Source: https://infosec.exchange/users/isotopp/statuses/115059833470035521

Transcript

Age Verification

Due to applicable UK laws, websites must verify the age of visitors using official ID to confirm they are at least 18 years old. We are a small site and unfortunately do not have the resources to implement such a system, so we are unable to serve users in the UK.

We are not required to verify your location, so please confirm below:

[I am not in the UK] [I am in the UK]

  • nomadjoanne@lemmy.worldEnglish
    451·
    21 hours ago

    If they have no infrastructure or legal presence in the UK they are not required to do shit. The UK can block them but that’s about it.

    The UK does not have extraterritorial jurisdiction! Whatever stupid shit they do on their shitty little island does not affect foreign firms that do not operate there.

    • Pup Biru@aussie.zoneEnglish
      2·
      4 hours ago

      kinda… if you never plan on visiting the UK or any country with extradition agreements with the UK, sure… not sure exactly how extradition works, but if you ever come to a country and have big fines etc pending then they can do whatever they want

      if you were like… the CEO of reddit or something, and just chose to forgo ad revenue etc from the UK but still remain operational, i’m pretty sure they’d be able to get you

    • blargh513@sh.itjust.worksEnglish
      963·
      1 day ago

      Sadly, will not actually be sufficient. They put the full burden of this shit on the site owner, all of it, without exception.

      You could host in a country like Cameroon, they won’t give a shit and EU won’t bother going after them. They could geoblock the whole country however.

      • Hoimo@ani.socialEnglish
        10·
        21 hours ago

        UK left the EU, so the EU won’t be doing anything regardless of your host country.

      • NoPanko@feddit.ukEnglish
        58·
        1 day ago

        Meh you just say “we don’t serve users from your country, we are not bound by your laws. users from the UK are breaking our tos”

        • Pup Biru@aussie.zoneEnglish
          1·
          4 hours ago

          that’s not super convincing though… just like TOS isn’t a protection for murder and other serious crimes, it can’t protect against all things. i’m not sure how the law is worded, but it’s not quite so cut and dry

          • Pup Biru@aussie.zoneEnglish
            1·
            4 hours ago

            it does, but i don’t think they’re actually following GDPR… GDPR applies to residents of the EU; not where they are accessing the content from… technically, if an EU resident accesses a non-GDPR-compliant site while visiting the US (etc), the site is still legally obligated to follow GDPR

            it’d be way to difficult and probably ineffectual to enforce since the entity doesn’t necessarily exist in the EU (and they have bigger fish to fry, among many other reasons), but technically it’s there and they could probably do things like blocking executives from entering the EU or arresting them if they enter

            • Droggelbecher@lemmy.worldEnglish
              1·
              2 hours ago

              Yup, that’s what we’re saying. Some sites don’t work in EU because they don’t want to comply with GDPR, so it’s likely some sites will stop working in UK because they don’t want to comply with their anti privacy laws.

      • MagicianWithABadPlan@lemmy.worldEnglish
        40·
        1 day ago

        It’s pretty sufficient. I’m not British, I don’t sell products in Britain, I do not have British assets, and I’m compliant with all American laws. They can levy all of the fines they want but I’m not obligated to care.

        • Pup Biru@aussie.zoneEnglish
          1·
          4 hours ago

          unless you ever want to visit the UK

          of course if you don’t ever want to, that’s fine… or if you’re small enough to fly under the radar

          but just because you have no presence doesn’t mean you’ll never have any presence

  • schema@lemmy.worldEnglish
    49·
    1 day ago

    I recently looked through the requirements on Ofcom’s website, and to me it sounded like every email service falls well into their “user to user communication” category, which would have to “assess the risks”. It’s not really different than communicating in an internet forum, except it’s not public, but that’s not really a factor i think. Sending porn via email is probably as old as email itself.

    Email providers cant moderate their users’ mails (i mean they could try, but that would likely be the end of them for the obvious breach in privacy). And having people have to age-verify for an email account would be ludicrous, especially considering children need emails for school, etc.

    I wonder if they ever clarified anything about email services and how they would or would not be affected by this bullshit law.

    • AspieEgg@lemmy.blahaj.zoneEnglish
      39·
      1 day ago

      This isn’t considered verification in the UK from what I can tell. Companies are now implementing AI face scans, ID checks and credit card verification to comply with the UK law. I’m not a lawyer or even British, but it wouldn’t make sense to me that companies would spend money to turn away their UK customers otherwise.

      • ddh@lemmy.sdf.orgEnglish
        16·
        1 day ago

        How are they checking that your website’s face scans are actually ‘working’ and not just passing everyone?

        • piccolo@sh.itjust.worksEnglish
          15·
          1 day ago

          Also what stops someone just getting OBS virtual webcam and just feed it stock video of some old geezer…?

          • theneverfox@pawb.socialEnglish
            17·
            1 day ago

            They make you do things like open your mouth and smile

            You’d have to use a video game… Which people are doing

              • bstix@feddit.dkEnglish
                1·
                4 hours ago

                You’re not thinking big: Rent out other people’s faces!

                Instead of an actual click farm where slave workers click phones all day, you make an app.

                The app works like this: When the users (or let’s call them: “Partners”) get a notification from your app, they just have to smile at the camera, sometimes do other expressions. They are then rewarded with points which they can trade for for actual real life discounts on real online stores. Something like 1 cent per picture.

                You now setup a service for people who want to bypass facial age verification and feed their requests directly to the app for a small fee of 5 cents per verification.

                • samus12345@sh.itjust.worksEnglish
                  2·
                  5 hours ago

                  The video game trick doesn’t work everywhere. I don’t know about deepfakes and such, both how easily available they are and how good they are at tricking the age verification.

                • ddh@lemmy.sdf.orgEnglish
                  1·
                  12 hours ago

                  Even if 3D images are required, surely there are 3D deepfake faces people can wear. But anyway, we’re being distracted by the part of this law that stops kids going online. The quiet part is the part that gets every adult to show their real face to some website. Those adults need deepfake faces just as much if not more so.

      • Gutek8134@lemmy.worldEnglish
        1·
        24 hours ago

        I know about Online Safety Act, I was making a comparison between the system shown in the screenshot and the one I mentioned