to obey US laws?!? just punish the consumers/citizens and be done with it
of course defining what “US” business is might be quite challenging, is Apple a US company?! They make nothing in the US and pay no taxes in the US … love this idea though!
> not sure why US businesses even have to obey US laws
Because there are laws for US businesses over which the US government has jurisdiction.
> just punish the consumers/citizens and be done with it.
That happens too, when consumers break the laws that apply to them. In the case of international transactions, the law has to account for the pesky jurisdiction:
It's nothing new, when travelers/consumers go through the customs, THEY are responsible for the goods they import, NOT the party that sold those goods to them! That's the only sane way to do it and it's an established practice, there's no reason to do it differently when a consumer imports something using the internet!
> of course defining what “US” business is might be quite challenging, is Apple a US company?!
Yes it is, also, Apple's branches in other countries are companies under the jurisdiction of those other countries. It's not that complicated.
> Because there are laws for US businesses over which the US government has jurisdiction.
but why we have laws at all? if the US business can do whatever the F they want in UK why not in US too?
The huge plus of the internet is that you can be disruptive on a global scale on a somewhat even footing to the giants.
If you place a giant burden such that before you even do anything of value you need to conform to 100s of different laws/regulations from 100 different countries you create a world where only large companies can exist and everyone else is pushed out.
Or, just ban children from the internet, same as gun ownership for 12yo's. Fine/imprison parents. This is a parenting problem, not a technical/business problem. Remove the supply of children and things will get better. A business cannot make laws or override laws with ToS and invent their own moral compasses - rather it is the sole responsibility of the parent on what their child gets exposed to (whether politics, porn, weird beliefs, spam, chat/user generated content). The parents have been getting a free pass all this time.
I completely agree with your argument.
Some parents are awful at parenting, so much so it makes me question why they had kids if they clearly don't care about bringing them up properly.
It's a no brainer that kids should have minimal screen exposure. There's even organisations which specifically state the most ideal screen time (basically none up to 18 months, 1 hour max up to 5 years old). iPad children will be a detriment to the future of any country.
The screen time is bad enough, without the sloppy content you can very easily find online. The best ways to destroy a kid are to saddle them with social media, media consumption and porn/gambling/vices at an early age. Their brain is being fried during development.
> imprison parents.
I’m consistently shocked at how authoritarian and draconian HN comments can be. Throwing parents in prison if their 12 year old uses the internet? Jail them and send their kids to foster care? This is your plan for improving the lives of children?
The internet is an extremely useful educational resource. It provides ways of communicating with people you want your kids to communicate with. it needs management by parents.
My kids have learned a huge amount from the internet. I have guided them, discussed what are credible resources, the harms possible etc, who they talk to and what they tell them....
There are solutions that would make it easier for parents - people need tools to manage this. Require that children use child safe SIM cards in their phones (they are available already - EE advertisers them). Home internet connections should be by filtered by default that can then be turned off (or off for particular devices in the ISP supplied router that most people have).
Internet should not be filtered by default, that’s ridiculous. Either make it a separate product that large ISPs have to offer (like you either choose the ‘internet package’ or the ‘child-safe filtered internet package’) or ask people as part of the sign-up flow whether they want filtering.
I think it’s bad for society to treat adults as children, I’m happy that it should be made obviously available (there’s some merit to the argument that tech-illiterate parents often don’t know devices they give their kids have parental controls at all), but not on by default.
> It provides ways of communicating with people you want your kids to communicate with
Who do you want your kids to communicate with over the internet ?
Their friends and family, obviously.
I’m surprised by all of the comments assuming the internet can’t possibly have any value for kids in any way, shape, or form. Did HN commenters grow up and forget what it’s like to be a kid with friends? With an interest in games or technology or discovery?
> The parents have been getting a free pass all this time
I totally agree but the UK government – particular Labour – doesn't want people to take responsibility really, because that would take from their own 'power'. There's nothing the UK loves more than a stupid population hooked on benefits and devoid of education, critical thinking and financial freedom.
Not the UK, Labour.
The Tories wrote the law for the recent changes to internet freedom in the UK. Labour supports it. Support seems to come from all sides across the political spectrum.
I think the Greens are opposed to it, and maybe Reform in one of their populist speeches, but the majority of UK representatives seem to support this law.
Based on this poll, most Britons also support the OSA: https://www.ipsos.com/en-uk/britons-back-online-safety-acts-...
They support the OSA because they think its only about stopping kids accessing online porn. They do not know it is much wider, enables tracking, and also stops adults access somethings.
They could have insisted websites include something like a TXT record saying they are "for over 18s only". Or even come up with a standard saying "this website is suitable for under 18s" under a dns record.
Then the bill payer can enable or disable access for three categories
* Under 18s
* Over 18s
* Unknown
as they are the bill payer and entering into a credit agreement requires you to be over 18. If you wanted belt and braces the phone companies doing PAYG could set it to disabled unless you authenticate your age to avoid the "buy simcard for cash" loophole.
ISPs could choose to implement finer grained controls in their routers. The majority of the big ISPs would likely block the "over 18" category by default.
> as they are the bill payer and entering into a credit agreement requires you to be over 18. If you wanted belt and braces the phone companies doing PAYG could set it to disabled unless you authenticate your age to avoid the "buy simcard for cash" loophole.
This is already the case in UK, has been for years. The bill payer needs to prove age with an ID to lift IP level blocks from some default age blocklist.
It doesn't work well because obviously a lot of internet is shared amongst a household, and the blocklist is too broad to make it annoying enough that any adults will remove it. Then of course you can always just use a VPN same as with the current situation.
Rather than DNS consider an existing solution that just lacks laws to require server operators to add it and web clients to look for it. That is RTA headers. [1] Adding a header is trivial and clients looking for it is an afternoon of coding from an intern. As a bonus there is no privacy leaks unlike third party adult verification sites. The onus would be on the parents to enable it. Teens will always get around it given they watch porn and pirated movies together from within G and PG rated video games and that will always be a thing but it could help small children.
[1] - https://www.rtalabel.org/index.php?content=howtofaq#single
> include something like a TXT record
The people writing these laws don't know about DNS.
This isn't really relevant because what is considered "suitable for under 18s" varies wildly per country. Some countries ban rainbow flags, others will happily sell alcohol to 16-year-olds. Plus, 99.99% of websites don't care about this and will be blocked by default if you block the "unknown" category. Grandma isn't going to call their ISP and ask to unblock pornography because the American knitting forum she's on doesn't know how to add TXT records.
Technical solutions don't solve political problems.
> The majority of the big ISPs would likely block the "over 18" category by default.
Existing UK legislation already requires them to do that.
> Or, just ban children from the internet, same as gun ownership for 12yo's. Fine/imprison parents.
It's an interesting idea. I presume that the there would be similar laws to selling guns. So there would need to be the national ID card and checks when selling any internet-enabled device. TVs, phones, cameras etc.
I as, a parent would probably need a phone safe, into which I could place my phone when I wasn't using it (though I suppose conceal-carry would be permissible). I;d probably want to have biometric locks on my TV, Chromecast etc etc and the children wouldn't be able to use the TV unsupervised unless all smart functions were locked down.
Doesn't sound particularly cool.
> It's an interesting idea. I presume that the there would be similar laws to selling guns. So there would need to be the national ID card and checks when selling any internet-enabled device.
12 year olds are not buying their own iPhones and monthly service plans contracts.
Creating a national ID system for this is a weird suggestion that would have no impact on kids whatsoever but would create another centralized database for adults and make basic purchases more difficult and prone to tracking. Why even suggest this?
All solved problems.
Phones can have passcodes, fingerprint readers, facial recognition (for parents face) to keep kids off them.
Devices can have multiple user accounts, each with different purposes and applications. On my linux laptop, I have two accounts, one for work & one for personal, with distinct applications and configuration.
If all else fail, each manufacturer can product a simple device that can only chat & call with parents in case of emergencies. Can be a simple smart watch or pager like design, or just a dumb phone.
We are at the point where children should not even be exposed to the news (which is primarily incendiary politics these days) unless it is a major event. Smart TV's has so much garbage on them, why should they be allowed to even watch what they want on it?
Either way, ALL of these requires the parents to actually be parents. We can create the perfect technological solution but if the parents expose the child to porn/drugs/social media etc etc and fry their brains, it is a parental problem and not a tech problem.
Lol.
One of my colleagues had Child Services round, as their daughter had told her school he was abusing her, because he confiscated her mobile (that he was paying for).
Good luck "parenting" any child in this day and age, when any seemingly minor things you think you can do as a parent, lead to that sort of outcome.
How'd you keep a kid off the internet, when they're happy to say anything to the authorities get that internet access back?
That failure to do proper parenting happened 5-10 years prior to that event, while all dangers were already very well known and obvious.
I am a parent of 2 young kids. Its supremely easier for me to just fuck off, give them screens, any screens and do my own thing, rather than get up and just fucking spend time with them, no screens just physical fun and games. Add mental dimensions to the games as much as you want, but they need to be manual, analog, electricity can be max in form of some physical buttons.
There are 2 types of parents among my peers - those who at least try to be a good parent, most of the time. Literally everybody knows how screens or junk food are damaging, there is no escaping to ignorance of this simple fact. The other type, they are a failure themselves - often obese themselves, empty shallow life without proper healthy passions, glued to their own phones all the time, evenings spent mainly in front of TVs. The type, when they die (and have the time to reflect before) are full of regrets and hate.
Without major exception, kids reflect very well into which category their parents fall into. My best childhood friend falls firmly into second category - whole family is obese (while he was multiple times a wrestling national gold medalist in his late teens and ripped). He is a heavy smoker, both cigarettes and pot, quiet mild alcoholic by his own admission (his wife too given how she gulps whole bottles of wine), no hobbies apart from gardening, no passions, just displays everywhere. Unsurprisingly, their kids are the same, just glued to screens, overweight. They never stood the chance, its always a sad experience to visit them.
All this while he thinks how good their live is compared to many people around them. Subconsciousness desperately ironing reality so they feel better about their lives, despite seeing facts every day from all directions how that ain't true. It keeps breaking my heart every time.
The prime responsibility of a parent towards their child is to do their utmost to raise a happy, well balanced individual who knows what they want in their lives and once adult (or even before) will just get up and go for it, whatever it is. I would personally add a pinch of self-discipline to make it all more probable, also a rare sight these days. Now how many parents around you are like this.
And what happened when child services came? Exactly nothing.
I'm a parent, and it's hard, but 0% of it is hard because of the government meddling in my parenting.
> Good luck "parenting" any child in this day and age, when any seemingly minor things you think you can do as a parent, lead to that sort of outcome.
You can tell who doesn’t have kids by the way they extrapolate from the most extreme anecdotes they’ve heard anywhere.
As a parent, I guarantee you that children calling CPS for having rules imposed is not a common occurrence. You can’t really believe that any household with children is getting visited by CPS whenever they ground their kids.
> Or, just ban children from the internet, same as gun ownership for 12yo's.
wait... wut? Gun ownership for 12yo's? wtf :D
Though the idea of "internet only for adults" is not that bad IMHO. Yes, internet is (well, at least was advertised as) infinite-resource-of-knowledge but we know how it turned out - IMHO minority of underage use it to spend hours reading wikipedia and instead spend hours glued to crap like tiktok (though crap like that should be banned altogether as well :D)
https://dash.cloudflare.com/?to=/:account/:zone/security/sec...
(ip.src.country eq "GB")
The point the parent is making is that you don’t have to manually keep track of the countries you need to block. You just tell Cloudflare what your website does / what type of laws may be problematic, and Cloudflare manages the blocklist automatically.
Makes a lot of sense actually that it’s surprising they don’t have this yet.
My guess is liability factor. If they get it wrong, massive liability on their side especially since someone could be like "I told you X" and Cloudflare didn't think the law applied or not.
Better to put onus on the customer.
This is already a fact of life: Amazon, Cloudflare, etc all manage blocklists for common patterns in firewalls, and many compliance standards (e.g. SOC2) pretty much require you to enable them. Mistakes are sometimes made in these things, but fairly certain that liability is covered by the ToS.
“”” Our analysis reports that the regulations that are currently being discussed and likely to have an impact on the following services of yours: {{SERVICES}}.
These regulations touch on the following points: {{POINTS}}.
Here are how each of your listed services would likely be impacted by the different components of the regulations:
- {{SERVICE}}
— {{POINTS}}
“””
So the entire internet goes off during La Liga?
No? That's the other way around, ISPs blocking server IPs for customers. This is about servers blocking legally risky visitor IPs.
So a service like CloudFlare is the Great firewall of the world and CloudFlare can shut you down if you go against their interests as a supranational gatekeeper.
Smart thinking Batman.
> CloudFlare can shut you down if you go against their interests as a supranational gatekeeper
They already can.
> Smart thinking Batman.
“Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes.”
“Be kind. Don't be snarky."
Sometimes I think you can ignore the "rules" a bit - they are really guidelines. Your parent was clearly expressing exasperation and engaging effectively and intelligently.
agreed on that ... I'm not too happy with how CloudFlare tried to flex their influence on AI training, so I certainly wouldn't want them in charge of gatekeeping the whole internet.
But the truth is, we are already there. CloudFlare can already do this, they just won't because the their customers will leave if they violate their trust.
The people turning on the "block UK" button can block the UK regardless of what CDN they use.
Cloudflare just offers a button with fewer false positives than naive GeoIP databases. They're not so much gatekeepers as they are the security guards hired by the stores themselves.
Cloudflare just provides the tools, ultimately it’s the website owner’s decision how to use them.
Not really. It's more like Cloudflare is providing an ipset in your iptables config. It's not Cloudflare's decision: they're just making it easier for you to do it.
Quite the opposite! There's an opportunity for a service like CloudFlare here to give people a simple toggle that manages to circumvent such geoblocks. ;)
>There's an opportunity for a service like CloudFlare
i don't think "compliance" in a micropennies per click market like imgur is a full on "opportunity"
> for a service like CloudFlare
Not Claudflare though, let's not feed another monster monopoly :)
I was going to say, had this happened back when reddit was still using imgur exclusively, then the UK would have really suffered.
Maybe they can tell the countries where they are anyway not going to do any business anymore - no, you block it.
You can pretty much get rid of the entire internet that way. All across the USA there are "child protection laws" banning pornography (what's pornography? some politicians say it's mentioning that trans people exist!). Countries like China and Russia have legal mandates to store and process data within their borders. China requires a license to even host a website. The UK and EU have the GDPR, and now the UK also has the OSA. Then there are the incompatible privacy laws (for instance, EU courts have considered DNT as a legal measure to deter tracking, while several American states ban explicitly prevent the DNT header from counting). Oh, and of course, any website with any kind of user-submittable content is subject to laws like the DMCA and the recent EU anti-CSAM laws which put site operators in grave legal risk.
I don't even know what laws apply to the Middle East, Africa, or South America, but I'm sure there are enough of them to make most sites culpable in some way.
what's wrong with a vpn?
mullvad basically allows me to go around all the censorship in my country: https://mullvad.net/en
Does anyone know what their actual exposure currently is/was in the UK? They actually had offices and staff there?
