Ask HN: How will the OSA affect small Mastodon instances?
I am not currently a user of Mastodon, but I have some interest in the project. I was looking at some stuff that seemed to indicate to me that the OSA could make it difficult to self host Mastodon without providing age verification. I was then reading the provisions and realsised that it didn't really affect you unless you have at least 3 million monthly users, so in theory would not affect self hosters with only a few users. But then I thought that if you are federated with a very large instance then your users could potentially be able to interact with enough users to fall under the provisions.
This could potentially be a grey area that could expose self hosters to considerable risk if they are not careful.
I wonder if there any UK based Mastodon hosters out there who are considering this. Are you considering shutting down to prevent any liability? Could this be the "death" of Mastodon hosting in the UK?
Anything with under 7 million users in the UK is a "smaller" service - so has lighter requirements. See https://ofcomlive.my.salesforce-sites.com/formentry/Regulati...
If it allows unmoderated communications, it might be higher risk. See https://www.ofcom.org.uk/siteassets/resources/documents/onli...
But most of the requirements are stuff that Mastodon services should be doing anyway - responding to complaints, have a code of conduct, have moderators, perhaps use a CDN to filter out CSAM etc. See https://www.ofcom.org.uk/siteassets/resources/documents/onli...
If you're self-hosting purely for yourself, there are no users other than yourself - so no need to worry.
Good answer.
I would be surprised if the UK government tried to read - and implement - the legislation in the broadest sense any time soon. If you have an instance and are below the 3m MAUs, you're likely fine.
Until you're not.
The moment a Mastodon instance is found to be hosting content the OSA is meant to protect minors from, that instance will be investigated and explored to the most liberal interpretation of the law, and that individual is going to find themselves either implementing age verification, shutting down that instance, or fighting their stance in court.
Risk, as ever, is about likelihood, not just impact. How likely are you to find yourself hosting such content? Could you self host just for you and people known to you? Your question implies you want to set up a centralised instance with lots of people you don't know, but that's the exact scenario Mastodon is meant to counter, it's meant to be federated. And if it's just you and your mates, what's the issue? If you want to give children access, you're into another World of problems, so maybe for your own sanity - and arguably, theirs - just don't do that.
>Risk, as ever, is about likelihood, not just impact. How likely are you to find yourself hosting such content?
The fediverse is full of material which is illegal in many countries. Especially drawn CP and hosting a node means that you may start to host that material itself, that is part of the fediverse.
IMO the risk of a life ruining lawsuit is very substantial. Law is complex and you are not able to figure out yourself whether you are actually liable, especially when there is so little precedent.
You can always take a whitelist approach to federation, federating only with well-moderated instances.
OSA = United Kingdom Online Safety Act, I think
Thank you.
You could always ask Ofcom yourself. They are an industry self-regulation body. They exist to provide that advice to businesses as well.
But since the penalty is a fine proportional to revenue, I suspect there is not much Ofcom can do about non-commercial hosting anyway.
1. It’s Mastodon, with an o.
2. I don’t think Mastodon will be tangibly affected because it’s too niche and not corporate.
Oops! Yeah, you're right. Thanks for the correction. Shows how long it is since I've used it.
I asked a somewhat related question here:
https://news.ycombinator.com/item?id=44710221
[dead]