But most of the requirements are stuff that Mastodon services should be doing anyway - responding to complaints, have a code of conduct, have moderators, perhaps use a CDN to filter out CSAM etc. See https://www.ofcom.org.uk/siteassets/resources/documents/onli...
If you're self-hosting purely for yourself, there are no users other than yourself - so no need to worry.
I would be surprised if the UK government tried to read - and implement - the legislation in the broadest sense any time soon. If you have an instance and are below the 3m MAUs, you're likely fine.
Until you're not.
The moment a Mastodon instance is found to be hosting content the OSA is meant to protect minors from, that instance will be investigated and explored to the most liberal interpretation of the law, and that individual is going to find themselves either implementing age verification, shutting down that instance, or fighting their stance in court.
Risk, as ever, is about likelihood, not just impact. How likely are you to find yourself hosting such content? Could you self host just for you and people known to you? Your question implies you want to set up a centralised instance with lots of people you don't know, but that's the exact scenario Mastodon is meant to counter, it's meant to be federated. And if it's just you and your mates, what's the issue? If you want to give children access, you're into another World of problems, so maybe for your own sanity - and arguably, theirs - just don't do that.
>Risk, as ever, is about likelihood, not just impact. How likely are you to find yourself hosting such content?
The fediverse is full of material which is illegal in many countries. Especially drawn CP and hosting a node means that you may start to host that material itself, that is part of the fediverse.
IMO the risk of a life ruining lawsuit is very substantial. Law is complex and you are not able to figure out yourself whether you are actually liable, especially when there is so little precedent.
You choosing to host that material is illegal. You finding yourself hosting that and taking action to remove it and aid the authorities, is not.
If I slip illegal content into your bag, the law may challenge your possession of that content, but if you can show you had no knowledge of possessing it and no intent to distribute and that in fact you've been setup, the law is going to treat you very differently to you obtaining that material and putting it in your bag yourself.
Servers aren't much different. It's what you do when you notice the problem that counts.
Anything with under 7 million users in the UK is a "smaller" service - so has lighter requirements. See https://ofcomlive.my.salesforce-sites.com/formentry/Regulati...
If it allows unmoderated communications, it might be higher risk. See https://www.ofcom.org.uk/siteassets/resources/documents/onli...
But most of the requirements are stuff that Mastodon services should be doing anyway - responding to complaints, have a code of conduct, have moderators, perhaps use a CDN to filter out CSAM etc. See https://www.ofcom.org.uk/siteassets/resources/documents/onli...
If you're self-hosting purely for yourself, there are no users other than yourself - so no need to worry.
Good answer.
I would be surprised if the UK government tried to read - and implement - the legislation in the broadest sense any time soon. If you have an instance and are below the 3m MAUs, you're likely fine.
Until you're not.
The moment a Mastodon instance is found to be hosting content the OSA is meant to protect minors from, that instance will be investigated and explored to the most liberal interpretation of the law, and that individual is going to find themselves either implementing age verification, shutting down that instance, or fighting their stance in court.
Risk, as ever, is about likelihood, not just impact. How likely are you to find yourself hosting such content? Could you self host just for you and people known to you? Your question implies you want to set up a centralised instance with lots of people you don't know, but that's the exact scenario Mastodon is meant to counter, it's meant to be federated. And if it's just you and your mates, what's the issue? If you want to give children access, you're into another World of problems, so maybe for your own sanity - and arguably, theirs - just don't do that.
>Risk, as ever, is about likelihood, not just impact. How likely are you to find yourself hosting such content?
The fediverse is full of material which is illegal in many countries. Especially drawn CP and hosting a node means that you may start to host that material itself, that is part of the fediverse.
IMO the risk of a life ruining lawsuit is very substantial. Law is complex and you are not able to figure out yourself whether you are actually liable, especially when there is so little precedent.
The law is complex, but not vindictive.
You choosing to host that material is illegal. You finding yourself hosting that and taking action to remove it and aid the authorities, is not.
If I slip illegal content into your bag, the law may challenge your possession of that content, but if you can show you had no knowledge of possessing it and no intent to distribute and that in fact you've been setup, the law is going to treat you very differently to you obtaining that material and putting it in your bag yourself.
Servers aren't much different. It's what you do when you notice the problem that counts.
You can always take a whitelist approach to federation, federating only with well-moderated instances.
OSA = United Kingdom Online Safety Act, I think
Thank you.
1. It’s Mastodon, with an o.
2. I don’t think Mastodon will be tangibly affected because it’s too niche and not corporate.
Oops! Yeah, you're right. Thanks for the correction. Shows how long it is since I've used it.
You could always ask Ofcom yourself. They are an industry self-regulation body. They exist to provide that advice to businesses as well.
But since the penalty is a fine proportional to revenue, I suspect there is not much Ofcom can do about non-commercial hosting anyway.
I asked a somewhat related question here:
https://news.ycombinator.com/item?id=44710221