To your point about the proposed service, isn’t that what cloud providers basically already do in rudimentary ways or could do with finer grain regions?
Also, it seems the internet/WWW is basically being snuffed out right before our eyes as governments start using all manner of specious arguments to censor and control adults… for the children… of course. You as an adult are not allowed to have your rights because children may be harmed if you have your rights. “ No, no, we can’t keep the children from engaging in things that we deem harms them, your rights have to be relinquished instead.”
The UK has been doing this sort of stuff for at least a decade. For example they have the PIPCU which under the guise of copyright threatens 10 years in prison for sites not even in their jurisdiction.
https://torrentfreak.com/uk-police-launch-campaign-to-shut-d...
And with that, they have at the least gotten registrars not located in their jurisdicrion to transfer domains
https://easydns.com/blog/2013/10/08/whatever-happened-to-due...
The US has always claimed jurisdiction on foreign-hosted but US-accessible content.
Do people forget the owner of Megaupload being extradited? In many ways this is just catching up to the current US state.
And there's a lot of confusion here between basic consumer data protection laws and (IMHO massively overreaching) "Online Safety" laws. This isn't Imgur making a stand for free speech, this is Imgur wanting to track and sell user data - to which minors cannot consent. Putting on my tinfoil hat you could argue that many of these companies are trying to encourage this misunderstanding intentionally.
> The US has always claimed jurisdiction on foreign-hosted but US-accessible content.
Committing crimes remotely from another country was never a loophole to escape the laws of that country.
When a country requests extradition they’re not claiming jurisdiction over another country. They’re saying that a crime was committed in their country by the person and they’re asking the foreign country for cooperation in prosecuting that person.
The MegaUpload case is not equivalent to what the UK is doing. MegaUpload was operating as a business, taking payments, and exchanging money. Once you start doing explicit paid business in a country you can’t claim you’re not involved with that country.
If a country starts claiming that merely making content accessible globally is a crime in their country, that’s an entirely different issue. Not equivalent to the MegaUpload case.
> Do people forget the owner of Megaupload being extradited? In many ways this is just catching up to the current US state.
Again, false equivalence. MegaUpload was operating as a business with US customers. They also had some hosting in the United States if I recall correctly.
Once you start doing business in a country and have customers there, you’re involved with their laws.
> The MegaUpload case is not equivalent to what the UK is doing. MegaUpload was operating as a business, taking payments, and exchanging money. Once you start doing explicit paid business in a country you can’t claim you’re not involved with that country.
I’m not entirely sure the argument that the MegaUpload case and this Imgur case aren’t equivalent really holds up here. Imgur are collecting data from minors in the UK, and presumably selling that data (otherwise, why bother collecting it). Which is a crime in the UK (and the EU). You’re not allowed to collect people’s data and sell it without consent, and minors can’t provide consent (that’s basically what makes them minors).
Presumably Imgur sells adverts, and likely sells adverts to UK buyers. So for pretty much all the reasons you outline that the US should have jurisdiction over MegaUpload, the UK should have jurisdiction over Imgur.
I also take issue with the idea that being paid for something is the bar that we should be assessing a companies involvement in a country by. Obviously conducting monetary business transactions in a country is a very strong argument for jurisdiction. But it’s less obvious to me that breaking local laws, without making a profit, should somehow exempt a company from that countries laws. Particularly when the laws in question deal with how a company directly interacts with the citizens of that country.
And they certainly do have monetary transactions, just not with the people whose data is handled unlawfully. A sharper-toothed law might also prevent UK companies from using data sets fed by Imgur… but I doubt that will ever happen. I’m honestly pretty sick of surveillance capitalism entities just doing whatever they hell they want and pretending like the privacy policy is actual consent.
>They’re saying that a crime was committed in their country by the person and they’re asking the foreign country for cooperation in prosecuting that person.
Seems like a loophole for arbitrary criminal accusations of a people living abroad who are not affiliated with the country making the accusations. With this kind of logic, adult website operators should be extradited to some middle-eastern country for violating their sharia law online. It's wrong. Site operators living abroad should not be held accountable for not adhering to arbitrary local laws, unless they are conducting business directly in that country.
But that is exactly how it works.
Middle Eastern countries are not able to convince e.g. the US or any of the European Countries to extradite their citizens (or sometimes legal residents) for violating the moral codes of let's say Saudi Arabia or Afghanistan.
Because these countries know that (and becaue of diplomatic consequences) the law and/or government there doesn't even try it. But if the CEO of a porn site travels there he can and most likely will be held accountable. Tha
If it's a crime in both jurisdiction prosecution is certainly a possibility and happens regularily (or both countries cooperate to convict people without extradition)
Ultimately the United States have a lot more diplomatic sway over the world than some random country and that's why they can and do ask for a lot more.
If you ever need an example of everday US soft power that it is.
> unless they are conducting business directly in that country
Imgur was showing ads (business) and collecting data (business) and operating a message platform (business) in the UK. They have stopped.
This seems fine?
Imgur offers services to UK-based customers, allowing them to view and host images in return for viewing ads. You used to be able to optionally pay for a pro account, though the vast majority of users use the free ad-supported option, and that is now the only option.
Megaupload's business model was pretty much exactly the same - but with "any" file instead of just images.
If the UK version didn't have ads, and UK-focused ads at that, they might have a point - but I don't see any "false equivalence" here.
And playing games about "indirectly" monetizing people (through ads or similar) doesn't mean they aren't /customers/. Otherwise every consumer law would be trivially worked around.
Not showing ads and not collecting data are two completely different things. If I could choose between annoying banner ads and being tracked and followed and linked and spied on, I’d take ads every time. I’ve never paid for a freemium where they just stopped all of their creepy telemetry as soon as I started paying them.
Megaupload is a weird one. He hosted in it the USA, giving USA jurisidction. Also it's still going through the courts in New Zeland and USA and hasn't been proven hes guilty. And if I recall he did alledge he followed the DMCA, which if he ever is extradited might save him if it is in fact true.
> And if I recall he did alledge he followed the DMCA,
They didn’t even completely follow the DMCA, though. They had active features to detect duplicate uploads via file hash and link them together via deduplication, but a DMCA takedown request would only remove one link to the file rather than actually remove the content.
They claimed a lot of things and tried to ride a wave of internet populism, but their case wasn’t really as controversial as they tried to make it.
> And if I recall he did alledge he followed the DMCA, which if he ever is extradited might save him if it is in fact true.
It 100% won’t; there is no DMCA safe harbor for criminal conduct, only for a narrow category of civil liability.
You are misapropriating. Copyright infrigment can become criminal if you willfully violate it. If you then take earnings from the willful infrigment and launder them, it becomes other crimes. But if you follow the DMCA and qualify for safe harbor, what copyright crime have you commited that would go to criminal?
Or to give you another example in backpage the founders where aquitted since the judge could not trace that the money came from a "criminal source" https://www.courthousenews.com/backpage-executives-acquitted...
> But if you follow the DMCA and qualify for safe harbor
Yes, it is only possible to qualify for the safe harbor, if you haven’t committed criminal infringement.
But, as criminal infringement is not part of the DMCA, following the DMCA has no probative value against accusations of criminal infringement. Criminal infringement means you aren’t qualified for DMCA safe harbor regardless of whether you follow the DMCA, but following the DMCA doesn’t mean you aren’t guilty of criminal infringement.
> Or to give you another example in backpage the founders where aquitted since the judge could not trace that the money came from a "criminal source"
Backpage has no relevance to criminal copyright infringement. About the only connection between this case and that is that Backpage was also a nexus for a lot of misinformation about a (completely different, Section 230 rather than DMCA) safe harbor provision.
Backpage is on point as well as the overall point is the same, you cant be liable for crimes related to the inital crime if its not actually a crime. Ie if the gains are not ilgotten, you can't be tried for laundering them.
If you follow the DMCA (e.g., honor takedown notices, register an agent if you’re a platform, and act quickly when notified), your exposure to criminal liability is essentially zero.
> The US has always claimed jurisdiction on foreign-hosted but US-accessible content.
There’s been multiple cases where non-US gambling websites have had their domains confiscated by the American government because they have American users, going back about 20 years.
Doing business in the United States (by having customers there and examining money) will subject you to their laws.
And imgur has users in the UK, and is showing them ads and collecting their data (both things of monetary value). Consequently the UK claims they are subject to their laws
The arguments are very similar. You could claim that only accepting fiat currency should count, but that would open a massive loophole that would be trivial to exploit
US can only confiscate US domains, right?
Claiming jurisdiction is one thing, ensuring cooperation of the host state is another, and requires either kowtowing to the US or similar legislation, even if there is an extradition treaty.
Don't nations have some right to enforce their copyright laws (civil and criminal) outside their own territory, via treaty?
If you’re an author from a Berne country, you get the same rights in every other Berne country as the nationals of that country.
Example: If you’re from Mexico and your work is infringed in France, French law protects you like a French author. So you could sue where the infrigment is happening, ie france.
The notion that a 17 year old cannot consent to user tracking is absurd
But the notion that a five-year-old is able to consent to anything is absurd. So we have to draw the line somewhere. The UK has chosen to draw the line at 18, which for some kids will be absurd, yes. But for others it will be appropriate. And yet others will still not be emotionally mature at 18 and capable of making that kind of decision properly.
UK's age of consent is 16. So yes, the idea that a 16 year old can consent to sex but not to cookies is indeed absurd.
Not just the UK. In about 30 of the United States of America the age of consent is 16 [1]. Beyond that marriage is permitted with a note from parents of the minor and approval from a judge up to 1 or 2 years below the AoC depending on the state.
[1] - https://en.wikipedia.org/wiki/Age_of_consent_in_North_Americ...
No, what is absurd is everyone having their data tracked and sold, including minors.
And the notion that if you reject all tracking, these scummy companies will not actually track you
It would be particularly absurd to think scummy companies wouldn’t track you if the requirement for consent wasn’t enshrined in law, and failure to comply with the law didn’t come with consequences.
But would you at that, this is a discussion started by a news article where one of the scummy companies is discovering what those consequences are. So something must be working.
That’s because you’re looking at this ass backwards. The law determines an age at which a person is considered capable of making legally binding agreements, like providing consent. In the UK that’s 18, with some exceptions.
It would be absurd for the UK to create a special exception to allow underage youths to consent to user tracking at an age lower than the standard age for legal consent in any other context.
The UK is considering making a special exception for underage youths. A pretty big one at that: https://www.bbc.com/news/articles/c628ep4j5kno
its more complex than that. There are many agreements you can make younger than that. Kids can, for example, buy services such as transport (e.g. the monthly bus tickets my daughter bought at 18) that are subject to legally binding agreements. They can buy things in general, on and offline. You can enter into employment contracts in general at 16, and for some limited exceptions even younger.
Why is it absurd?
IMO, the law should establish some parental rights over their children, I don't think this is controversial. You can argue with what the limits of the rights are, how they interact with the rights of the child, and how that changes as the child ages, but the basic ideas is pretty sound.
And then given that, it is the role of an elected government to determine all these factors, subject to review of the courts. That all seems to be working here.
So has alot of Europe to be fair, I think it's a cultural thing honestly.
Wait, so you can host a torrent site in the USA and not get your domain ceased by the FBI?
If you follow the DMCA I don't see why not.
The category of civil liability for which the compliance with the DMCA notice and takedown rules offers a safe harbor, first of all, doesn’t overlap with the conduct which constitutes criminal infringement but, more importantly, even if it did the DMCA safe harbor only applies to civil and not criminal liability in the first place.
“Following the DMCA” is irrelevant to anything the FBI would be involved in.
The DMCA absolutely applies. If you follow it, which includes no induction or willfull infrigment, you never rise out of civil liability to criminal. The FBI gets involved once you're past that.
This is not true. The DMCA’s “safe harbor” provisions do not provide any sort of bulwark against criminal prosecution. Only against civil liability and injunctive relief.
If you follow the DMCA (e.g., honor takedown notices, register an agent if you’re a platform, and act quickly when notified), your exposure to criminal liability is essentially zero.
Because the DMCA’s safe-harbor provisions only apply to sites that adhere to its requirements. Sites whose primary purpose is to host torrent files or infohashes arguably don’t qualify.
If the DMCA allowed US operators to host torrent catalogs openly, there’d be a plethora of them.
The US does allow it. No one has tried it without trying to induce cipyright infrigment or following the DMCA properly.
Also its hard and extremely expensive to defend yourself to prove it in a niche specifically where people are looking not to pay making it harder to montize to defend properly.
> No one has tried it without trying to induce cipyright [sic] infrigment or following the DMCA properly.
Why do you think that is?
No because torrenting is anti-capitalism and that's not tolerated culturally (Communist behaviour). However I doubt they'll be blocking WhatsApp and iMessage any time soon, or making people upload their ID to watch "adult content".
> However I doubt they'll be [...] making people upload their ID to watch "adult content".
They just forced TikTok US to be sold to a US company with a US commissar as a board member.
Europe isn't a cultural monolith. This is an issue of MEP accountability and transparency. Look no further than Chat Control to see how far they're going to ensure that the people in favor of it remain nameless.
> The ICO also confirmed that companies could not avoid accountability by withdrawing their services in the UK.
This is quite a slippery slope. If I host a website in one country, I do not necessarily care where people access my website from. It is not like I actively provide a service to them - they just use internet (decentralised network) to access it. What if I publish a newspaper here, someone takes it where the contents are illegal, am I accountable?
The following paragraph might shed some light on what that means (emphasis mine):
> We have been clear that exiting the UK does not allow an organisation to avoid responsibility for any prior infringement of data protection law
In that context it's completely fair to say "leaving doesn't absolve you of past transgressions".
Edit. If Imgur made any revenue from UK users then it becomes impossible to claim plausible deniability on any definition of "providing a service". If the UK can do something about this is a different matter. They could make CEOs/board personally or even criminally liable for the company's failure to pay a fine but probably won't.
Definition of 'Revenue in the UK' is a bit debatable though isn't it?
I sell a advertising package from my US HQ based self serve advertising portal to a British company who use the service to advertise to customers in the UK. Ok - kinda UK revenue. How about 'To advertise to customers in the US' well it's getting highly debatable.
What about I sell advertising packages to a US company from my US HQ but someone in the UK views and advert on my site and therefore generates me 0.001¢ - debatable.
> What about I sell advertising packages to a US company from my US HQ but someone in the UK views and advert on my site and therefore generates me 0.001¢ - debatable.
Not entirely sure what is debatable about this situation. You quite unambiguously derived revenue from a UK citizen here, although not much. If you didn’t want that revenue, then don’t display ads in the UK. If that makes serving traffic to the UK uneconomical, then don’t serve traffic to the UK, problem solved.
In practical terms, nobody’s give a crap about you making a couple of dollars here and there incidentally from UK citizens. It quite another matter when your business is clearly dependent on deriving revenue from UK citizens, and you take zero steps to try and comply with UK law.
