The child protection laws in the UK come into force in just over a month. If anyone has missed them, in short, the Government, via the BBFC, will have the power to demand ISPs to stop access to UK residents to any web site showing 'porn' that does not verify the age of people accessing it.

'Porn' is defined as videos or parts of videos that are already assigned an R18 certificate, and goes on to refer to "any other material" that "would be an R18 certificate" but, and here is where the problem lies, also works "produced solely or principally for the purposes of sexual arousal".

The gulf between 'R18' and that final statement could pretty much cover anything. It is wildly subjective and could be abused, but it is happening and it could have a profound effect on communities like this.

http://www.wired.co.uk/article/porn-block-ban-in-the-uk-age-verifcation-law

Assuming the UMD, being a US site, doesn't implement age verification then I imagine it will rapidly be blocked by the major UK ISPs in accordance with the new law. This throws up two distinct issues:

• Admin access for UK-based producers to manage and maintain their stores
• Access by consumers to purchase content

Producers will presumably be able to get round the blocks by the use of VPNs, and so will the more tech-savvy customers - there is about to be an absolute explosion of demand for VPNs in the UK I suspect - but the less tech-savvy may well find themselves completely locked out.

It would be useful to know what percentage of the global WAM market comes from the UK. If it's minor then site operators elsewhere will just ignore them and UK consumers will simply not be able to access many sites. Of course the biggies like PornHub will have the age verification systems installed and so the problem of WAM content being pirated is liable to get a lot worse.

The Law is so badly written and implementation is so poorly thought out, I doubt it will be rapid. It requires the British Film Classification body (!) to request that the ISP remove access. I doubt they will have the resource to go actively looking but I wouldn't rule out an ultra-conservative group already having compiled a list to send to them.


And a third - just people accessing the community. And yes VPNs would get around the issue. I wonder if we need to have an article on using VPNs for non-tech savvy people? Just as a public service


I suspect we are a disproportionately large producer and consumer of WAM content for such a small and insignificant Isle, but I guess the people in charge here might be able to give us a steer on that?

Oh...the UK is definitely a major marketplace. It has always been the 2nd largest wam marketplace in the world (after the USA, and in 3rd place is Germany).

My sales stats over the last 27 years have consistently shown the USA is 40% of sales, the UK is around 35% of sales and Germany is around 15% of sales....so those 3 countries account for around 90% of sales. The Northern European countries are around 5% of sales and all other countries in the world account for less than 5% of sales.

The UK is definitely a major country for wam based fans, and that cannot be ignored......so buy shares in VPN companies or join a VPN affiliate program to promote VPN banners on your websites because up to 40% of your customers are coming from the UK and they will need VPN accounts if they value their privacy and do not want their name to end up on some government database, or worse, a database managed by Mindgeek, the parent company of Pornhub.

I can foretell the future of this UK system, some hackers will eventually hack this database of adult website visitors and then send out blackmail emails to those people if they hold prominent positions in society or are running for public office. Paying $4 a month for a VPN account is safer than subjecting yourself to blackmail threats if your name gets in a government run database.

MK

Yeah, I was thinking this is another bit of "fluff for an elephant", just VPN around it.

Could Messmaster design an age varification tool for the umd and all other Wam sites?

Just a thought, but the UMD is the main market place, so if people get themselves age varified for here, all our sites could have a script pasted in to run the same code, get varified once for access to all.
Only apply to UK IP address visitors, all people from everywhere that doesn't have our shit government don't have to varify.

Much better than using Porn Hubs owners to do it.

The loss of income to the UMD would be massive if the UK traffic were to be blocked.

Messmaster has the skills to do this and we are a community, not just a collection of random sites.

Or: Could we launch the UMD's nukes? I really want to launch the nukes.

Keep in mind that between every elected government official on the entire planet, you could probably count the ones who have as much as a 3rd-grade understanding of how the internet actually works on one hand... even if you were missing some fingers.

In virtually every instance, these "blocking" schemes operate at the domain name level. I have yet to see one that blocks IP addresses, which is the ONLY way the internet functions. (domains are a user-friendly overlay for stupid people who can't remember tedious strings of numbers) In every historical instance, they simply redirect DNS requests for a specific domain to a bogus government-mandated message about how you are evil and will probably burn in hell. They do the interception at your ISP's DNS resolver, which your connection is automatically configured to use by default. In many instances, you don't even need to bother with the expense of a VPN. All you need to do is instruct your router or computer to use a DNS resolver that doesn't give two shits about the UK's idiotic laws. If you don't know how, just google "change dns server" and your OS version or router model number, depending on which device you want to set up. For most people, your home router would be best, as that will fix every device on your local network & wifi connection. In either case, remember to reboot the computer afterwards to flush the old info.

