Online Safety Bill - Thoughts?

Blue and true said:
This thread is a fucking embarrassment. People moaning about the government prying on your privacy and collecting your personal information? How many people pay their vehicle tax online? How many pay their TV licence online? The government already know who you are, an uploaded picture of yourself is not something they would struggle to get outside of this legislation if they truly wanted to. Driving licence? Hello?

The moaning of intrusion is also ironic when many of these people will plaster pictures of their family on social media, sending them to a sprawling city of servers in the hills of California; well guess what, those pics are no longer yours. You forfeited that ownership the moment you uploaded them onto the internet. We're already living in Orwellian times, some just don't want to admit it.

This new law is a good thing, it may be incomplete and the desperate will try to find work arounds, but anything that works towards safeguarding a child's online activity is a good thing.
Click to expand...
It's different when it's wanking though, isn't it?

But yeah, the number of people making this party political as well. 'Nanny state' Labour being blamed for Tory legislation, by people whose opinion would flip 180 degrees if they were still in power. The reality is something needs to be done if we don't want to live in a world where a 10 year-old can openly watch a simulated gang rape where the woman looks like she's enjoying it, and putting all of the onus on parents is unfair. If we accept that age restrictions on content should exist, and I think most people do, then you need to have some way of verifying age online. There's also the argument, of course, that the cat's out of the bag now, and there's no way to regulate it. After all, streaming PL games for free is illegal, and still rampant. There are also legitimate concerns about how the age checks happen, and how data is stored, but as you say, there's nothing unique about that - it's already a massive issue for every other online activity.
 
The idea of wanting to protect children from what they see online is obviously reasonable enough, but this isn't the solution. As is often the case when governments intervene in technology, the legislation is ill-thought out. It's fairly easy to bypass for a start, but also potentially threatens the future of online communities such as this one with the new duties/responsibilities it puts on providers.
 
Ric said:
The idea of wanting to protect children from what they see online is obviously reasonable enough, but this isn't the solution. As is often the case when governments intervene in technology, the legislation is ill-thought out. It's fairly easy to bypass for a start, but also potentially threatens the future of online communities such as this one with the new duties/responsibilities it puts on providers.
Click to expand...
Yep. I gather many forums have closed down as a result already.
 
Major pornography providers including Pornhub, the UK’s most popular pornography site, have pledged to implement the strict age checks required under the act.

The act also requires sites and apps to shield children from other forms of harmful material, particularly content that encourages suicide, self-harm and eating disorders. It requires tech platforms to suppress the spread of content that is abusive or incites hatred against people with protected characteristics under the Equality Act such as age, race and sex.
 
I'm With Stupid said:
It's different when it's wanking though, isn't it?

But yeah, the number of people making this party political as well. 'Nanny state' Labour being blamed for Tory legislation, by people whose opinion would flip 180 degrees if they were still in power. The reality is something needs to be done if we don't want to live in a world where a 10 year-old can openly watch a simulated gang rape where the woman looks like she's enjoying it, and putting all of the onus on parents is unfair. If we accept that age restrictions on content should exist, and I think most people do, then you need to have some way of verifying age online. There's also the argument, of course, that the cat's out of the bag now, and there's no way to regulate it. After all, streaming PL games for free is illegal, and still rampant. There are also legitimate concerns about how the age checks happen, and how data is stored, but as you say, there's nothing unique about that - it's already a massive issue for every other online activity.
Click to expand...
Honestly I think we should contemplate a smartphone ban for under 16s. It sounds draconian and is. And it raises all sorts of questions about how do we compensate people who have just bought an iPhone etc. And it has lots of drawbacks because smartphones are genuinely useful for kids too.

But nevertheless I think it stilll needs serious consideration because I think there's a broad consensus that something must be done. And the current legislation isn't it. It will have some marginal benefit sure, and is better than nothing. But if it's e.g. 90% ineffective then it cannot be the solution we need.
 
Damocles said:
Really funny that anybody who actually understands how the internet works thinks this is a terrible idea while all the people who have no idea what a race condition is, are all for it.

We need to stop allowing people to legislate on a technology that they don't understand.
Click to expand...

And there's a massive age correlation with that.

The government has just given 16 & 17 year olds the vote and immediately brought in a bill that 90% of that demographic will hate, know how to circumvent with a VPN and understand why it's total bollocks.
 
Ric said:
The idea of wanting to protect children from what they see online is obviously reasonable enough, but this isn't the solution. As is often the case when governments intervene in technology, the legislation is ill-thought out. It's fairly easy to bypass for a start, but also potentially threatens the future of online communities such as this one with the new duties/responsibilities it puts on providers.
Click to expand...

The Government, as it always does with online legislation, relies on the ignorance of the general public to the dangers and the privacy implications of internet usage. They see the internet falsely and they only learn about the dangers once its already gone wrong.