It’s pretty simple, if you want the revenue, the you have to follow the law of the countries your deriving that revenue from. Don’t want to follow the law, then simply don’t try and derive revenue from putting adverts in front of citizens from that country, or by collecting and selling their data.
OK, so if I'm a blogger making a few hundred dollars a month from adsense on my blog, I'm actually subject to every single jurisdiction on the planet unless I actively (and completely!!!) block access from there?
This is why a lot of content is hosted on large platforms that handle this risk for you. But if you don't collect any personal data on those users your exposure is minimal but technically some jurisdiction could claim you allowed access to "illegal content" under their law.
Most of these jurisdictions can't actually do anything about it, but they can claim they will. The UK might actually be in this situation.
This is exactly why I said this is a slippery slope. Some people in other threads argued you are providing a service, but to me this makes no sense. You are not actively doing anything or targeting people from countries that might somehow interpret your content or activities illegal.
This always appeared to me to be quite similar to serving UK tourists say in Thailand. Should that make massage parlors subject to UK law?
The equivalent would be geo-blocking the UK, and then someone from the UK travelling to the US to view your site to work around the restriction.
You have a level of plausible deniability there.
I think "UK citizen" should have been replaced by "person acting from within the UK". This is how it is defined in the context of GDPR - the nationality doesn't matter, what matters is where you are when you are provided services.
> Definition of 'Revenue in the UK' is a bit debatable though isn't it?
But I didn't say "in the UK", I said "from UK users". If Imgur monetized anything coming from a user in the UK then they can no longer pretend they weren't offering a service. They knowingly used that data to make money, it wasn't that someone accessed the site and that was the end of it.
It's the difference between going in and out of a restaurant, compared to sitting down, checking out the menu, and eating then refusing to pay because the prices are ridiculous. The latter removes any pretense of deniability. If they disagreed with a ridiculous law they should have put in a modicum of effort to block the service in the UK from the start. Instead they made money for as long as they could and now pretend to stand up for the little guy and fight abuse.
how can you be charged after you leave if you leave before the law goes into effect? doesn't the UK have ex post facto protections?
Thankfully the law, GDPR, went into effect about 7 years ago, so that shouldn’t be a problem here. This article is about the enforcement of that law.
It appears that you are mixing things here.
It's not about "hosting a website", it's about providing services.
If you provide services, like selling a newspaper, in the UK, you need to respect their laws, or you will suffer the legal implications of not doing so.
And regarding the accountability, it refers to the fact that imgur USED TO provide services in the UK:
> We have been clear that exiting the UK does not allow an organisation to avoid responsibility for any prior infringement of data protection law, and our investigation remains ongoing.
Companies providing services outside the UK can infringe all the UK laws they want, the UK doesn't care.
But as soon as you decide to provide services in the UK, you have to follow the law. And, as they explain in the article, if you break the law, stopping to provide services in the UK will not absolve you for your past wrongdoings.
Does every single website that exists and is available in UK automatically provides services in UK? Isn't it just simpler to completely block every request from UK by default to "not provide services"?
Transactional services (I don't know if that's the right word), where you have a known user, is different from passively providing web pages that people can read and you don't track them or ask them to register for an account.
But I think that distinction was pretty moot when web 2.0 came along.
Imgur's entire purpose is clearly to host user generated content though, so you can't argue it's not "providing services".
> Imgur's entire purpose is clearly to host user generated content
Not at all. Imgur does the passive side too. And by number of operations, it is by far the biggest one.
Without user-generated content there is nothing to host. And in any case they long ago turned from an image hosting site into a social media site. There's reactions and commenting as a core part of the service now.
> Without user-generated content there is nothing to host.
So what? Without the passively-read content there'd be no user-generated content.
> There's reactions and commenting as a core part of the service now.
It is totally optional.
> that imgur USED TO provide services in the UK
Meaning that the servers were located in the UK, or that the users were, or both?
It's so ambiguous. Let's say I'm a citizen of country A, currently residing in country B. I'm using a VPN headquartered in country C to make my traffic appear to originate from country D. I access a web site with servers physically located in country E, that uses a load balancer / cache hosted in country F. The company that runs the web site is headquartered in country G but has employees in countries H, I, and J.
Whose laws need to be followed?
> Whose laws need to be followed?
The ones where you reasonably believe your customers are based, and where your employees are based.
Lets be honest, 1% of your customer base using a VPN is not going to cause you issues, unless those people are uploading something that would cause the state to act (ie CSAM, fraud, drugs, terrorism, you know the big four.) Given that this is the ICO, and nor OFCOM, we know its to do with GDPR violations, not moderation.
its not like the ICO just sent an email saying "lol you're being fined, bye". They will have had a series of communications, warnings asking for reasonable changes, time lines for change.
The ICO has discovered that Imgur are breaking GDPR in a fairly big way and in a way that can be easily detected by an understaffed and over worked semi-independent organisation.
moreover breaking GDPR in a way that is obvious enough in a court of law[1], bearing in mind that the UK, just about has a working independent and largely neutral judiciary that isn't easily intimated into doing the governments whipping.
[1] the ICO doesn't tend to be showy.
Seems like B and G. Then if you do business with A (what the GPDR calls "UK Establishment") and A has laws governing its citizens abroad like the UK GPDR then also A.
But the traffic is coming from country D rather than country B. There's no way for the company to know that the person and their interactions is subject to the laws of B rather than D.
Most sales aren’t that complicated. Usually UK law targets anything sold to people who are physically in the UK, paying in GBP. Which from the sounds of things, was something imgur did.
Does it also count for people in the UK using a vpn? What about people in the UK paying using American money? It’s not clear, but it doesn’t really matter. These laws target the service providers, not the customers. If you website says “this product isn’t available to UK residents” and you IP block and don’t take GBP as a payment method, nobody will get too angry if a spattering of tech savvy people get around the block using a VPN.
What service is Imgur providing in the UK specifically?
Memes.
OFCOM: You are are hiding illegal Pepe menes underneath your floorboards aren't you?
- UK 2025
Wrong regulator. This is the ICO, and almost certainly a GDPR violation. Nothing to do with the more recent madness coming out of the UK.
It’s you who are mixing things. Putting up a website outside the UK and “deciding to provide services in the UK” are two decidedly different things.
UK legal imperialism is self centered and unrealistic and undermines speech the world over.
The US does exactly the same thing, including at the state level. See e.g. https://en.m.wikipedia.org/wiki/United_States_v._Scheinberg
And you’re suggesting that if the US does it it is ipso facto a good idea? Strange reasoning.
This is also apples and oranges. Running credit cards involves knowing exactly where people are located. You do in a real sense “decide” to do business with people in a given country.
Not every website does that. Some just serve posts to all comers. Some allow people to upload an image. Deducing where those people are from is non trivial. When I blog something I’m not “deciding” in any meaningful sense to “serve” people in country X.
I’m guessing that Imgur happily accepted the ad revenue from UK users while it served them images. If you genuinely were “not providing services” to UK users, you wouldn’t do that.
I’m not happy with extraterritorial assertions over internet services either, but you can’t wish them away with sophistry about “we’re not providing services to them!” if you’re happy to take their money and serve them a page in exchange. That’s the definition of a business providing a service to a customer.
Do they run their own ad network, or do the ad networks take the money from advertisers and cut Imgur a check? Maybe instead of trying to enforce your standards on every little site on the internet, you should just focus on the people who actually have a direct point of contact with money coming from UK businesses. (Yes, the ad networks.)
It’s completely absurd to say that some hobbyist would have nexus in the UK because they run a Google Adwords campaign to get some occasional pocket change from their project. Pre-Internet, it would be like going after a US magazine because someone brought home a copy from the US. Websites are not global entities by default, somehow responsible for obeying laws across nearly 200 national jurisdictions and many more state/provincial/local jurisdictions, across different languages and legal customs. Completely absurd! Who do you think you are to demand such a thing?
On the other hand, I think it would be perfectly fine to say that UK domiciled ad networks cannot put their ads on sites that violate some arbitrary standard. (An anti-freedom law to be sure, but at least it’s consistent with common international conventions.) This puts the onus on the ad network, rather than the site owner, who may not know or care who is visiting or from which country.
The standard you are proposing here ultimately boils down to "you can do business in a country without being subject to its laws, as long as your commercial transactions with the customers in that country are laundered through a sufficiently convoluted network of international companies like payment processors and ad exchanges". I don't think it should be terribly surprising that states don't subscribe to this view of sovereignty and jurisdiction.
> I don't think it should be terribly surprising that states don't subscribe to this view of sovereignty and jurisdiction.
Well they will have to put up with it, as they have done over the past few decades. Or, alternatively, they can engage in aggressive China-style site blocking. Only the US has significant extraterritorial legal reach.
IMHO, this policy is a transparent effort to forcefully alter the content policy of US companies. It’s more about political influence than it is about “content safety” at home. (Unilateral site blocking, perhaps with an appeals process, would be a much more effective approach for this.) The UK will regret the consequences if they push too forcefully on this.
> IMHO, this policy is a transparent effort to forcefully alter the content policy of US companies.
I don’t see it that way. US companies have an atrocious record wrt user privacy and security. The Europeans don’t want their citizens data being bought and sold by online providers. And that’s a reasonable demand! Either clean up your act or leave Europe & the UK. If US companies don’t want to obey UK laws, they can’t do business in the UK. It’s just like farmers can’t sell produce in the UK if they don’t meet British health standards.
Consider the inverse: imagine if another country ran a porn site which blatantly hosted underage content (CSAM). Under your view of the world, would the us govt be ethically entitled to tell the site to clean up its act or it’ll get blocked from the US? That sounds fine to me. I’d be shocked if they were even given a warning about that. But how do you square that circle? Wouldn’t that be a “transparent effort to forcefully alter the content policy of another country”?
> tell the site to clean up its act or it’ll get blocked from the US
Yes, that would be fine, as it would be here.
What I have a problem with is nations saying that a site built and hosted in a totally different country with a different set of laws and norms is “illegal” globally. Yes, I don’t like it when the US goes after people like The Pirate Bay abroad either, but that’s a result of the US being able to bully other countries for whatever reason it wants to. (That also needs to change.)
If Europe or the UK wants to protect its citizens, it should either block websites that it sees as a threat (as most of the EU does with RT) or it should come up with a scheme where ad networks with nexus in the EU must stop doing business with them. Attempting to reach across borders into the US to change US domestic norms is going to get them a well-deserved slap in the face.
> IMHO, this policy is a transparent effort to forcefully alter the content policy of US companies.
To be clear, you think the UKs data regulator, going after Imgur for not properly handling data collected from minors, which is a pretty big GDPR violation (a 7 year old law) is secretly about influencing US content policies?
I mean, maybe, but that one very convoluted approach. I’m not sure why the UK would be trying to use fines for the mishandling of data collected from minors, notably, nothing related to content on Imgur, to get Imgur to change its content policies.
The standard you’re proposing would allow Afghanistan to shut down Hacker News on the basis that it provided services to at least one Afghan and the content here violates sharia law.
As Afghanistan has recently disconnected their Internet they seem to have done exactly that within their sphere of influence (which is limited to their borders).
So you are entirely right any country can do that at any time. Most countries don't have a way to enforce it on you or your users.
Afghanistan can do that. You’re protected by Afghanistan’s lack of any realistic ability to enforce laws far outside its borders, not by some general principle of international law saying that countries can’t make laws about websites.
The great-grandparent of my comment was arguing that it’s absurd to suppose that the UK has grounds to go after a company on the basis that the company did business with its citizens on servers located outside of the UK. The UK is effectively making a claim of international jurisdiction on all transactions made by its citizens. The EU does this too with GDPR, the difference (as you noted) is that the EU has enforcement capabilities whereas the UK (like Afghanistan) doesn’t.
The UK is an intermediate case. It’s got more pull than Afghanistan and less than the EU. If Imgur still has assets in the UK (e.g. bank accounts) then the UK government can potentially take at least some action.
> if you’re happy to take their money
The law doesn’t require that they take any money, and you’re merely guessing they are. Weak
I think it's a conflict that was baked into the Internet at its conception. A non-geographic service overlaid on top of a world with a huge amount of geography and borders.
Yeah. We had a chance to invent our own governance on the internet. But we abdicated, and made the internet a free for all. As a result, national governments have stepped in to provide the governance we didn’t program in. And they do it - of course - in an inconsistent, ad hoc way.
There was a period a couple hundred years ago when it was all the rage internationally to write constitutions. Lots of countries got constitutions within a few decades, and almost no constitutions have been written since then. I wonder sometimes how the internet would be different if it were implemented in an era or culture in which people believed in that sort of thing.
I don't think it would make much difference; an internet constitution would be worth about as much as the paper it's not written on.
Yeah; you need an enforcement system too. And some way to amend rules and adjudicate. But we could implement all that if we actually wanted to. Eg, have broad rules to refuse to peer with anyone who doesn’t agree with the rules of the internet.
That is in essence already in place just for CSAM. We just pretend the internet is a free for all in all other cases.
Paper is so wasteful, prone to the vagaries of time, and also to forgery.
It could be written into blockchain to avoid this, as I hear that is quite popular nowadays.
Yes, think of all the paper wasted printing the US constitution. It would have been much more environmentally friendly if they stored it in a blockchain! polite coughs
The bordered nature of geography is just as much of a social construct as the borderless nature of the internet is. It's not a given that this war will be won by the former.
"The ICO also confirmed that companies could not avoid accountability by withdrawing their services in the UK.
Mr Capel said: "We have been clear that exiting the UK does not allow an organisation to avoid responsibility for any prior infringement of data protection law, and our investigation remains ongoing."
When read in context, it's obvious the statement quoted in the HN conmment refers to only to accountability for "prior infringement", i.e., acts committed before withdrawing services in the UK
This part bothers me. Enforcement seems to be at their discretion. In this case the framing or reality around the fine is very bad, they sort of say it's intentional themselves.
They're leaving and they're getting the fine. Implying if they didn't leave and implemented changes, that there is a chance they may not have been fined.
You already need to care depending on what you are serving, and this has been the case for at least 20 years to my knowledge.
The most obvious example of this is websites from the UK or Europe which operate any kind of gambling. [1] This may well be legal (based on licensing) in their jurisdiction, but they still need to restrict access to prevent US people from accessing the service or they will be breaching the US's gambling laws.
Likewise many US firm geofence access for EU residents out of fear of GDPR.
People hosting news sites have often had to geofence to prevent UK residents from accessing their site if they are hosting any kind of reporting of UK court cases that are under embargo or matters that are subject to one of the UK's famous "Super injunctions" [2]
[1] eg this guy was on the board of a listed UK company operating as far as they were concerned entirely legally who was arrested in NYC https://www.theguardian.com/business/2006/sep/14/gambling.mo...
[2] eg In the "Ryan Giggs" super injunction case https://en.wikipedia.org/wiki/2011_British_privacy_injunctio...
> People hosting news sites have often had to geofence to prevent UK residents from accessing their site if they are hosting any kind of reporting of UK court cases that are under embargo or matters that are subject to one of the UK's famous "Super injunctions" [2]
…and if the site has no UK assets, how enforceable is the injunction?
