Search results for:

Another place shutting down https://www.gamingonlinux.com/forum/topic/6463/

Which also means there probably is a case for writing to MPs.

Sooo.. Anyone know who the secretary of state is?

Apparently there is a way to not have to do this stuff... The secretary of state has authority and power to make exceptions and carve outs.

Lolz, but seriously... If you represent other small sites then journalists keep asking me for examples of others affected... You should make yourself known.

I kinda like the "user agreement that forces arbitration prior to any Ofcom involvement" route too... sorta combine all of the evil legal things together so that they cancel each other out.

this is likely wishful thinking, this wouldn't work... but I can hope.

less of a challenge than the suggestion someone made of forcing everyone to VPN.

Out standing in my field, yes.

Well, if you're going to actually ride your bike... there's no helping some people

I wouldn't go that far, but astrophotography is the perfect hobby... you buy a telescope, a flask for whiskey, it's too cloudy, you have a drink... repeat forever.

I've replied to it

Hi,

I worked in Ofcom’s online safety team, and now run http://www.illuminatetech.co.uk. We want to help you keep these forums open, for free.

I think there is a huge discrepancy between what smaller services actually need to do, and the perception created by Ofcom’s thousands of pages of consultation.

The best version of the Internet is one where small, niche websites like yours can thrive - an ecosystem of ideas and services. I recognise the perceived risk the OSA poses to sites like yours, and am really keen to create resources to help sites like yours not have to worry about compliance (for free or close to free).

We think we can sort out OSA compliance for you in half a day, max. And as said, we’ll do it for free. Please get in touch at hello@illuminatetech.co.uk if you’re interested!

I suspect the catch is that we'd be a high profile case study (given the coverage in the Telegraph, Telegraph (so good they ran it twice!), Computing UK and forthcoming New Scientist article)... but hey, that would be fine with me.

My concerns to be very explicit aren't just the risk assessment, but things required to mitigate risk afterwards... i.e. CSAM scanning, building new moderator tooling or training, being "on-call" in case of reported content whilst I'm on vacation, etc... i.e. all the ways that a single person run hobby site (even when they support such a large audience) has to achieve the implementation standard of big tech. The context is that I put a few hours per month in... I have a day job that I love, and a life outside of running websites... so if the compliance concludes that to mitigate risks I need to go spend hundreds of hours coding things, and writing things... I'd still seek to close it all on the 16th March.

But you likely know what the impact is better than I, so if you think it's unlikely that I'd need to change anything other then just assess impact and some minor things, I'll take you up on it.

Edit: I wouldn't accept "for free" as that would come with no guarantee or liability for the work, but I'd so "small fee" for an indemnity regarding the compliance.

did you say that it's better to bundle them up to once a quarter rather than monthly?

PayPal makes it better to have a higher donation less frequently... as they kick in a fixed fee + a %. the fixed fee is 30p, and then it's a % of transaction... hence when people do a 50p donation the % is deducted from 20p... it's pointless... when people do a £1 donation it's almost pointless but still appreciated... but it's best when it's £10 as then the total fees are a low % of the overall.

if you were donating £3 per month, it's better to just do £9 every 3 months, etc... as then the fees consume far less of it.

I think the % is 3%... I'd need to check that.

and once in a while someone will forget they have a donation and dispute it, and then the dispute fee typically wipes out someone else's donation too.

the huge benefit of lots of small transactions is resilience... in the early days we only had a few people donating a high amount, and 1 person stopping the donations would suddenly create a peril that month.

so lots of small is preferred... but not too small as too much goes to fees.

then occasionally people come along and do a one-off £50, £100, £200... and that offsets minor losses for a few months, and sometimes I'm lucky and I'm not out of pocket at all for a long stretch.

you all do need to decide what you want to do though... I can only share opinions.

I will opt for letting go on 16th March, but if I can line it up for whatever your chosen route is... I'll do so.

my personal belief, which is certainly open to being challenged, is that the compliance route is hard today... it's not clear if we're Low or Medium risk, and we're almost certainly a Multi-risk service... it's not just completing a risk assessment, it's then about taking steps to mitigate the risk.

the steps we'd have to take are not just completing paperwork, but a mix of people, tech, process. that's a larger burden, and still some risk and the liability remains.

the tech option is attractive to me as a possible solution others take... because I know tech. and I know that no part of this service really requires any knowledge of location or nationality of the person accessing it... the only thing that grants it that are the person running it (me, I'm in London), where it's hosted (in London), the name of the site (London again), and the self-declared most visible users (London)... but LFGSS is huge, and it's not been about just London for a long while... and 3 of those things are trivial to change, I can stop being involved, the service can be hosted elsewhere, the name can change... and the last, where users declare that they are, maybe don't do that. as a technical exercise to put websites beyond the reach of a jurisdiction, there are lots of examples of this working... it does seem crazy to run a platform of forums as if it's the pirate bay... but this is what happens, when laws have side effects, things go underground, I have a better idea of how to do that and hand it over to someone, than I do of how to make the service fully compliant according to my current understanding of what would be needed.

of course a technical solution appeals to a techie.