As somebody experienced in internet security and has spent most of my life involved in differing degrees in that area, I have zero social media under my own name. I don't pay for my TV licence online nor my council tax and I use a VPN constantly.

Again, people don't understand the dangers. They use security through obscurity and hope for the best.

The idea of "well I'll just upload a selfie" shows an incredible misunderstanding of that danger. They don't know what is going on technically behind the scenes and the holes in it. It's like those gamers who randomly install kernel level anti-cheats in the latest games. They don't understand what they've done.

Let's have a look at just the serious CVEs that have been announced just recently:

There's 2 10.0 (!!!!) rateds CSE in Cisco Identity Systems API that allows remote code execution, CVE-2025-20337 and CVE-2025-20281.

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Click to expand...

CVE-2025-49706 is a 3.5 rated exploit in Microsoft SharePoint that allows an attacker to spoof network information. CVE-2025-49704 is a much more serious exploit rated at 8.8 in Sharepoint that allows remote code execution.
CVE-2025-54309 is a 0 day on CrushFTP rated 9.0 that allows privilege escalation to admin. CVE-2025-6558
is a Chromium engine exploit that allows sandbox escaping and code execution on the host machine, Google rated this as high severity. Chromium is the engine that powers Chrome, Edge, Brave, Opera and many other browsers. CVE-2025-53770 is a somewhat famous 9.8 rated exploit in SharePoint that allows remote code execution that was so severe that last week, almost every Government IT employee in the world had to work overtime to immediately fix it.

That's just 5 in the last 2 week alone and 3 of those had zero day exploits spotted in the wild already and are built by multi billion dollar companies who have full code auditing and CI/CD strategies in place by the best programmers in the world. This also doesn't mention the Docker escape vulnerability, the VMWare escape vulnerability and a fucking privilege escalation that found in sudo's chroot recently.

But just upload a selfie to some random company who aren't really that arsed about security. No possible harm there. Good job lads.
 
Damocles said:
Exhibit A
Click to expand...
I worked in IT for 40 years mate.

Of course Google has privacy concerns but everything is relative. Sure they monetise everything they can but they are not criminals and they do understand basic concepts like zero trust, strong encryption and WebAuthn. It's not like they will be holding your passport info in some clear text unprotected database.
 
Chippy_boy said:
I worked in IT for 40 years mate.

Of course Google has privacy concerns but everything is relative. Sure they monetise everything they can but they are not criminals and they do understand basic concepts like zero trust, strong encryption and WebAuthn. It's not like they will be holding your passport info in some clear text unprotected database.
Click to expand...

Google took down over 50% of all major internet sites (AWS, Discord, Spotify, X, Google itself, etc) including this one recently because they tried to dereference a null pointer.

4dv1d79j6x6f1.webp
 
Chippy_boy said:
Honestly I think we should contemplate a smartphone ban for under 16s. It sounds draconian and is. And it raises all sorts of questions about how do we compensate people who have just bought an iPhone etc. And it has lots of drawbacks because smartphones are genuinely useful for kids too.

But nevertheless I think it stilll needs serious consideration because I think there's a broad consensus that something must be done. And the current legislation isn't it. It will have some marginal benefit sure, and is better than nothing. But if it's e.g. 90% ineffective then it cannot be the solution we need.
Click to expand...
An easier fix for this would be to force the phone manufacturers to implement an 'under-16/18' mode. IE, they can install some apps but not social media apps.

They'll still get around it though and no doubt parents will facilitate it because parents don't really know how to parent this stuff.
 
Tbh is a retrograde step. Kids searching sex won't be able to watch it on Pornhub and other mainstream porn sites. Now, instead they will go to the more extreme sites that have not been included in legislation.

Adults will get vpn.

Nothing has changed except kids now access sex via more extreme websites and the rest just buy VPN.

Has someone in our govn got shares in Nordvpn or sit on the board ? That's where my money would be.
 
Gorton_Tubster said:
Has someone in our govn got shares in Nordvpn or sit on the board ? That's where my money would be.
Click to expand...

No, NordVPN is registered in Panama for legal reasons and is a Lithuanian company. It was started by two childhood friends, one a hacker and another non-security guy who wanted to monetise their knowledge. They are security audited every year and are the constant target of massive bug bounties (this is a very good thing). They have the strongest security in the VPN space and are the one I've recommended for over a decade (and this was before they built a lot of usable apps).
 
Damocles said:
Google took down over 50% of all major internet sites (AWS, Discord, Spotify, X, Google itself, etc) including this one recently because they tried to dereference a null pointer.

View attachment 164654
Click to expand...
Sure, bugs happen.

But for most people, trusting Google is a reasonable compromise and FAR better than handing details over to some outfit you've never heard of, with unknown security capabilities and who maybe is not even SOC2 compliant.

If someone is competent, sure, host your own Keepass and setup vlans in pfsense etc etc etc. But it's beyond the scope of 99% of users.
 