I mean, in the case of the US, you board a plane in country X going to country Z, it flies over country Y which is friends with the US. The US has country Y land the plane and has the plane boarded by armed men that drag you off kicking and screaming where you are put in a cage and then shipped to the US.
> but they still need to restrict access to prevent US people from accessing the service or they will be breaching the US's gambling laws.
Why not just avoid travel to the US?
Yes, you can do that. The thing is, that'll apply to all your employees, no matter how junior.
And it also extends to countries with extradition treaties to the US; holiday in the the Dominican Republic? You can be arrested and extradited to the US (Gary Kaplan). And of course if you change planes in the US (David Carruthers)? Arrested. Only broke the laws of one US state, and you change planes in another? Arrested (Peter Dicks).
Although perhaps the real lesson there is to be better at avoiding the US.
This situation here is what I sort of implied when lfgss shut down: https://news.ycombinator.com/item?id=42444354
> am I accountable?
If you travel to their jurisdiction, yes.
Many countries countries witch apply their laws outside there jurisdiction and borders
USA (Kim dotcom)
Russia (Skripals)
China (Teng Bio)
Israel (Mordechai Vanunu)
USA BetonSports / https://en.wikipedia.org/wiki/David_Carruthers
He was in America then, if you go to America then you’re going to get arrested - Skylarov found that out.
The cases I listed the people were not in the country which performed the actions (dotcom in Nz but upset America, Skripal in UK but upset Russia, etc)
If you break Thai law and insult their king it’s generally good enough to simply not go to Thailand. Piss off the wrong country though and they will persue you to a third country even without extradition agreements
(Then there cases like Gary McKinnon where they try to extradite you and make your life hell even if they lose. He’d never been to America but they tried very hard to extradite him there)
If a country wants you, it will get you. If it wants to protect you, it will, if it is powerful enough. When an American killed Harry Dunn she fled and was protected by America.
I was thinking of China and also Saudi Arabia, especially that reporter who was killed in Turkey over their dissent.
also because I have to...
Telegram has entered the chat
The Mordechai Vanunu case is a bit different as he was convicted of treason (he leaked details of Israel's nuclear bombs while in Britain).
It makes sense for treason to apply everywhere. If that were not the case Britain could not have executed Lord Haw-Haw given that he only sent broadcasts from Nazi Germany.
In the example given the answer is "no" but that's not the same as Imgur's case.
Telegram should be enough to justify why Imgur would pull out of the UK.
What they mean, and to take an example that it purposely extreme: If you kill someone in a country you cannot avoid accountability in law by fleeing that country.
If they breached laws and regulations then withdrawing their service from the country afterwards does not change anything regarding those breaches (investigation still ongoing, though).
This is neither comparable nor a good example.
It's not comparable because the "crime" has been committed in the hosting country (where it's arguably not even a crime) and it's a bad example because there are many incidents of murderers fleeing to non-extradition countries.
I did say it was extreme on purpose to make the point clear, or so I thought. Looks like it isn't clear to you...
Whatever you think of my example, it is exactly the same legal reasoning at play here. If you broke the law then withdrawing does not change that and accountability.
> It's not comparable because the "crime" has been committed in the hosting country
Obviously not, that's the whole point: They may (investigation ongoing) have breached UK law. So, to really labour the point, if you breach the law in one country then cutting links with that country afterwards does not change anything.
Now, to be a bit more substantive than this tedious bike-shedding, I think the UK are just trying to send a message here even if enforcement may be difficult. The EU could do the same with the GDPR since it is the same type of law (global reach and applicability).
I genuinely think your example is bad and the legal reasoning is bad. A better comparison would be AM Radio broadcasting something obscene into the UK from let's say belgium.
> Mr Capel said: “We have been clear that exiting the UK does not allow an organisation to avoid responsibility for any prior infringement of data protection law, and our investigation remains ongoing.
Block UK access now just in case.
As somebody from the UK, I think this is a great form of protest against the government.
Same - frankly google/alphabet should just HTTP 451 the UK (and I say that as a brit/someone in the UK).
It'd be interesting to see how fast the policy would get reversed then.
This was always a stupid policy and so protesting it by pulling services is one way to draw attention to that.
I do worry that the ability of people to understand that there is more than one law that affects internet services.
the first clue is that its the ICO that is running this. the ICO has nothing to do with the online safety act.
Secondly asking a commercial company to conform to basic data protection isn't that onerous.
Honestly its almost like HN has tumbler level reading comprehension.
If big tech wants a reaction, pull all investment out of the UK.
Microsoft + Google + Amazon + Nvidia + Meta + Apple = $630 billion in annual operating income.
They'll react to a change in capital investment faster than anything else.
The end game of these rules seems to be that it's impossible for small forums to cope, so content gets centralised on big tech. I would be surprised if they don't support this.
> pull all investment out of the UK.
Wow I didn't know big tech invested so much in the UK!
"Investment" here seems to be operations and personnel, resulting in taxes going to the UK government.
They aren't making $630 billion per year in money off of those companies, but the operating income means they're getting taxes on that $630 billion (income tax from company and employees, VAT for purchases, etc.) and the personnel working in the UK are probably spending most of that money in the UK (velocity of money theory comes into play here).
The resulting economic benefit for the UK government is enough that they'd notice the drop if all that started to transition away.
The UK government is currently gas lighting the public into ignoring 60k+ in quarterly job losses and is historically unpopular. Despite that it is railroading orwellian attacks against rights and freedoms of the citizenry, all of which without a mandate. This is a kamikaze government of austerity-obsessed foreign agent traitors. The only thing they would be upset about in your scenario is about the inconvenience it would cause those trillion dollar American companies.
I'm sure the UK would cope. They did ok without them less than 30 years ago.
Damage to stock value would be the bigger blocker (from both sides of the pond).
Might kickstart some actual competition though, as that happening would create a large hole to fill.
Wait you're against GDPR?
Of course, I have a brain
I think GDPR absolutely makes sense. It's my data and you must delete it if I ask.
In most cases it's not your data, really, you didn't produce any of it. But it's data about you.
The only real information about me is data I produced myself.
Anything else is just an observation and isn't neccesarily true at all.
It's clear to me, it's a huge risk for any company to allow access to UK visitors at this stage. All companies should be blocking all UK visitors. It's just too much risk for them to take.
The fault is obviously an incompetent and authoritarian UK government, but that's what the UK overlords have agreed.
It's not specific to the UK: many developed countries are cracking down on Internet businesses. There's going to be an awful lot of regulation, and it will be incompatible between different countries. The one-model-fits-the-whole-world style of business is over: you're going to be confined to national borders again.
The opinion polls are clear: the normies want this.
> The opinion polls are clear: the normies want this.
Giving normies the vote was a mistake.
So only snobby elitists get to vote?
yeah damn, i guess that's it.
That's the dichotomy. You're either an elitist snobs or a normies. No nuance, no qualification.
I know; we should make being able to vote contingent on understanding the word "nuance". There; now you have the best of both worlds ;)
Allowing the media to be controlled by government interests, which the normies follow blindly as thinking is hard, was the bigger mistake.
Opinion polls are bullshit and just an indicator of propaganda effectiveness.
I left this reply on a sibling thread.
https://news.ycombinator.com/item?id=45432347
The often cited YouGov polling, I think sampled a few thousand people. There are almost 2.5 million signatures on petitions between the OSA and Digital ID.
Where do you get your conclusion from?
If you mean the opinion polls, I don't have any to hand, but there have been a few articles submitted to /r/ukpolitics since the Online Safety Act took effect detailing opinion polls showing that the UK Government's regulation of internet content has been well-received by the wider public (although the userbase of that subreddit has vociferously disagreed).
You are probably talking about the YouGov poll. The poll asked a clearly leading question IMO.
You can get any result you want by asking leading questions on polling. This was of course satirised by Yes Minister.
https://www.youtube.com/watch?v=G0ZZJXw4MTA
I can counter any of the iffy polls by simple point to the official online petitions service. There were a huge number of signatures to revoke OSA and two million signatures to abolish the plans for the Digital ID. While the Digital ID is technically a separate issue, many of the same privacy concerns are present.
https://petition.parliament.uk/petitions/722903?pubDate=2025...
https://petition.parliament.uk/petitions/730194
The number of people that signed these petitions is far more representative than any polling.
On top of that, recently I've seen reportrs of both the Liberal Democrats and Reform (the two largest parties after the main two) recongising the OSA as unpopular and are likely to suggest reforming/removing it.
On top of that. The labour government and the conservative government that proceeded it which created the OSA were/are both deeply unpopular.
So any notion that there is a popular mandate for this is nonsense.
The Bristol young lib dems oppose it, but the parliamentary party doesn't think it goes far enough. The Bristol lot are great, I talked to them about it, but they're unlikely to change things on the national level.
shouldn't it be the other way round? if the UK doesn't like something a non-UK company is doing it should be them that go through the trouble of blocking it.
If I have a website I'm pretty sure I'm bound to break some random country's law without knowing
Answering my own question, I guess it's exceptionalism of the powerful countries where they can just bully you into following their law
> shouldn't it be the other way round? if the UK doesn't like something a non-UK company is doing it should be them that go through the trouble of blocking it.
They're clearly working up to this; it's what happened with Pirate Bay, etc.
They don't want (correctly) unfavorable comparisons to China's "Great Firewall" made, which most Western governments have lambasted in the past, so there's a PR/Politics side of it too.
Why should they do anything when they can push the burden of compliance onto you?
It would be much better to not block them rather serve them a single screen that explains why the rest of the site is unavailable to them citing the specific laws that make the action necessary
Now:
> {"data":{"error":"Content not available in your region."},"success":false,"status":400}
"status": 451
I find it interesting that there was no mention of Fahrenheit 451, the very reason they picked that number.
They did at least put a thanks to Ray Bradbury.
Should it be a client error "vote differently" or a server error "this server is not licking the boot" ;)
It’s hilarious that imgur is still returning JSON errors even when connecting with a browser. I guess their dev team have never heard of the Accept header.
(My residential IP is blacklisted for some reason and I always get a JSON error message from them)
It is exactly the same with the EU's GDPR, by the way...
That's the funny or hypocritical thing: Both laws have the same reach but people here tend to praise the GDPR for it while being furious about the Online Safety Act.
I don't think these laws are being made with the will of the people.
There's been no groundswell of opinion, no technically minded authority pushing expert opinion.
The same people lobbying for the online safety act were pushing age verification tools. The government is exceptionally unpopular, even by the standards of already deeply unpopular governments in recent years.
I despair of the situation in the UK. How have we ended up here?
The population has allowed this to happen.
The British people always take any new limitations with the classic stiff upper lip. We could very easily become Russia (without the military and natural resources), because the population has the same say nothing, do nothing mentality.
There's also always been a bit of authoritarianism in the British populace. Just look at how enthusiastic people are about banning things that annoy them. During coronavirus lockdowns, the people living around me constantly reported me to the police for going out for runs (which we were perfectly allowed to do).
We have a national crab in bucket mentality, which doesn't help any country. Intelligence, fitness and success are all things that British people love pulling down. Many people here care more about ripping everybody down than building them up. They live completely mediocre lives and are perfectly fine with the government nannying them.
I think we have a lack of choice.
The two main parties policies have converged, so have the older smaller parties.
The only choices we have that are any different are Reform and The Green Party, and possibly Corbyn's new party that seems busy imploding right now. Of those, Reform has some nasty people in it, and is rapidly attracting the worst of the Conservative party (look at the defecting MPs), The Greens and Your Party have some fairly nuts people and ideas too (in different ways).
I think ordinary British people are pretty decent.
> We could very easily become Russia (without the military and natural resources)
We have a much bigger economy than Russia.
> any people here care more about ripping everybody down than building them up. They live completely mediocre lives and are perfectly fine with the government nannying them.
I agree with the last bit.
People are also negative about their follow citizens. A lot of people believe the country is full of untrustowrthy "gammon". and back the government/establishment against the latter.
You're describing virtually every policy for virtually every government, certainly since the coalition. Arguably a lot of what we've seen before.
The UK doesn't have governments, it has a public policy unit for global capital, with the Americans calling the shots on foreign policy, and a knee-jerk taste for authoritarianism at home.
And how has Australia ended up in a similar situation[1] - coming this December?
My guess is that the common factor is News Corporation pushing an agenda on behalf of the very, very wealthy.
[1] https://www.reddit.com/r/AustralianPolitics/comments/1nu68je...
At least recently[1] most Australians and an overwhelming percentage of under-16s supported the ban. Similarly in the UK[2]. This is a topic in which it appears it is the online discourse that's wildly out of alignment with broader public opinion and I'd argue potentially one of the reasons may be that it will make it harder for bot-nets to mass-manipulate public discourse so easily.
[1]https://au.yougov.com/politics/articles/51000-support-for-un...
[2]https://www.independent.co.uk/news/uk/home-news/gen-z-social...
I think people support a lot of things in theory. But in practice, less so. Probably because they're often implemented in ways prone to abuse or simply unfair to an average citizen.
In a vacuum, the policy had really high opinion polling.
In reality, the technical implementation will undoubtedly be a privacy and surveillance disaster.
In a vacuum, people thought "social media" meant "Instagram and TicToc and Facebook etc."
In reality, the eSafety commissioner thinks "social media" includes platforms like GitHub. Yes, really.
https://www.abc.net.au/news/2025-09-24/digital-dilemna-socia...
I'll defend her on this one somewhat, Github has no exemption as written and she's doing her job.
It's just another layer in the stupidity of this all that GitHub would be blocked but steam, discord and Roblox are exempt because they're for gaming despite being infamous environments.
---[1]
(1) For the purposes of this Act, age‑restricted social media platform means:
(a) an electronic service that satisfies the following conditions:
(i) the sole purpose, or a significant purpose, of the service is to enable online social interaction between 2 or more end‑users;
(ii) the service allows end‑users to link to, or interact with, some or all of the other end‑users;
(iii) the service allows end‑users to post material on the service;
(iv) such other conditions (if any) as are set out in the legislative rules; or
(b) an electronic service specified in the legislative rules;
----[2]
For the purposes of paragraph 63C(6)(b) of the Act, electronic services in each of the following classes are specified:
(a) services that have the sole or primary purpose of enabling end‑users to communicate by means of messaging, email, voice calling or video calling;
(b) services that have the sole or primary purpose of enabling end‑users to play online games with other end‑users;
(c) services that have the sole or primary purpose of enabling end‑users to share information (such as reviews, technical support or advice) about products or services;
(d) services that have the sole or primary purpose of enabling end‑users to engage in professional networking or professional development;
(e) services that have the sole or primary purpose of supporting the education of end‑users;
(f) services that have the sole or primary purpose of supporting the health of end‑users;
(g) services that have a significant purpose of facilitating communication between educational institutions and students or students’ families;
(h) services that have a significant purpose of facilitating communication between providers of health care and people using those providers’ services.
Except that the policy, in the vacuum it is in right now, is very popular in Australia.