I'm still don't understand why there's a need for hosting the site outside the UK and all the rigmarole that entails since most users will be in the UK

The point would be to shutter all UK focused sites (hyper specific and 100% UK such as Islington, Brixton, etc).

And to instead acknowledge that LFGSS has a global audience (yesterday 50% of all traffic was from the USA alone, about 20% of traffic is currently from Tor where I've no idea where it's from)... rename LFGSS to something that isn't London specific, and let it just be a site on the internet, not a site aimed at UK users. It's almost hilarious how many people posting about how sad it is are not even in the UK.

Then, alongside the large international fora in other languages, such as Pignole Fixe, etc... to basically go "no staff in UK, no servers in UK, not aimed at UK people"... and if the Europeans who pick this up do it in Germany and to comply with strict data laws there just disable all logging of country of access, etc...

... well, that would not be a UK service to UK users run by UK staff... in fact, it's way outside of the OSA and UK reach... but only by shuttering the explicitly UK oriented sites.

And honestly, if any user ever says they're in the UK... they should just be banned. Feel free to talk about the place, but internet users should be users of the internet.

Oh gosh, I can't see the comments thankfully. Unsure which of my many blocking things did that

Another thing that occurs to me—how can you moderate risk in PMs?

I can't... and DMs have been used to share shock images like Goatse, and some of those get reported.

The Act also covers harassment and stalking, and many would say that some people who bear grudges have done that on here, that it happens daily.

The Act also covers hate, and I myself have encountered transphobia, and every woman on here will show you the sexism everywhere, or the racism that is pretty much everywhere. It's subtle, but it's there.

There's no way we're a good place... we may be better than most, and more tolerant and accepting... but there's always some few who are present and also exhibiting the worst traits that drive the risk up... I cannot stop them, and tools proposed by the Act won't stop them either.

Welcome to the World for a forum moderator / admin.

The shit I've seen.

And some of the people on this site have done all manner of stuff for which I could've been held liable... they corrected their behaviour, but damn, that liability would've been real whilst they were in the throes of their anger and stupidity.

There was that guy only a week or two ago who wanted to be banned for essentially far-right statements, transphobic statements, and misogynistic statements... I banned him for spam instead as he'd trolled several fora... but still... this is not a zero risk, this is in fact the primary risk.

is there the chance that when it does come out it'll provide some paths for lower compliance burdens on SMEs/single-person outfits? As I understand the CSAM scanning thing is still slightly in the air as the tech doesn't exist yet/is not widely available..?

From what was published two days ago that seems unlikely, the guidance was relatively clear (linked in the main shutdown thread first post)... a forum would come under "All Services" and "Multi-Risk Services"... and the Multi-Risk services include scanning of content (links, images), as well as additional moderation tools, and training for moderators, etc.

The burden I see isn't just the compliance risk assessment, but the actions needed to mitigate the risk identified.

I am old, so recall the https://en.wikipedia.org/wiki/Gay_Nigger_Association_of_America trolls spamming Slashdot continuously for years... and I recall 4chan and 8chan forum invasions and the uploading of an overwhelming amount of porn onto other forums.

We cannot say that the risk is not there, and the Streisand Effect shows that once it's known how to weaponise the risk then it will be weaponised.

To really mitigate the risk we'd need a much larger team of volunteers, all very active... today if I went on holiday, hiking and stargazing, or did a work trip that took me offline as I'm too busy... it could be 1-2 weeks before I could respond to moderation requests. This is realistic today.

Under the Online Safety Act, whilst the material posted remains unmoderated, harm is caused and the risk is realised.

This is fundamentally my concern... I think there is a path for compliance, but it requires not just legal work, but technical work... on a platform that is a decade old and that only I know intimately today.

There is also a path for not making compliance necessary, which is just to leave it as-is in terms of technical capability (no scanning of content, etc), and to take it fully out of the UK (my involvement ends anyway, hosting moves to France or Germany, someone manages the money side from Europe, all UK specific sites shut down).

We do need to evaluate what would be required to consider the compliance path... but if we cannot meet that standard and no-one wants to take the full liability, then what's the path to just keeping the international side of things and breaking all links with the UK?

Another offer turned up yesterday by a company in the US to give us a shelter... it all works, but only if links to the UK are broken (though I'm inclined towards an EU shelter instead).

Fwiw, I have a docker file that can be used to deploy the Django front end

The old crappy code? you know how to deploy it?

Wow... you achieved what I did not :D I like your style.

If you make it an anarchist collective in Europe for an international audience... then the only bit to solve is the money... for which I very highly recommend OpenCollective EU.

I'll emphasise again... the money is the PITA.

I can move the servers to Germany, hand over the keys to some Europeans, shutter the obviously geographic and UK focused forums (Islington CC, Brixton CC, etc)... and move LFGSS to being post-geographic (plausible as a lot of traffic is international, US being very prominent, and Tor seems to be hitting us hard at the moment).

The load balancers could be deployed anywhere and considered disposable, with Tailscale or another Wireguard VPN connecting to wherever the website actually ends up being hosted.