The easiest ones to remember are Google's:

8.8.8.8
8.8.4.4

Here's a list of some others. It's a few years old, so they might not all work these days

###### DNS ##################

Cisco
128.107.241.185
192.135.250.69

Verizon (Level3) Nameservers
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6

SpeakEasy Nameservers
66.93.87.2
216.231.41.2
216.254.95.2
64.81.45.2
64.81.111.2
64.81.127.2
64.81.79.2
64.81.159.2
66.92.64.2
66.92.224.2
66.92.159.2
64.81.79.2
64.81.159.2
64.81.127.2
64.81.45.2
216.27.175.2
66.92.159.2
66.93.87.2

ORSC Public Access DNS Nameservers
199.166.24.253
199.166.27.253
199.166.28.10
199.166.29.3
199.166.31.3
195.117.6.25
204.57.55.100

Sprintlink General DNS
204.117.214.10
199.2.252.10
204.97.212.10

Comcast
75.75.75.75
75.75.75.76

I mean...would you rather OUR shit government? I don't think MM is gonna do nothing if he's going to lose more than half the community. But yeah, if this is coming up soon may wanna sticky it or something.

I should also mention that you generally don't need to use a domain name at all. You can access most websites using the IP address if you know it. Here's a direct link to the UMD

http://50.97.148.17

Unfortunately MM likes to cram a lot of different web properties onto the same IP address, so this currently brings up the UMD fetish site, not the main one. Considering the size of the UK market, he can probably be convinced to modify that behavior in the near future

The trouble is.

We are not just talking about all of us in this thread, we are talking about all of our customers, not all of whom are tech savvy, in fact a lot of whom just know as much as they need to find our sites and buy what they want. Some even have issues just doing that. A lot of whom will give up when facing a block screen.

They are talking about blocking sites that don't comply with age varification, not those that do. What sort of penalties are they willing to hand out for sites that try to get around the rules? I mean, none of my websites are actually based in the UK, but I am.

Surely in this instance it might simply be easier to try to comply?

If people can't see our sites because they are blocked, they are more likely to just go to pirate sites that aren't blocked because they complied with age varification.
Which truly sucks, the websites that are the main reason for so much free, easy to access porn being available to children are the ones who will benefit the most from this new law. I mean these assholes are responsible for facilitating our content being removed from the safety of our protected pay to view systems and putting them up for free easy viewing for all.

The system I see is:
Someone new goes to my site, they get a block screen which asks them to enter their UMD username and password or register to join UMD.
Once they enter their username etc, the system checks if they have varified their age, if they have, cookies are used to unblock the site.
If they haven't the system asks them to do so.
But, once they are unblocked by the UMD system, they are unblocked for all sites using it. So all they would need to do is enter their UMD username and password to enter.
A simple script pasted into our websites code which is only triggered by UK visitors is all that it would require for webmasters.

I mean even non UK based websites, do you want to risk losing a lot of your customers?
My stats line up quite closely with MKs, The UK is the second biggest market for WAM after the US.

Leon is right, if I can't mash the button once and get to the pron, I'm definitely going straight to Corn Chub.

I like Leon's idea, but I see two potential issues.

1. How will the UMD verify who's over 18? I'm not clear on how AgeID is planning to do it, but I'd imagine that it involves cross-referencing with other official documents, e.g. a passport or driving licence. That would create extra issues for MM, to avoid any data protection breaches.

2. What happens if the UMD says "Yes, this person is over 18", so MostWAM lets them into the site, then it turns out that the person is under 18. Who's liable for prosecution?

I don't think anywhere states that we have to keep people's personal information, just that we need to varify ages. Once varified, information could be deleted.
I also don't think people will be prosecuted if someone gets around the system, as far as I can see, we must just do our best to varify.

The whole thing is really, really unclear.
There are no terms and conditions or even any proper reference to what media would be effected.

As for how to varify, Credit Card? We'd have watch how others do it?

I gather the expectation is to verify people by getting them to enter credit card details which are then checked against the banks but without a payment being taken, or perhaps a token payment (ISTR at one point you had to transfer a penny, or was it a a pound, from your bank to PayPal and back again to prove you owned the account?). This is based on the laws that people under 18 can't get credit cards, though prepaid cards kind of blow a hole in that.

The problem with using that method to verify people though is that the banks will charge for it, and if you're a site owner and get hit with a charge every time someone looks at your front page or sample images (which for most of us will be thousands of visitors for ever one who actually signs up) the verification charges will dwarf any income from sales.

I gather from news reports (not been able to find any actual details on MindGeek's site yet) that the MindGeek system (parent company of PornHub) will allow other site operators to use their system for free - the pay-off being they get all the data that people have to enter to register their verified email address in the first place. Knowing they'll amass a vast database - and because of their size, probably get a bulk transaction discount from the banks - they'll swallow the charges in exchange for building the world's biggest database of porn consumers. I'm sure I read somewhere that they have actually been lobbying governments everywhere to implement this kind of system on the basis of child protection, so don't assume it will start and stop in the UK - expect other governments to do the same before too much longer. "Think of the childruuunnnnn!" is a very potent way to get at politicians.