It was one of the most agreed with policies at the most recent Federal election.
I hate it as a concept, but at the moment it is all "don't you want children to be protected?", and nothing of substance that people can meaningfully find objectionable (like imgur getting cut off).
I don't think it is particularly a policy of News Corp, although they're happy to run with populist ideas, and more just an issue the Labor party thought they could wedge the Liberals with.
Over the years the amount of safety and speech issues that have cropped up have accumulated into a force. The OSA and DSA were announced years in advance, with multiple opportunities for feedback and analysis (I looked into the outcomes at various points but never contributed)
I would say there has been a groundswell of opinion, it’s not something that is covered here on HN much.
I’ll take your relative minor concerns over privacy over the freedom less, police state the US is becoming.
The US is a 'police state' only in that they are trying to remove people with no right to be inside the US from inside the US. This is a key principle of being this thing called a country we in Europe seem to have forgotten.
Canceling universities because they don’t say what he wants is freedom? What about deploying the army to major cities?
Serious question: why are people siding with Imgur here, instead of blaming the company that chose to ignore the laws of the country it operates in?
Imgur's business model is ad sales and tracking users - that inherently requires collecting and protecting data, including vulnerable groups like children. Even if the UK rules are imperfect or possibly overbroad (I haven't read them), if a company choose to operate where a law applies, it's on the company to follow it or to challenge it through the courts, not to blame the regulator after the fact.
Stupid laws mustn't be followed.
> requires collecting and protecting data
Thanks to OSA, service providers have to collect even more data from users, including face scans and IDs. They usually outsource that process to third party companies, which obviously are registered in Cyprus or another shady country. We can expect a massive leak in a near future, and no one will be prosecuted, though you will receive a letter from the government saying: "We are really sorry for the leak of your data, we weren't able to get in touch with the data processing company, so we kindly ask you to revoke your passport and apply for a new one. Stay vigilant as someone might use your identity for illegal purposes".
> including vulnerable groups like children
The "vulnerable group" is proficient at using VPNs. Ironically, the new law affects older generations the most.
That's a fair point, but you have to take into consideration the relevant laws and countries. You also need to take into consideration what it means to "operate" in a country.
> why are people siding with Imgur here, instead of blaming the company that chose to ignore the laws of the country it operates in?
Because the law is dumb and it is our moral imperative to not just ignore but break dumb laws
>> Serious question: why are people siding with Imgur here, instead of blaming the company that chose to ignore the laws of the country it operates in?
Because if we've learnt anything from the debate around the Online Safety Act, it's that the majority of people are so unbelievably addicted to porn they feel like it's a human rights violation to put up barriers to their access to it. While there are obvious privacy arguments against sharing your ID to access these sites the alternative is just not viewing porn. It's remarkable how unfathomable that idea is to entire generations of people.
Are you arguing that people who are against this law and its implementation in the UK are against it because they're addicted to porn?
Yes. There are legitimate reasons to dislike the law, its implementation, or its impact on privacy. But 99% of people dislike it simply because they are heavily addicted to porn. The fact there have been much more privacy invasive laws introduced in the UK over the last decade which face little widespread outrage is the tell.
Parhetic how you useful idiots keep ruminating the bullshit the regime is feeding you.
People like you made the third reich possible.
WhatsApp, Telegram and everyone else should pull out of EU in protest of Chat Control. Then EU will be forced to make its own chat app, UX will be terrible, and citizens will finally feel enough pain to contact their representatives ;)
Why are we talking about the EU in this thread? I don't see how draconian UK laws relate to a proposed chat control law in the EU that hasn't even been drafted and would likely not survive a judicial challenge if it were to be approved.
I did contacted them. All of them who didn't yet have a referenced public position on fight chat control for France. By phone. Only two responded with a clear alignment. Good that I did it by phone, because apparently for some of them getting several thousand emails per day can only mean they are victim of a spam attack.
Not only they don't represent anything but there own little interests, but they won't even have the decency to express clearly what they are standing for. Even lip service is not assured anymore.
> getting several thousand emails per day can only mean they are victim of a spam attack
I think of calling my representative as being like proof of work. It takes a modicum of effort to look up their phone number, compose some spiel, and make the call, compared to delivering spam by the truckload.
Was it a Green and a Nazi?
I don’t have my spreadsheet at hand, but obviously no one overtly pretend to be a Nazi among MEP. I’m not aware of the arcanes, but it seems to me that it’s part of their obligations, and some MEPs were actually already sanctioned over this.
https://www.politico.eu/article/european-parliament-meps-sus... https://www.europarl.europa.eu/news/en/press-room/20250331IP...
> Then EU will be forced to make its own chat app, UX will be terrible,
Why? EU can just tell an LLM to build an alternative app, they can just tell it to make it user friendly and make no mistakes. That's the primary use case of Trillions of dollars of investment in GPUs and electricity to power them.
JK(or am I?), a protest will be a boon for EU, which is growing Anti-American each and every day. The EU alternatives don't exist not because Europeans can't code but because EU market is open to US companies and there's no reason for duplicate effort as winner takes it all thanks to network effects. EU capital just invests in USA based companies that operate in EU. It's much easier, lower taxes lower worker protection standards etc. Also, US has much more capital to burn to corner the markets, they also just go ahead and buy anything European i.e. Skype. and not risk competition.
If you think that's a lot of electricity, you're going to be amazed how much they can spend on bureaucracy before they even start building anything.
Electricity bureaucracy, whatever doesn't matter. Huge money is invested into making programmers obsolete and they are claiming that it already happens. If the tech is real, Europeans can just tell it to make them all these apps that American companies may choose to deprive EU to teach them a lesson.
If the AI tech is real then Europeans get their apps no need for American companies anymore. If the tech isn't real then the chat app makers(in Europe that's all Meta, WhatsApp + Messenger. Apple is a no go due to low market share) lose half of their revenue to teach Europeans a lesson. Europeans them switch to Signal, Telegram(Popular all over the place) or Viber(this one popular in Eastern Europe).
If they all decide to boycott, there you have opportunity to hit a 400M market. Let's say Europeans can make AAA games but can't code a chat app, give visa to US developers that were laid off for the last many years to come over. Maybe it's politically unpopular? Maybe they are not the best? That's fine, EU is an open market - anyone who is interested in making billions can just make a chat app and take over the EU market. Indians, Chinese, Turks, Africans, Americans that earn less than billions of dollars. It's a huge opportunity. Instantly.
Meta made $38.4 billion USD revenue in EU last year. It's very unlikely that no one will be interested in taking that. US companies aren't doing charity to EU, it's always their second largest revenue stream after USA.
I hate this so bad. You know that the solution will be that EU will block US companies (who do not comply) so EU users will eventually get their own WhatsApp called MsgMeNow. The result is that nobody can talk to people outside their own jurisdiction.
This is effectively what we see in China. They only use WeChat, I was unable to register because it says I need someone to verify my account when I try to do it (this has been happening since 2018)
Yes, that's the only way for EU to have a tech industry. That's also how any non-US tech industry exists.
Enjoy using your http alternative not invented outside the USA then. And your x86 CPU since ARM isn't American.
No worries! Trump will call Den Von Deleten, whatever her name is -- and she will just do what she is told whatever is the thing she is told to do. Exactly like it already happened with EU buying $700B of natural gas. We paid just a bit over $100B to Russians for the same thing... but you know... Trump told, so here we go!
Any source for this comparison? Also did the EU buy it or said they will?
We said we would aspire to buying US gas. EU can't order member states around like that, and the member states themselves can't order private businesses who to buy from; US can't actually ship much more, even if it could it can't do so to us; and that's about 100% of our imports anyway (not just replacing Russian, replacing all of it) and the way global markets and fungible goods work is that it makes no difference who we buy it from or who sells it to us anyway.
signal is open source, so they'll just download the source, build it, add a backdoor and push it to the app store
same as that weird official USgov version hosted by israel
Sometimes I wonder who builds this stuff. I appreciate at the end of the day that everyone has bills, but I feel like I'd rather apply for public housing before I work on that. They're not even getting rich, just a wagie. I have never met someone in the tech industry that was ideologically anti-privacy. It's always the lawyers and politicians. But someone builds it.
Signal is AGPL licensed, so they would have to publish whatever crude hack they insert in order to install that back door. (not the keys, of course, but if they're this incompetent about tech legislation, I don't trust their QA competence to be top notch)
> Then EU will be forced to make its own chat app
We'll make our own Chat App! With blackjack! And...
People who write this stuff still don't understand that big tech IS THE ENEMY. They are quite happy to implement this, even up into the OS Level. It's called Regulatory capture. Now your legal Moat to a true European Alternative has become even bigger.
Even if, for the sake of argument, we grant the premise “big tech IS THE ENEMY”, it does not necessarily follow that the vast mass surveillance national security apparatus is our friend.
Personally I hate both surveillance systems. I hate the American big tech surveillance system - under which companies like imgur sell the personal data of its users to anyone who comes knocking. And I hate the European chat control proposal, where the government wants to take that data by force.
Privacy is a human right.
I would never argue that and i hope that doesn't follow from my comment. To be absolutely clear: Any service that doesn't actively work for your privacy against any outside actor to the fullest extend of the law and technical possibility is to be considered an enemy of freedom.
We (in most EU countries) don't have representatives. Parties have representatives. To be listed on a ballot you need to be with good standings with your party and get chosen by them. Then various method ensure that you can't be elected if you are not a member of a party (anyone from a party below 5% is not getting in for example).
This means officials only care about what their party leaders tell them to do, not what voters think because voters matter very little to them. That's why American "contact your representatives" does very little here - they are not your representatives, they are representatives of party leaders.
Why would the UX be terrible necessarily?
If the EU or companies within did make a chat app and it got widespread appeal, it would just be exactly the same as WhatsApp. WhatsApp isn't special in any way whatsoever, besides having a critical mass of users.
> Sending message...
> Sending to your local police dept... OK
> Sending to intended recipient... Failed
I might be the only one that’s in support of chat control. I would like the internet to be so walled off that it becomes boring and maybe it will stop all the brainrot.
>Then EU will be forced to make its own chat app
When did the US government make a chat app? Signal?
> feel enough pain to contact their representatives
It doesn't work like that because the European "Parliament" is a joke. For starters, they can't initiate anything, they can only approve or reject (of course that it's almost always approve) stuff that is being passed to them from higher up, most of the times from the European Commission, if I'm not mistaken. Ah, they can pass/generate "resolutions", which are basically empty words put on a piece of paper.
Second, the people there don't "represent" anyone, at most they represent the political parties that have put them on the lists that got them into the European Parliament, but that's it.
>Second, the people there don't "represent" anyone,
I think that's largely down to people not taking EU elections as seriously as national elections.
The ones elected by my country are always largely the most doldrum people from the main parties that aren't charismatic enough to win in national elections (The b-squad basically)
... and a handful of the kind of people that think windfarms generate wind and that we need to leave NATO.. even though we haven't joined NATO. The kind of people you vote to send to the EU so that you don't have to see them.
There was an election in 2024 https://en.wikipedia.org/wiki/2024_European_Parliament_elect...
For people unfamiliar with it https://elections.europa.eu/en/
The parliament is elected by people in each country, those elected them elect the commission. So a form of indirect elections.
> I think that's largely down to people not taking EU elections as seriously as national elections.
No, they don't represent anyone because we, the European people, are voting based on lists, we do not select our own "representatives" by name and surname. This "contact your representative" trope is an American thingie, which, like many American thingies, has no place outside of its original context.
Chat apps were already so oversupplied as to be free even before AI could vibe code them. Or, indeed, before the US relented on export bans for remotely adequate HTTPS implementations.
In other words: What pain?
Good luck with that!
Do I detect some sarcasm in that response? If so, why? The Internet is literally just a communications protocol, adding a chat system on top of that it is not difficult.
Nor even was it when Skype and IRC were made (by Europeans). SMS (also European) was slightly harder to invent because that's not on the internet.
The technical aspects of the software aren't the problem. Convincing enough people to adopt your app before you're getting a great deal on a 20sqft studio apartment is.
Yes, and?
This is a response to a hypothetical where every single existing (or possibly just US) chat provider leaves the EU, and I'm saying the claim that this will cause any degree of pain whatsoever to the EU population is ridiculous because the replacements are far too trivial to not immediately replace the US apps.
I fully support your argument and can't understand why people in this thread assume the EU doesn't have millions of programmers who can bash out a chat app, one of which would rise above the others and get a critical mass of users.
Sometimes I think it would be good for Meta, X, Google etc. to lose market share in the EU and UK. It's ridiculous that we're beholden to one country for so much software, and they're all being actively enshitified anyway.
Lots of the top comments talking about how Imgur can stay out of the UK more easily and not about how Imgur can comply with the law and protect children's data.
Why is it always that regulation is the problem, not the company being irresponsible with data.
Why are children on the internet? Why are the parents not being fined for being irresponsible? Give the kids a loaded gun, its the same as giving them access to the internet. The internet is not a place for children to begin with. Why try to bend the internet to conform? It will destroy the internet as it is as well as all it's freedoms. Oh and it probably won't stop/protect them, as thousands of new sites come & go every year, so impossible to control. Its better to try regulate the children than to regulate the internet.
Saying the internet is not a place for children is like saying the street is not for children. Full of drug dealers, cars and danger!
Yet learning how to cross the street is an essential skill in life. They are also filled with flowers, pathways to playgrounds and much more. And that's why children are not forbidden on the streets.
My point being: let's educate instead of regulate. "Regulating the children" is silly and countereffective.
Are you going to drop off your children at the bar and let them mingle? The internet is filled with huge variety of adult personalities and intentions, some of which are harmful & malicious, or just plain brain numbing.
What do you mean by "children's data"? What data? Suppose I'm 11, I'm not registered at Imgur, and I'm only browsing, what sort of vulnerable data they have to protect? Browser's user agent, IP address, screen resolution? Even if I'm registered, it's rather unlikely I will provide all my real details.
The "children's safety" argument is for voters who are technologically illiterate and don't have a tiniest idea how the internet works.
> Why is it always that regulation is the problem, not the company being irresponsible with data.
Can you be irresponsible with childrens' data if you don't know whether your users are children?
Every "protect the children" law is just a gaslight attempt to push a package of other Orwelian laws. It's been like that for atleast half a century - even Simpsons parodied this with "think of the children" back in 1997.
It's good companies are walking out of jurisdictions where FUD is the basis of a law.
Imgur only has yearly revenues of around $30m. The money they make in the UK specifically likely doesn't justify wasting resources on compliance.
It is an image storage service masquerading as a business. It will be of no loss if it were to fail entirely.
> "It will be of no loss if it were to fail entirely."
That's decades of the public internet that would be permanently erased; billions of dead links pointing nowhere. HN alone would lose ~32,000 images from its archives,
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
Is it not hubris to call it "no loss" if, say, 3 hours ago, "Design of a LISP-based microprocessor / Page 22 has a map of the processor layout:" was forever lost to humanity, as collateral damage to some techbros' dispute?
Decentralization can't arrive soon enough.