This could easily be an international anarchist collective with no clear owner, and nothing in the UK except for a minority of users.

But the hard thing will always be: Who pays the bills, how do they receive the money.

You can try the "be compliant" route... but read the details, you'd need to add CSAM scanning of attachments, far more moderation tooling, training for moderators... and prove you have all this stuff.

There's a lot of technical work, social work, needed to be compliant. It's not just the risk assessment, as a forum that takes user generated content and provides user-to-user services... we're in the "All Services" and "Multi-Risk Services" buckets of the Ofcom compliance... so if people are serious about keeping something alive, you really have to answer "Are we going to comply and accept that risk?" or "Are we not going to comply and just shutter the UK sites?"... the latter has a path to the platform living on as an international thing that serves international audiences. I'm sure there might be some UK users, but it wouldn't be the focus or intent, and the platform should just outright deny service for UK specific forums (hence you'd still have to shutter Islington CC, Brixton, etc... but could keep a post-geographic LFGSS, PignoleFixe, Espruino and other things)... it would trim the platform to a core few sites, but would be able to live on until such a time that the Europeans also implement a dumb law.

What's the cost breakdown of the 800 per month and can it be reduced without meaningful impact to the service?

£800 per month is what I recommended try to be raised on an ongoing basis by getting just shy of 250 people to donate £10 every 3 months.

£10 every 3 months minimises the impact of payment provider fees on smaller donations. (There is a single person who donates £1 per month, less than half reaches the account... it's such a waste, it's actually more donation to PayPal than it is to LFGSS).

250 people gives a far better spread of donors, and given that almost 10% expire out every 3 months will provide a bit of a buffer.

That amount should mean that over time you accrue a larger buffer, but never need to hit anyone's personal credit card to pay a hosting bill.

We presently have around that number of donors... but, most are doing £3 or £6, and based on the frequency and higher % of payment fees on the smaller donations, it means we're only getting about £300-350 per month... which is why I top it up every month.

The real breakdown of costs today:

• Linode $375 per month for the virtual machines, backups of the virtual machines, and the object storage (currently shy of 1TB for attachments), we received free bandwidth as part of the VPS costs which allows 22TB of traffic, we typically use about 6TB per month as we are very cache efficient. AWS would wipe us out on bandwidth from the account, and from the object storage.
  
• Tarsnap $25 per month for a remote backup of the database
  
• Twilio / Sendgrid $126 per month for 100k emails and a static IP to send them
  
• Some domain names... approx $100 per year
  
• An SSL cert that is wildcard at $250 per year (as I could never work out how to get certbot and LetsEncrypt to do wildcard + SNI for other FQDN at the same time)
  
  

Some of those costs vary due to exchange rates, but basically $501 per month in fixed monthly costs, another $30 per month in annualised costs... $530 per month being the estimate roughly being £420 per month in intrabank exchange rates... add roughly 10% lost to payment fees and forex rounding up that happens because I never figured out early enough to just pay all the bills from a Wise account... roughly £460 per month at the moment.

Donations bringing in roughly £350 per month, and you see the £100 shortfall... hence I just pay all the bills from my personal account, and draw the PayPal money into that account and absorb the loss. Some months someone will donate £50 or £100, and those months I don't subsidise it.

My rough summary here and recommendations here:

• The hosting is very cheap, there's a lot of headroom, but it's not obvious that reducing the VPS devices would be a smart thing to do (they have too much CPU, but the LB needs the disk space for cache, the DB needs the memory, etc)... given that I don't even know how to deploy the old Django... leave it where it is with Linode, but we can move it to Germany and out of the UK.
  
• The money side could easily be dramatically improved... just have an Open Collective EU account, receive donations there, provide the transparency I never managed to with PayPal... and then pay the bills from a Wise account and reimburse that person... this is very very easy to run, especially if an EU citizen runs it.
  
• Add a new service, a shared Protonmail email or Migadu for probably $100 per year per user/role, and give the volunteers access to that... i.e. have a "admin@microcosm.app" email, and make it accessible by a cohort of volunteers... and avoid having a single named individual as the owner anywhere. You probably only need 1-2 email addresses to cover everything, a Fastmail account might even be sufficient.
  
• Encourage each volunteer to have a password manager like Bitwarden, share credentials via Signal and store in local Bitwarden accounts.
  
• Pay for multiple cheap frontends around the World in various hosting providers, all using a Wireguard VPN or the like to connect to wherever the servers are ultimately hosted... this is probably another $100 per month... and we'd just make the DNS round robin to them because they're stateless caches, if any were taken out, the others would be fine.
  
  

Edit: Updated 2024-12-20 as I added a server to help support the archiving efforts.

Also Winchester bike hub CIC has offered to be an umbrella for us.

@eespark

I'm trying to write an article but @Velocio hasn't responded to my DM asking for an interview. I'm trying not to take it personally.

I replied eventually

Only thing I can think of is a carve out for sites under a certain size. Anyone have any better ideas?

That's so I've asked for, run by individuals or below a certain size