Looking through the #OnlineSafetyAct stuff for small providers and it seems… pretty reasonable?
-
@solarisfire I don't understand why you'd configure it to store that much media from people you don't know.
Why not set the cache to be zero (or a few hundred MB)?
There's no advantage in continually storing other people's content.
-
@Edent @jalal for sure, and for those of us old enough and grumpy enough to have been through this a few cycles, it's probably fine (let me show you my thick IR35 file).
But for the (majority of?) folk who aren't legally inclined, the choices appears to be (a) shut up shop, (b) spend significant money on a lawyer explaining wtf, or (c) risk terrifying fines on the basis that it *probably* won't come to pass.
I have complete sympathy for those who choose the path to walk away.
-
@Edent @jalal who said anything about large? AIUI you don't have a get-out-of-jail-free card just because you have a dozen users?
And there were plenty of people nervously eyeing the exit when GDPR came along. Fortunately (or not) all the "SEO experts" told them they could just stick up a consent banner and everything would be fine...
-
@ahnlak there's no point us continuing this discussion if you haven't read the guidance.
Muting this thread now. Feel free to come back when you've read and understood it. -
@Edent one of the key problems at the moment (ignoring that the policy isn't great and will have bad unintended outcomes and cooling effects) is that the Ofcom guidance is 1500 pages and not yet summarised.
For people who run something relatively small in their spare time, just finding an understandable summary of what's actually expected of them is an unachievable overhead — at least for now.
It's a recurring theme that small and micro businesses (and nonprofits) are overlooked like this
-
@owenblacker I agree. And spent a bunch of time with DCMS trying to get them to see that. Similarly, chatting with Ofcom peeps now.
Of course, the guidance would probably have had a longer lead in time if there wasn't an election recently
-
Does the search built into Mastodon not risk bringing a single instance into scope of a regulated search service? I couldn't see a fitting exemption in Schedule 1
Section 229 does say
> does not include a service which enables a person to search just one website or database.
It feels like you could argue this both ways - the content it returns is federated in, but all stored on my site (but then Google could argue similar).
-
The objective is protecting the user(s) from problematic search results.
If I am the only user of that search service, as well as the person running it, then I'm struggling to see Ofcom's interest.
(But now I am wondering if someone else can use my own instance's search engine. Hmm...)
-
@neil @solarisfire @Edent Yeah sorry, I should have been clearer - they can, search is available to people who aren't logged in
-
@ben @solarisfire @Edent Then that might need some more thinking!
-
Assuming that it would be covered (which is a big IF), it'd mean there's an avenue by which alice could screw bob.
It's easy enough for Alice to set up something (or lots of somethings) which push content into Bob's AP inbox.
If Alice being able to search is enough, then she also has the avenue to complain.
I did briefly think population could be done by searching the URLs of specific toots, but that only works if you're logged in
-
@ben @neil @solarisfire
Yes, that's why my ActivityPub not doesn't store replies to it.
I don't want other people's content on my system. -
@jalal Just like something can happen your site to release all your user's personal data?
The whole point of the regulations isn't to punish you for something happening. It is about making sure you have controls for *if* something happens.
It isn't "ban a site because a bad image got uploaded" - it is "did you take down the image when alerted to it?"
That's a fundamental difference.