As already pointed out that link is already gone, except for the IA. That's part of why it's "no loss" -- it's not actually lost.
Personally even if the IA didn't have a copy, I'd still say "marginal loss" and "inconvenient". imgur is just another in the line of image hosting sites that have come and gone. Much of what it hosts isn't actually high value, and isn't actually the sole copy.
Not sure what you're pining for with respect to "decentralization" -- we already have it, nothing stops someone from uploading an imgur image elsewhere, either the original uploader or someone downloading and reuploading somewhere. There are other image hosting sites. And yes, the internet is filled with dead URLs, privatized or deleted forums and discords and twitter accounts that host or previously hosted unique discussion or media, etc. etc. and any number of other minor tragedies. imgur totally dying would be among the least of them.
> Is it not hubris to call it "no loss" if, say, 3 hours ago, "Design of a LISP-based microprocessor / Page 22 has a map of the processor layout:" was forever lost to humanity, as collateral damage to some techbros' dispute?
https://web.archive.org/web/20230427181813/https://i.imgur.c... (link is already dead at Imgur)
Wayback will have them, as is tradition. A crawl (non IA) has been kicked off to reconcile to ensure maximum coverage of Imgur links on HN.
This is much less accessible to the average user and there's no guarantee that archive sites will be here in the future https://www.wired.com/story/internet-archive-loses-hachette-...
The Internet Archive will outlast Imgur. I'm willing to bet on it if you'd like, feel free to propose terms for resolution and preferred forum.
(Accessing Imgur archives in Wayback is as trivial as a browser extension for your average user; Imgur has raised $60M and only does ~$30M/year, they will eventually be sold or close as the user experience degrades as operators and investors attempt to squeeze more from the enterprise)
archive.org is also blocked in the UK. I cannot access it without VPN.
I can, it’s not blocked.
It is blocked by many ISPs because it contains adult content.
https://www.privateinternetaccess.com/blog/internet-archive-...
As a Brit.
Good - cause the maximum amount of pain, start pulling services across the board - the more it happens the more painful it becomes for the government to defend it.
There was a fair bit of pain in 2014 when ISPs proxied non-https Imgur to do IWF filtering (and broke it). Yet here we are!
Likewise, as a Brit, I hope more mainstream sites do this until people realise how stupid or authoritarian (but I repeat myself) the UK's Online Safety Act is. VPN companies must be enjoying these shenanigans.
It would be more effective if this was about the online saftey act. Ironically Imgur is probably already compliant with it (they already have moderation policies that go above what the OSA requires)
This is about a GDPR violation. I'm not sure that cheering for our right to have our privacy respected by companies revoked is really what we want.
This update has been provided to give clarity on our investigation, and we will not be providing any further detail at this time.
"No, you can't ask questions. We gave you clarity, don't you understand? Take it and go away."
Some may think that harm doesn't matter, but perhaps actual fines are unjustified without the presence of actual harm.
And yes, perhaps the rules should be followed regardless of what they are, but perhaps the government bureaucracy is such that it's just too hard to change rules.
I'm one to think that the UK is generally overregulated, excessively obsessed with safety, and the regulation ethos is inconsistently applied. The government and civil service are also incompetent to the extreme. There also isn't a culture of accountability in government.
I also think that regulation is often simply used as a revenue generation measure, which is not what it is supposed to be about.
Perhaps a good middle ground is for a company that is at threat of investigation is simply asked to leave the UK or pay a fine.
> The government and civil service are also incompetent to the extreme.
As someone who moved to the UK from the states recently, this has not been my experience at all. Any paperwork i've had to do with the government (immigration, NHS, drivers license, car tax) has been incredibly smooth. On top of that, the city council in the area I live seems great -- they put on a ton of events, and have lots of services that seem to get used well.
Most of the incompetence i've seen is from private companies (e.g. banks and real estate).
>recently
38 years with some brief stints abroad, as discrete entities, and providing you are on a well trodden path the state-run institutions are ~fine~.
QUANGOs are the worst to deal with, private is the best.
And perhaps, we should look at this from the PoV of the user and not defend the "company" (which has the advantage in all cases).
Screaming "bureaucracy" and "overregulation" for every single attempt at limiting the impact of corporations is just silly.
Yes, so from the point of view of the user was there evidence of actual harm?
Well yes - so many young people in the UK have been radicalised. Was it the fault of Imgur, I don't know, probably not. Is the Online Safety Act going to solve it? Probably not.
But my comment was that, in general, it's not up to Imgur, Google, Meta, Apple, etc. to have an opinion on this or any other country's policy because it's just not fair. 1 corporation should not have more say or sway than 1 citizen vote. And that ideally includes their ability to "lobby" and buy themselves regulations (like the recent AI law in California which practically doesn't do anything).
Yes, agreed. So force them to leave the market over imposing financial penalties. Financial penalties correlate with correcting poor business behaviour, but also they correlate with poor regulator incentives towards revenue over harm.
My general point is how do we ensure governments are honest wrt to the consumer. Removing financial incentives towards revenue generation for them might actually be a step in that direction.
Good riddance. Imgur is a cancerously awful website. express.co.uk isn't much better for that matter.
Does anyone ever actually use Imgur as a website though? I generally use it to upload a photo then send someone a link. It's no different than dropbox in my mind, except just limited to photos.
Please use literally any other way of sharing photos, up to and including printing them out and sending them by carrier pigeon. It's got to the point where I just pretend imgur links aren't there.
Pretty soon the only websites accessible from the UK will be phishing sites asking for all your personal info to access the "real internet". Real smart guys making the laws there these days.
I suppose this is a serious question - does this mean that in theory HN should ban UK users? Or is HN likely compliant with this law? It is hard to pierce through the Orwellian language in the article (does "safeguarding children’s personal information" mean retaining or deleting the data?).
It looks like this law (which is unrelated to the Online Safety Act) is concerned with children being subjected to ad-tech tracking and similar indiscriminate data harvesting, so a site like this which doesn't feel the need to share your habits with 2,541 partners is probably out of scope.
https://ico.org.uk/for-the-public/the-children-s-code-what-i...
> a site like this which doesn't feel the need to share your habits with 2,541 partners
How many might there be in this case, one wonders? https://www.ycombinator.com/legal/
I like how it's always "oh just safeguard people's data", oh "just" don't do anything bad with people's data.
Then you look up what the actual regulation says and it's hundreds of pages of pure legaleese (over 100 pages for GDPR, over 300 for Online Safety Act), that you'd need to hire a team of lawyers to parse and interpret to make sure you're not breaking any of the regulations therein.
> over 100 pages for GDPR
The first 33 pages are reasons why the law needs to exist. 23 pages are instructions for EU member countries and the EU itself.
The remaining legal text itself is spaced out more than any high school teacher would ever allow, and IMO it's also quite light on the legalese. Not enough that I'd feel confident to skip the legal department in my multinational, but it's far from the unreadable mess people make it out to be.
The OSA on the other hand... I'm glad I don't personally serve the UK.
The US tax code is over 2.5k pages, with an additional 10k pages of regulations. And I manage to file my taxes fine every year without having read all that because most of it doesn't apply to me. Following the GDPR is easy if you aren't trying to maximize tracking with minimal concessions to the law.
Most of this comes down to "Use your brain" and if you try to get around it with an Um Actually, they have the specific page to counter it. You need a legal team when you want to ride as close as physically possible to violating the law without crossing the line.
> because most of it doesn't apply to me
Maybe, you hope. Unless you've read (and understood!) all of it you can't say this with certainty.
In all likelihood you trust a 3rd party company like Intuit and their team of lawyers to tell you what actually applies to you.
> Then you look up what the actual regulation says and it's hundreds of pages of pure legaleese
sigh
There is a difference between guidance and regulation.
GDPR isn't that hard to comply with, I know because I helped take a very large Financial News company from 0 compliance to full compliance. the guidance is quite easy to understand: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...
but, why are the regulations 100 pages of legalese? because rich companies, and unscrupulous shits pay money to to lawyers to avoid having to pay fines for breaking the law. You also have to carve out exceptions for things like charities, small organisations, have specific rules for things like health care, and define exceptions based on what are reasonable exceptions when detecting criminality
Say you take "the right to be forgotten", ie, I as someone who banks with Natwest want to close my account, withdraw my money, and get them to forget everything about me (ie stop sending me fucking emails you shits)
Thats simple right? the law says I have the right to have my details deleted.
But what if I committed fraud in that time? what if I am opening and closing, asking for deletion to get round money laundering laws?
And thats why the regulations for data protections are long.
Also GDPR regulations aren't that unreadable. You're most likely a programmer, legal texts are highly structured instructions (ie just like any high level programming language)
However, do not take this as endorsement of the unrelated law that is the online saftey act, which is badly drafted, gives too much power to an under resourced semi independent body, and is too loosely defined to be practically managed in any meaningful way by OFCOM.
I will however stick up for GDPR, because it stops the fucking nasty trade in in personal data that is so rife in the USA.
In theory, HackerNews should be concerned. There is no prevention of children using the site, and potentially "harmful content" could be access either on or through the site. Being an aggregator doesn't seem to be a get-out.
Wrong law.
This is GDPR. So long as they conform to the 13 principles then HN will be fine. Its nothing to do with the online safety act.
For the OSA (which I think is very badly drafted, and poorly enforced by OFCOM) so long as there is decent moderation (which there is), a way to report posts (there is) and the site doesn't persistently host actual abuse, then you're mostly fine.
It doesn't help that OFCOM are unwilling to change the scope of guidance to match the size and type of community.
HN is already non-compliant with several data privacy laws
In what way?
You cannot delete your comments.
Are public comments in a public forum classed as private data under GDPR?
for example the only thing that can really be classed as PII is my username. does it count as reasonable to request it be deleted?
Yes and yes. Google “right to be forgotten”
Remember that GDPR is about storage and processing of personal information, not data created by a user. They are related by not 1:1 linked.
If the username is removed, and there is no reasonable way to link the user to the comment, then its not PII. I would hope that this is logical because its not personally identifiable. (caveats apply here like if you put your home address in every comment. However is it reasonable to expect a user to do that in a public forum? probably not. )
As you can request that your username is deleted here, and assuming they are deleted properly, then HN is reasonably following the user's request. Hence my assertion that HN is GDPR compliant enough to no worry.
HN has moderation, won't track you without telling you, and will delete your content if you ask. That's literally all it takes, it's really not that Orwellian
HN will restrict how fast you can comment without telling you (unless you figure it out and ask). There's no indicator that your account has this restriction besides being prevented from commenting, there's no indicator what the limit is, and the appeals process involves a subjective judgement by HN leadership
How is one country able to fine businesses in other countries? What legal authority or ability do they have to do anything?
I invite you to search HN for 'libor' and see how many of the American users of this website were affronted by the vast fines dished out by the US government to UK-headquartered banks for manipulating the LONDON Interbank Offered Rate from their offices in London, UK. If you can find a single one I'll eat my hat.
Being a country means you can make your own laws so the authority question has a pretty clear answer. Unless you disaviow national borders and state power and such stuff generally of course. See https://en.wikipedia.org/wiki/Sovereignty
Read the question you're replying to again. Its a question about jurisdiction.
If it affects UK citizens, living in the UK, then there's jurisdiction. Either the entities comply, remove their services to the UK, or they risk sanctions/being arrested when abroad/etc.
Why should a US company harm UK citizens just because they're in the US?
If you want to serve a market in another country you have to follow their rules.
In this case, Imgur have been misusing UK children's information. Considering the laws are pretty similar, I suspect they're misusing EU children's information too.
> they risk sanctions/being arrested when abroad/etc.
That's the OP's question. Bluntly: if I'm here, and they're bloviating over there, what can they actually do about it?
It was about authority, synonymous with jurisdiction, I understood it. A sovereign country can decide they have authority/jurisdiction in anything they want. For example various countries have decided they can legally assassinate people in other countries even though other counties might not agree.
Placing the fines is pretty easy; they just go through their legal system, finish up the case and get their judgement. Russia has a giant outstanding fine against Google for example since Google is not censoring things the Kremlin doesn't like, even though Google has no corporate presence in Russia and the fine is iirc now larger than the entire world economy. (So it's an unrealistic amount designed to deter Google more than anything else in practice.)
The difficulty is getting enforcement; in practice, what happens is that the fine is put down as outstanding and if any executive or employee of the company enters the country, they're arrested and held hostage until the company pays up (or are held directly responsible for whatever the company is accused of). Most countries usually have corporate presency laws to avoid this sort of scenario though.
Alternatively, the judgement can be enforced through diplomatic channels, but that's a giant clusterfuck and unlikely to succeed unless it's something that's very blatantly a crime in both countries, since it's effectively retrying the case. (And even then it can depend on if the country just doesn't feel like cooperating for that specific case, for no other reason than spite; France for example is fond of doing this.)
Arresting executives is pretty extreme and not normally done. Generally countries will only go after assets and revenues in the country.
Even for local companies. I had a UK ltd company and it got some fines for not filling in the correct forms but you can just close it down still owing money, which I did, and there's no liability for the director(s).
If you do business in a country you have to operate under that country's laws and regulations, regardless of where you are registered.
Most commonly it's the EU fining American tech for GDPR violations and related privacy shenanigans.
Right, but the UK is saying they'll fine Imgur even after Imgur blocked access. At that point, what tooth does the fine have? "You must pay this fine if you want to, err, nothing I guess"?
They used to have UK legal presence, and planning to move out. The UK is saying something like "crimes done during your presence won't be ignored".
If Imgur never had UK presence, then yeah there would be no teeth. But if you're doing business in a country you can't break the law then leave and expect them to just ignore what you did during that time.
…but how enforceable would the fine be? They pull out and have no UK assets to seize.
Why does it have to be immediately enforceable? Now Imgur have thrown the baby out with the bath water and cannot serve the UK and it leaves a big market for another company to come along and capitalise on that.
American companies are too use to being able to bully their way in America. Some countries do have better consumer protection laws.
It's not a particularly big market, and given the regulatory hurdles: it's simply not worth doing business with the UK for most companies anymore.
The regulatory hurdles here are quite small, actually. If COPPA were worded better, Imgur would've been in violation of that, too, from what I can tell of the complaint.
Depends.
If you're the US you call planes of out the sky that have representatives and owners of the companies on them.
I'm assuming any leadership of Imgur would want to avoid going to the UK for the rest of eternity.
Or they simply decide to pay the fine for the short duration they were not in compliance.
I would do that (after appealing) and be done with it.
Ultimately if enough businesses decide it isn't worth the bother than the restrictions will disappear.
> They pull out and have no UK assets to seize.
How do you expect the "pull out" to happen? They must have had a UK bank account or similar, whose transfers won't get approved as they're trying to escape from criminal prosecution. Or they'll work with the US to ensure responsible individuals are held responsible.
It isn't exactly the first time someone/something commits crime in a country then try to escape, there is lots of ways to work with others on this.
> Or they'll work with the US to ensure responsible individuals are held responsible.
May US voters put America First over international law.
>they'll work with the US to ensure responsible individuals are held responsible.