Damocles said:
The Government, as it always does with online legislation, relies on the ignorance of the general public to the dangers and the privacy implications of internet usage. They see the internet falsely and they only learn about the dangers once its already gone wrong.

As somebody experienced in internet security and has spent most of my life involved in differing degrees in that area, I have zero social media under my own name. I don't pay for my TV licence online nor my council tax and I use a VPN constantly.

Again, people don't understand the dangers. They use security through obscurity and hope for the best.

The idea of "well I'll just upload a selfie" shows an incredible misunderstanding of that danger. They don't know what is going on technically behind the scenes and the holes in it. It's like those gamers who randomly install kernel level anti-cheats in the latest games. They don't understand what they've done.

Let's have a look at just the serious CVEs that have been announced just recently:

There's 2 10.0 (!!!!) rateds CSE in Cisco Identity Systems API that allows remote code execution, CVE-2025-20337 and CVE-2025-20281.



CVE-2025-49706 is a 3.5 rated exploit in Microsoft SharePoint that allows an attacker to spoof network information. CVE-2025-49704 is a much more serious exploit rated at 8.8 in Sharepoint that allows remote code execution.
CVE-2025-54309 is a 0 day on CrushFTP rated 9.0 that allows privilege escalation to admin. CVE-2025-6558
is a Chromium engine exploit that allows sandbox escaping and code execution on the host machine, Google rated this as high severity. Chromium is the engine that powers Chrome, Edge, Brave, Opera and many other browsers. CVE-2025-53770 is a somewhat famous 9.8 rated exploit in SharePoint that allows remote code execution that was so severe that last week, almost every Government IT employee in the world had to work overtime to immediately fix it.

That's just 5 in the last 2 week alone and 3 of those had zero day exploits spotted in the wild already and are built by multi billion dollar companies who have full code auditing and CI/CD strategies in place by the best programmers in the world. This also doesn't mention the Docker escape vulnerability, the VMWare escape vulnerability and a fucking privilege escalation that found in sudo's chroot recently.

But just upload a selfie to some random company who aren't really that arsed about security. No possible harm there. Good job lads.
Click to expand...
I've just remembered an experiment last year where someone hooked up a Windows XP virtual machine to the public Internet (no firewall, no antivirus), just to see how long it would take to get infected. Within about two minutes!!!, the system started being hit—malware installed without any user interaction, trojans, adware, backdoors. Even without any browsing or activity beyond just being online, the machine was discovered and exploited almost immediately!

It's a pit of vipers out there, it really is.
 
Damocles said:
Really funny that anybody who actually understands how the internet works thinks this is a terrible idea while all the people who have no idea what a race condition is, are all for it.

We need to stop allowing people to legislate on a technology that they don't understand.
Click to expand...

Did you see how teenagers are getting around the restrictions already. I had to laugh at the ingenuity of it.

www.pushsquare.com

UK Citizens Using the Photorealistic Death Stranding 2 on PS5 to Bypass Porn Blocks

Thank you, Kojima
www.pushsquare.com www.pushsquare.com
 
The argument over ‘uploading a selfie’ is a curious one. My phone uses facial recognition, people are uploading selfies, videos of themselves and others, to social media platforms by the thousands every day. We are captured on CCTV, private security cameras and doorbell cameras which are linked to security companies. We have devices in our houses that records our everyday conversations and stores them god knows where.

I have photo ID’s - passport and driving licence - taken in a digital photo booth in some random shop. I opened a bank account with a self shot video. Biometric passports will store your fingerprints and so on and so on.

We will all have an online biometric Govt issued ID wallet of some description one day. Can’t say I am wild about the idea, but that’s just an instinctive reaction and even hypocritical given the way I happily put data on line, have credit card details stored on sites like Amazon without giving it a second thought.

I’m not a huge fan of this age verification move, but I don’t object to prohibiting the sale of alcohol or nudie magazines to under 18’s even though it’s not illegal for under 18s to drink alcohol at home or jack off to porn for that matter.

Australia is looking to extend its social media ban to YouTube, the EU is developing its own age verification system which will work with the EU digital wallet also being developed.

The UK age verification law is not an end in itself, but a first step on the road to Govt stored biometric online ID wallets. Physical passports, driving licenses all gone. You get scanned at an eGate, or by the police, or by a shop as you enter. Every device you own has a camera. The moment you open that device it could theoretically allow to access sites because your ID has already been recognised.

Big Brother is already watching and listening and contrary to popular belief, I think most people will be happy with it or simply not care.

dig.watch

EU will launch an empowering digital age verification system by 2026 | Digital Watch Observatory

Designed to reshape how Europeans prove their identity online, the EU’s groundbreaking age verification system balances privacy, safety, and sweeping regulatory power in a single digital wallet.
dig.watch dig.watch
 
You must log in or register to reply here.
Unread Posts

Don't have an account? Register now and see fewer ads!

SIGN UP
Back
Top