I heard here recently during a similar discussion (about 4chan and this same British watchdog agency) that the US does not allow extradition of its citizens for breaking non-US laws if the behavior is legal in the US.
There are various international economic laws, treaties and agreements between cooperating countries, whether or not any of them cover this scenario for to US, and whether the US would honour any agreement in the current political climate remains to be seen. But there are mechanisms in place that allow w the UK to reach US companies through each others legal systems to a degree and vice versa, regardless of asset location.
> whether the US would honour any agreement in the current political climate remains to be seen
That this is even a question is bananas to me. Isn't that handled by the judicial system rather than involving politics/the administration? Shouldn't be possible for the US to have a treaty, and there are questions about if the treaty will actually be enforced or not, how could anyone trust the US as a whole for anything if those aren't enforced?
Just because they've blocked UK users doesn't mean they aren't making revenue from advertising operating via the UK.
Pay this fine if you don't want to be arrested when entering the UK? Not that they plan to after this...
Imgur isn't a person, and the UK gov isn't ICE.
The whole point of corporations is that the company is liable, not its employees. also the shareholders are only liable for the money they put in, and not anything else.
Convictions in the UK are non-transferable. you can't convict a company, then transfer guilt onto its employees, they need to be tried at the same time.
Are you saying that the Pavel Durov situation wouldn't have been possible in the UK? Seems naive.
> Are you saying that the Pavel Durov situation wouldn't have been possible in the UK
first Durov is a French citizen, so its not like he's immune to french laws
Second france has a totally different legal system to the UK(legal code vs common law)
thirdly, he's the primary owner of telegram, not an employee
Fourthly he was arrested on fraud, money laundering and child porn charges. Those are all criminal charges, not civil(GDPR is mostly Civil, same with the online saftey act, howefver with the OSA "senior managers" could be criminally liable, but again that's for CSAM, of which possession and distribution is a criminal already)
> Seems naive.
I really wish people would actually bother to understand law, because its pretty important. For programmers is much easier, because we are used to reading oddly worded specifically ordered paragraphs to divine logical intent. The law is really similar to programming.
They're only threatening to fine them for previous violations of the law, not anything after they block access. Blocking access doesn't make the existing fine from when they were doing business in the UK go away, it just prevents future fines.
Whether they can collect the money while Imgur aren't doing business in the UK is a different argument, but it's not particularly controversial that a country can fine a business operating in its jurisdiction for violating that country's laws. Even if those laws are authoritarian bullshit.
Honestly, that's the most noteworthy part of this. The EU hasn't pursued any site that just blocks EU access (see any number of US sites than aren't GDPR compliant and I can't access from Europe). The UK is threatening to do something nobody else has really done before. It's crazy, imo, because I can see a whole lot of sites immediately blocking the UK to avoid any potential litigation.
> The UK is threatening to do something nobody else has really done before.
And what is that exactly?
>see any number of US sites than aren't GDPR compliant and I can't access from Europe
1. Make sites gdpr compliant by installing an extension or two. 2. Use a vpn to pretend to be not from Europe.
Being accessible over the internet from a country can't be the same as having a physical presence there. Otherwise, anyone putting any content on the internet needs to comply with the laws of every single country.
Following this logic, I suppose that, in the future, cars that cannot automatically detect the presence of a child in a wheelchair and prevent the engine from starting will be banned.
Why are you being sarcastic about this. Obviously that will be a legal requirement at some point, just like constantly supervising the driver for tiredness is.
I'm not being sarcastic. I'm predicting a trajectory of never-ending increase of regulatory requirements for any human activity which I don't like. Only big players have deep pocket for lobbyists and lawyers to avoid them or resources to implement them.
That seems to be the end game. Increase regulations without decreasing them > regulatory capture > big corporations own / operate everything, nothing local / no small businesses.
Complexity increases in every system till it fails. Avoiding this entropy may be impossible.
A dictatorship by bureaucrats is not a law of the universe. What used to work is that, when entropy increased on the governmental level, people would raise their pitchforks until something changes, for better or for worse.
This almost never worked out for the people. Most of the time they king got pissy about it and stacked heads 10 deep.
More so in the modern world if you turn off food and water for a few days you'd start stacking bodies like cord wood. We live in a very fragile state.
>Following this logic, I suppose that, in the future, cars that cannot automatically detect the presence of a child in a wheelchair and prevent the engine from starting will be banned.
You said this like it is a bad thing, which is baffling? Obviously cars should do this. One of the best things about adding self-driving features is we can add features like this (and speed governors) to make cars a lot safer for everyone.
why overregulation is baffling to you?
Because it isn’t overregulation? Ensuring cars don’t kill people is a good thing. It’s proven from the last century of road deaths that people can’t actually drive them safely so automating safety is the next best thing.
More generally I don’t think overregulation is really a thing. Just because you don’t see the use case for a rule doesn’t mean there isn’t one or it doesn’t serve some purpose. I think the last 40 years of removing rules have shown we are really bad at knowing where the line is.
I'm probably alone in thinking this is ok. According to the statement by the ICO reported by the BBC, this is because imgur has refused to implement some kind of technical verification of users being served pornography or suicide promotion.
Requiring this is not a bad thing
Governments/Regulation is the only tool at our disposal
How else should we approach this problem? Do we just throw our hands in the air? Or do we think that serving pornography and suicide promotion is not something that requires oversight?
If I don't want my child doing something, it's up to me to enforce that. I don't want my kid eating snacks before dinner, have I called upon the UK government to shut down the biscuit aisle at Tesco from 3pm-5pm?
The core of this issue is a kind of backwards notion that the internet needs to be a safe place, that the UK government says it can legislate that everyone on the internet has to verify who is accessing their site and then enforcing the UK's laws around it. It's nuts.
It's also not solving a problem. If you want to control what your kid sees on the internet there are already safeguards you can use, you can set up content restrictions on basically any device today. This law appears to be in place to be the mummy of children whose own mummies don't want to enforce certain restrictions on internet access.
I hear next month the M25 is going to be prosecuted for letting a child walk down the hard shoulder.
While this is a very real concern; I can't help but think it's over exaggerated? Kids will always find ways around blocks. I know, I too was once a child.
They're already using Google Docs as a chat application in class when social media is blocked. So what are we really trying to do here? Much like prohibition, I suspect we'll see the masses annoyed and inconvenienced, and those who want to find alcohol finding it regardless.
Sometimes I miss the old flash, irc, html tables for layouts internet.
The (a?) problem is that only the largest / most profitable players can afford to implement these systems. So while well intentioned they just shut out any company/service without loads of extra cash
imgur itself is an empty husk of its former self. Last time I visited their site, they had fired all their moderators and replaced them with AI. They were bought at some point by .. media labs? I don't recall their name, but I recall that they are moneygrubbing bastards, to phrase it in neutral terms. I don't intend to visit their site again. Instead, I have made an AI agent that can do it for me.
We desperately need an Antarctica/Moon style extraterritoriality for the internet.
Just tell your citizens that the internet is fair game? Why restrict it to this level and make using the internet the same as having to understand the law in 200 odd countries.
We could start with hosting everything on boats first. It worked for radio: https://en.wikipedia.org/wiki/Radio_Caroline
Have them all registered to the Principality of Sealand, just to be safe: https://en.wikipedia.org/wiki/Sealand
The global internet sure was fun for a bit.
Was it? It did a tremendous amount of harm as well. Future historians may judge us very harshly for how cavalier and flippant we were in unleashing this technology onto the public.
Yes, and if you can't see that you are a joyless human who will find misery in anything
Can you give us some examples of harm it's done?
There was the time facebook enabled a genocide in Myanmar, there is the Uber and AirBnb operating criminally without consequence having significant negative economic impacts to countless cities, there is all the research that shows the deep emotional damage done to teens on social media.
It enabled crypto, which is a criminal exercise to defraud people.
It also massively enabled echo chambers and conspiracy theories, undermining our social cohesion and community.
The way we rolled out the internet was a mistake and obviously so.
Thanks. And out of curiosity, could you name some positive things the Internet has enabled?
I'm also curious how you think we could have rolled it out better to have avoided those things.
-->could you name some positive things the Internet has enabled
This interaction? Honestly much much harder to list the positives.
I think much more regulation much much earlier. Cypto-currency should have been shut down immediately never allowed to grow. Same with Uber and AirBnB. Social media companies should have been banned from during algorithmic feeds and been required to moderate content much better.
> This interaction? Honestly much much harder to list the positives.
Well while I appreciate that, I'd urge you to dig a little deeper; I'm sure you can think of many things. The Internet has enabled creativity, the sharing of knowledge, scientific advancement, and international cooperation & communication (I'm speaking mainly between citizens) on scales unimaginable a few short decades ago, to name just a few things!
Certainly, there are issues that comes with it - and we can and should solve them! - but ignoring the massive good it brings is not good. I'd also point out that many of the issues you outlined certainly predate the Internet, and were in fact much easier to accomplish - genocides happened and were easier to hide (or at least shape the narrative of) when information was a lot harder to distribute. People believed in all sorts of crazy things too, with little or no hard evidence.
In short, governments and internet do no mix. Whenever they do, it ends in a disaster for the people.
Pretty much all countries have governments and the internet and I'd say it tends to end in annoyance rather than disaster, such as having to turn on a vpn to see junk on imgur in this case.
The only actual internet caused disaster I can think of - https://en.wikipedia.org/wiki/Rohingya_genocide - was caused by a lack of regulation and "let's kill them all" stuff on facebook. 25k+ dead.
Everything that Cambridge Analytica did is another good example [1]. Granted that it doesn't rise to the level of a "25k+ dead disaster", but it's not nothing, it's a lot of bad things. And it also stems from lack of regulation, not from the opposite. As will other examples.
1) https://en.wikipedia.org/wiki/Cambridge_Analytica#Elections
by the definition inter-net is the net between (something). These laws create intra-nets, which are ruled by different laws
> by the definition inter-net is the net between (something)
Internet was originally defined as the "network of networks", i.e. the net between local nets.
But also, Internet with zero governance isn't any better for the people.
So what's left?
Are you sure?
Back in late 90s, 2000s, even 2010s, the internet was truly awesome. Only once governments started to get involved, by increasing the red tape and adding restrictions and whatnot, it became shit.
So I would argue that you are completely wrong. Yes, it might have been a bit of a wild west, but that is a good thing because you needed to have some smarts to navigate it and that filtered out the dumb masses that pollute it today and why we cannot have nice things.
I am not saying people should not have access to it, just that the less people there were, the better it was and the less attention it had by the governments. Which in turn made it much better experience than it is today.
But most people, actually, have not lived through those "early" days and cannot even comprehend how great it was back then and how crappy and restricted it is today.
The internet became shit not when governments got involved, but when millions of people came online and pushed early enthusiasts into a minority.
The invasion of normal people onto the internet was the seed for handing the web to a small selection of companies, and a decline in etiquette which is now reflected in the real world (misinformation, political polarisation, bullying and group radicalism).
It was inevitable that regulation would need to come as soon as this group came online. Many regulations were postponed way too much, because politicians of the time didn't understand what they were dealing with.
There is nothing wrong with governments putting in regulations about child safety on the internet, so long as that's the real purpose (in the UK, this isn't it). It's not right for companies like Facebook to be misusing the data of child (nor should it be for adults either).
> The invasion of normal people onto the internet was the seed for handing the web to a small selection of companies,
I would argue that consolidation is the natural outcome of capitalism and growth, it will happen if there is no intervention. The fact that the growth came from "normal people" is not the most relevant thing. It merely reflects the thing going mainstream, no longer only used by nerdy early adopters. It's in inevitable consequence of growth past a certain point. Consolidation requires only that government is hands-off on a lucrative market, e.g. allowing mergers and acquisitions.
Further, I would say that these large companies use their power and influence to avoid meaningful regulation. And that they are largely unregulated now.
It is absurd to blame this current state of affairs on "government red tape".
> So I would argue that you are completely wrong.
You could argue that, but it would be idiotic. It would be deeply and deliberately ignorant of e.g. Facebook complicity in ethnic massacres in Myanmar. Cambridge Analytica. Youtube as an engine of algorithmic radicalisation. The continued extremism on what was once Twitter. Online anti-vax disinformation. QAnon. All of Truth Social.
You posit it as "people vs governments" but that is not the reality. There is a third force. "The people" don't run the internet any more. A few incredibly wealthy oligarchs control most of it, and this trend is strengthening. Elon. Zuck. Jeff. Satya. Sergey. Rupert. You know who I mean from one or two syllables each and that's telling. This state of affairs requires government inaction as power consolidates.
> But most people, actually, have not lived through those "early" days
I have been online since the mid 1990s, so whatever point you might be trying to make doesn't apply to me.
The idea that "Government red tape ruined the internet" is just nonsense.
By the way, "back then", when there was no or little regulation, online businesses had to build trust by being reliable and deliver on their promises. That is why paypal could have even taken off as a business. Nowadays, with regulations, we are supposed to trust every company because it is regulated or might have some kind of legal danger for not providing services and whatnot, yet that is not the case in reality.
So again, i argue that internet before facebook, instagram, tinder... was in its golden age mostly due to lack of government involvement and too many people being online.
IDK, this makes very little sense to me. You used to rely on but trust, and now you can't ... because government? You have to trust and it doesn't work? So maybe don't do that and you'd be back where you were?
The "mostly due to lack of government involvement" part that you abruptly pivot to in the second para is completely unsupported and does not tell a compelling story about how we got here. Try Cory Doctorow on "Enshitification" which does, and it's all about consolidation and large company leverage. The only way that government is involved is as a bystander who could have done something but did not.
Back then facebook did not exist. Hence, good times. Also, government regulations always come because people start complaining they got scammed or damaged in some way(usually due to their own ignorance), so government comes in and makes things worse for everyone. I am not saying there should be no legal framework for internet, but today it is just way too much and it stagnates progress, freedom of speech and overall usability of the whole thing itself.
> Back then facebook did not exist. ... so government comes in and makes things worse for everyone.
I really do not agree at all. The power consolidation that Facebook is a good example of is just not a government regulation thing at all. The opposite in fact. Government regulation being hands-off allowed the internet to become "5 giant websites that share screenshots from the other 4". And that they're largely uncountable.
The internet as it is today, with very little governance over the large websites that exist today, is terrible for the people who are online today. I stand by that. Removing regulation won't help, as the bad actors are already pretty much unregulated already.
We do not have to agree. My point was that internet should be as little regulated as possible, as it transcends borders and governments. You see it in another way, and that is fine. I have no issue with that. Merely difference of opinion.
Cheers.
I don't really understand the argument that Facebook should have been allowed to consolidate its power by acquiring WhatsApp and Instagram ... because the apps are multinational.
Maybe those acquisitions should have been allowed, and maybe not. But the reasoning there is non-sequitur. The one thing simply does not follow from the other.
How do you "pull out" of the UK if you are not a UK company, you are a US company, hosted in the US, and proxied by Fastly. There's nothing to do? You do not need to abide by UK laws, even if your website is accessible from there.
You are sending data into the UK, hence you have to abide by their laws regarding said data.
As the owner of a U.S. based website, I am not sending data anywhere. Some people in the U.K. might request data and download it from my site. I'm not forcing it on them.
You can absolutely take that stance and be fine as long as you never get into the sphere of influence of UK law enforcement for potentially a very long time.
If they get hold of you your interpretation of who sent what doesn't matter but theirs does. They can absolutely hold you until your fine is paid or you spend and equivalent amount of time in prison.
Many people like to vacation in the UK or Europe (one diverted flight away) and they might decide that it's better to just block users and be done with it. Some people may even happily pay a small fine incurred before the block.
HTTP responses (website contents) are data that the web servers you are paying for are sending. People can’t download anything from your site without your servers sending the data. Nothing forces you to send that data when you receive an HTTP request. Indeed, geoblocking is a common way to prevent sending data to jurisdictions whose laws the sending of the data might be in violation of.
HTTP GET is pull, not push. The user is pulling data, not the server is pushing data. Government doesn't care though. It intentionally have chosen not to understand that detail.
It’s the server’s choice to send or not to send the data. The fact that the server is receiving a request for the data in no way implies that it has to obey it. If someone places an order for a product whose distribution violates a law, the distributor is still responsible for sending it. Someone selling drugs is still responsible even if the buyer requested the drug. Someone distributing unlicensed material is still responsible even when that material was specifically requested.
NO, bad analogy. A shop in Amsterdam sells shrums in Amsterdam, which is legal. User from UK buys shrums, transaction happens in Amsterdam, which is legal. User brings shrums to UK, that's illegal and the user is liable, not the shop in Amsterdam.
Except in your image, the shop is shipping his shrooms to his home in the UK.
or what?
I’m explaining why UK law applies. Prosecution and enforcement are separate topics.
The UK government does not care. The law applies no matter where you are hosted, where you are incorporated or who is proxiying you.
>You do not need to abide by UK laws, even if your website is accessible from there.
The UK government does not agree.
But its still not the UK government's decision. They don't have sovereignty over other nations, as much as they'd like to think they do.
All they can legally do is bitch and moan and order UK ISPs to block. There's no action they can legally take against Imgur.
The US does exert its laws extraterritorially when there is a sufficient nexus to US interests too. Why wouldn't the UK be allowed to do so?
The US also has outsized influence in this arena due to the USD being the world reserve currency. Which isn't to say that might makes right, but it's easier to get your way when you can dictate the terms by which banks and nations can interface with the global economy. The British pound doesn't have quite the same level of soft power, so it must be wielded more strategically to avoid completely losing that which it still possesses.
I don't imagine going after Imgur would be a worthwhile exercise of that soft power.
The UK? How many divisions do they have?
Why shouldn’t Russia be allowed to exert their laws extraterritorially? Or Mali? Or Sudan? Or the Iranians? Or China? Or Israel?
What you’re asking for is the end of the internet, full stop.
They are! Russia has been fining Google increasingly insane amounts for blocking state media [1]. It's the company's prerogative of whether they want to have a legal entity falling under the country's jurisdiction and whether employees want to travel there and risk being held criminally liable.
It's likely simpler to just block access to the country's IP ranges (or ignore!) and move on.
> It's the company's prerogative of whether they want to have a legal entity falling under the country's jurisdiction
Except in this case, Imgur does not have a legal entity falling under the UK's jurisdiction. They are purely a US based company. It's not like Google, Apple, etc. that have offices in the UK.
This particular fine is the UK trying to extend its jurisdiction to entities that it has no sovereign authority over.
Just because some UK user might visit my website doesn't mean I now have to follow all UK laws if I don't actually do business there, and don't intend to.
Blocking the traffic is how we end up with the balkanization of the internet.
> Just because some UK user might visit my website doesn't mean I now have to follow all UK laws if I don't actually do business there
That's exactly what it means.
On what basis should you be allowed to violate British law when interacting with a British resident? Because you're not under British jurisdiction? That would be incredibly illogical. Not only would it mean that people and companies under British jurisdiction are privileged by the British legal system over those in other jurisdictions, but it would also raise questions about the need for such legislation if the British legal system accepts that it's okay for people from other jurisdictions to violate it.
> On what basis should you be allowed to violate British law when interacting with a British resident?
If all I do is host a website that serves images, and I'm not hosting nor operating out of the UK, why would I be subject to their laws? Just because it's accessible globally means I now have to factor in every possible regulation from around the world?
The burden shouldn't fall on me, the website operator, to block UK traffic because they want to restrict content or enforce age verification. Nor should they be able to fine me. It's up to the UK to have UK based ISPs block my site then.
Obviously a different story if I'm deliberately offering a paid service to UK citizens, or advertising to them, etc.
But to suggest that every website owner now needs to be aware of, and follow, ever nation's unique regulations will spell the death of the internet as a global network.
> why would I be subject to their laws?
For the same reason that a person under British jurisdiction is subject to its laws. I mean, laws, including British ones, exist for a reason. And usually, that reason isn't "because they're British," and this reason makes sense regarding to non-residents as much as it does to residents.
> Just because it's accessible globally means I now have to factor in every possible regulation from around the world?
Literally. Unfortunately, international laws and international cooperation are not yet sufficiently developed, and extradition requests for such reasons are not a common occurrence yet.
> The burden shouldn't fall on me
The burden doesn't fall on you. That's not how laws work. Laws usually work like this: The British government decides that certain actions are harmful to the UK, and to prevent them, it punishes those who commit them. So, on what basis should you be granted an exception to this logic? These prohibited actions don't become any less harmful to the UK just because they were committed by someone in another jurisdiction.
> Unfortunately, international laws and international cooperation are not yet sufficiently developed, and extradition requests for such reasons are not a common occurrence yet.
Unfortunately? You’d prefer that the owner of a UK pro-LGBT site could be extradited to Uganda over some anti-gay law? Should BBC reporters be sent to the gulag for writing an unfavorable article about Russia?
The fantasy world you’re imagining will literally never happen. You are either absolutely blind to the reality of international relations or you’re trolling. This sort of extraterritorial reach over internet content would be impossible even within the EU (good luck getting Hungary to extradite over UK hate speech laws). It’s simply a non-starter no matter how much you try to claim that it’s “obviously” how things work.
(Edit: I looked at your comment history and found my answer.)
> You’d prefer that the owner of a UK pro-LGBT site could be extradited to Uganda over some anti-gay law? Should BBC reporters be sent to the gulag for writing an unfavorable article about Russia?
Indeed, a good argument against globalization and international law. So yeah, fortunately, international laws and international cooperation are not yet sufficiently developed, and extradition requests for such reasons are not a common occurrence yet.
> You’d prefer that the owner of a UK pro-LGBT site could be extradited to Uganda over some anti-gay law?
Ye I wish people did this more often. Looking at the consequences from an external view and also how things can be missused.
The usual response is some handwaiving "obviously it doesn't apply to the outgroup only to the ingroup as I define it don't be silly".
>There's no action they can legally take against Imgur.
This is a very, very dangerous game to play.
This is how employees of your business on vacation in the UK end up in jail.
> This is how employees of your business on vacation in the UK end up in jail.
I mean its not. Because this is data protection laws, the company is liable, not its employees. (https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...)
Even in cases where a company causes death, or destruction and the company is found liable, employees are not allowed to be used as standins, employees need to be convicted as well. a conviction isn't fungible, that kinda the point of common law.
I mean yes, if you have a large well funded company that brings profit to said country that is how common law works.
In the US for example if you happen to bring gambling funds to some other country from us citizens you will be arrested in very creative ways while not even getting close to the US.
At the end of the day all law is what the government wants to do and can get away with. When it comes to not actual citizens of the country they tend to get away with a whole lot more. Or another more simple way to put it, "You can beat the wrap, but you can't beat the ride".
Imgur recently fired all of their employees, and no longer has any actual staff. No developers, no moderators, no IT guys.
An ongoing protest over the state of Imgur has been going on since the first of this month.
So, uh, _what_ employees on vacation?
So the company is owned by a mythical no one? Somewhere on a corporate charter there are names.
Its owned by worse than that. Its owned by MediaLab now. That's the same company that owns WorldStarHipHop, the website that encourages children to do dangerous acts to get viral stardom.
You can look up who owns MediaLab, and the things they have done. I don't think the UK is going to kidnap them if they go there. They have money.
I suppose in their defense, culturally, the UK hasn't respected many borders apart from their own so this really isn't anything new.
Zing aside, I'd be thrilled to see whatever prosecutor or litigator or whatever they call them over there bring a case against a US based company for hosting content in the US, geoblocking the UK, a UK resident using a VPN to bypass that block, and making the case that that is somehow the US company's fault.
> I suppose in their defense, culturally, the UK hasn't respected many borders apart from their own so this really isn't anything new.
Did the US respect the borders of Hawaii?
a) whataboutism isn't an argument
b) if you expect me to defend in the slightest the US and it's own shady history regarding settler colonialism, rest assured, there is no risk of that.
The UK also is trying the same stunt against 4Chan.
The article is from a month ago, but the gears of "justice" rotate slowly: https://www.bbc.com/news/articles/clyjq40vjl7o
One thing to note is that UK government officials also seem to be masquerading and submitting reports to try to ToS these websites.
The response from 4chan's lawyers sums it up:
American citizens do not surrender our constitutional rights just because Ofcom sends us an e-mail
FWIW, on old.reddit.com it still shows the cached image view, so no actual need to visit Imgur.com - a site that has had some quite interesting drama for the last few months.
Imgur is a joke. They block VPN users with an intentionally obtuse "Imgur is temporarily over capacity. Please try again later.". Most importantly, its value for the average person has plummeted ever since its 2021 acquisition, and when they started deleting inactive content. UK's regulations have no place on a free internet, but the company running it is anything but worthy of praise.
Oppan North Korean Style.
In Poland we had no access to "western" electronics since 1989 because we had been part of the "Warsaw Pact" i.e. subordinate to USSR. This was hard, so I pity for you guys in UK
> In Poland we had no access to "western" electronics since 1989
I think you meant "until 1989"
Nope. He's typing that from an old Amiga over a 600 baud connection.
that's not funny. In 1990s the demo scene mainly used Atari 65XE. Amiga was only for the richest, who had their family working in Germany. Quite nice book I can recommend "Oni migają tymi kolorami w sposób profesjonalny" from a witness of those times.
It's hardly a comparable situation to be honest
What I mean is that this always starts with the same. First goes draconian laws, full inviligation, "Give me the man and I’ll find the crime". Later goes isolation. Apple already considered BREXIT of their cloud because of UK govt's invigilation programme
Europe is working hard to build themselves a little ghettoized corner of the internet.
It's all a bit annoying. I gather imgbox is an alternative.
I really don't remember voting on this web censorship issue, or ID cards, because both of those policies would have changed my vote, for sure.
Of course you don't remember - you don't vote on individual laws, you vote for politicians.
Politicians always lie/"break promises", so whatever they say before an election only has a loose correlation with what they actually do. Pay attention to their track record and vote accordingly next time.
It's not a "UK Image site", it's a US company.
Do business in the UK? Then accept we prioritise our kids over your costs. Toodle pip.
This is the best possible result I think. Until the regular citizens suffer as a result of tyrannical policies they will never think to vote out the corrupt police state politicians who invoke these insane policies in ever increasing power grabs.
I remember Imgur as a small project of a Redditor because we needed to share images. It is remarkable how a small project like that can still generate an international news headline more than a decade later.
Good for the UK IMHO. Just seeing with how many 3rd party sites Imgur shares data with is disgusting.
Hopefully many more companies do this and British internet users migrate to use of VPNs. This will apply maximum pressure on the government to reverse these parochial laws.
I'm not a fan of the law but the idea of foreign businesses pressuring the government still puts a bad taste in my mouth.
>This will apply maximum pressure on the government to reverse these parochial laws
Whatever the annual revenue of imgur was is now up for grabs for any British entrepreneur willing to build an image hosting site and unless British people have an innate preference for exporting their data to the US they'll likely stick with that. In other words, it's a good opportunity for the domestic tech sector, that's what happens in most cases when foreign companies tend to be blocked.
The value of imgur isn’t really in being able to upload images there, it’s access to all the images uploaded from the rest of the world. Especially historical uploads, say, a turorial or a travel log using imgur as reliable image host. Locally created and operated british website aimed at brits makes sense when it’s local news or local services or whatever. Local image hosting site that serves only (primarily?) brits seems of very questionable utility unless you somehow become a big hub for outsiders… at least until $other_country demands UK stop tracking their children or whatever excuse they’ll use.
Yeah let us find random ways, that we never used to care about, to ban all foreign websites so a "brit" can take over haha. This is quite authoritarian and corporatist and worthy of some criticism from more libertarian minded onlookers.
The source is this statement from the ICO (Information Commissioner's Office, who enforce data privacy rules, GDPR etc).
https://ico.org.uk/about-the-ico/media-centre/news-and-blogs...
What are they actually accused of? That article doesn't mention any specifics.
There is a bit more detail on these pages:
https://ico.org.uk/about-the-ico/media-centre/news-and-blogs...
https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...
No full detail though. Having said that, the second link is particularly interesting as it goes though various companies with comments about each.
I do wonder if this is in any way linked to the ongoing enshittification of imgur, and the recent associated user revolt (link: https://news.ycombinator.com/item?id=45102905 ).
>The ICO also confirmed that companies could not avoid accountability by withdrawing their services in the UK.
Get the fuck out of here.
[flagged]
Outrage! Now where am I going to get my cat pictures from ?! ¯\_(ツ)_/¯
Im sorry, if you run a site some where not in the UK. It doesn't give the country jurisdiction over the entire internet.
If a country wants to enforce some kind of rules, they will have to apply them to the countries residents, because its the resident that go out on the net and conduct the behavior, not the other way around.
This has been common sense for a long time now. Everybody is going crazy/mad. Must be some seriously narcissistic people running the UK.
Just a few months ago games built by US-based developers, sold on US-based platform with payments processors also US-based were censored by actions of Australian christian activist group.
Simply by sending some threating letters to payment processor management. It was done by few hundred fanatics who want to censor what content everyone is allowed to access.
Since this is possible, there not enough resistance and UK government have much more resources we'll all have to live with this.
Im not sure how they can enforce this?
Blackmail. No actual jurisdiction over companies or management needed if you can just threaten them something bad happen to them.
If you are serving the UK market, you follow UK laws. It's that simple. In this case they are misusing UK children's information, that's a no-no in a country that has actual consumer protection laws. I'll wait for the EU to catch up on this too.
While the UK and EU (and US) like to pass stupid laws, in this case it's just an American company misusing citizen's data and not giving a crap. Good riddance.
"Serving a particular market" is ridiculous. Just adding Paypal to your website should not require you to understand 200 odd legal jurisdictions.
This needs to end asap.
If I sell a product to a US citizen I have to pay US income tax despite not being in the US, my business not being in the US, and not creating the product in the US.
I then have to hope the US has a tax treaty with my country in order to attempt to recoup the costs.
Is that fair?