That would certainly be prudent. However, suppose that I hacked the age verification site (whether it's AgeID, UMD, or elsewhere) and told it to send a copy of the data to me as soon as it's uploaded (e.g. a scanned copy of the passport/credit card). Even if the people who actually run the site then delete their copy (after verification), it wouldn't help, because I've still got my copy.

There was a case recently involving Carphone Warehouse, who got fined £400,000 after their website was hacked:
https://ico.org.uk/action-weve-taken/enforcement/the-carphone-warehouse-ltd/
In particular, looking at page 22 of the report, they were considered to be at fault because they hadn't installed the latest security patches (rather than being an innocent victim of the hacker).

On a side note, this might also link into the recent controversy about Messy Jessie and Mike sharing an account. If you use a UMD account to verify someone's age, you'd need to be reasonably confident that the same person is actually visiting your website each time. So, as I said before, I'd recommend adding something to the T&C to ban account sharing. Presumably the account owner would then be liable for anyone else who used their credentials (including underage children), e.g. if they left their computer logged in.

I don't think this will be allowed as a valid method for the reasons you suggested. The guidance from Government is:


(full text here: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/673425/Guidance_from_the_Secretary_of_State_for_Digital__Culture__Media_and_Sport_to_the_Age-Verification_Regulator_for_Online_Pornography_-_January_2018.pdf)

They will probably use a service like gbg plc who offer an identity check system. These are already used for money laundering checks in the UK for banks and solicitors.

Basically 'Ageid' will collect name, address, age, telephone number and pass it electronically to gbg who will return 'match' or 'no match' plus the check reference. No data will actually be stored at either end (I guess other than login, password, whether an age check has been passed and the reference). Therefore if the site is hacked, they would then have to hack the ID checker (who will have extreme security) to marry up the two. This is why MindGeek are so confident about security.

Ageid will charge the site per user but this will be low because they will be buying checks in bulk from gbg (or whoever they choose) which is cheaper.

Sure a child could just type in their Parent's details (name, address, telephone number) but they would have to think about doing that rather than just accidently stumbling on something. But in UK Law, if someone acts illegally (and impersonation is) as long as you have done your bit to comply with the Law there is no comeback on you.

Here is the actual bill for those who can't sleep well... http://www.legislation.gov.uk/ukpga/2017/30/part/3/enacted

sneaked666: Thanks for that - I'd been looking for solid information but just finding ever more news reports about it. Does confirm what I was thinking about costs being involved though - it's not something MM can just code locally here, and needs a more detailed check than "you can't come in unless you are over 18" on the front page.

I know

But there is no way Mindgeek are getting a penny of my money, block them, that'll fix most issues.

Firstly: Leon, MM doesn't have to do a thing it's UK law not US. Therefore he has no responsibility.

Second: Are your sites housed in the US? If they are, then the law doesn't effect you as you're not trading from the UK, the fact that you live in the UK, but trade in US dollars and have your business housed abroad is non of the UK Gov's business, if they approach you as they did me, twice! Tell them to F*** ***!

Nobody can get any sense out of anybody within the Department of Media and Culture for AV (Age Verification.) I've spoken on numerous occasions to Myles Jackman who is an obscenity lawyer based in London. He's approached the Powers That Be on numerous occasions and has been stone walled every time.

The BBFC have been approached and invited to numerous meetings to give clarity on the matter, on every occasion they have declined. This is because nobody has any real idea of how they are going to do it! As Soundguy said, it's not what they expected, they thought it was going to be like rating an adult movie for a DVD?!?

From what we know it would work something like this. Someone's site gets flagged as it entertains adults.(This has mostly likely already taken place.) The BBFC get in touch, here's the first problem. The site owner might not be the domain name owner. Plus, the website host if based abroad doesn't need to comply... So they might not entertain the request.

So, how does the BBFC enforce something it cannot control? It can't! So, do the UK Gov blanket everything?!? Possibly... April 1st? (I doubt that will happen we're having enough problems keeping high street business afloat! Maplins, ToyRus!)

Even if MindGeek were given permission to put an AV on a site, unless the host agrees access they can't do anything. MG have jumped on board as they can smell money and have sensed the UK Gov doesn't know it's arse from it elbow. Which upset a few people when I said that at a meeting? Can't think why!

Third: We haven't got to this as nobody has given any guidelines out, why? See above. For the time being... #Theend!

Basically at this time they have no real way of enforcing it, the UK have created something they cannot control or oversee, you can tell this as they're out sourcing the responsibility, think Carillion! (UK builder that got in bed with the UK Gov and went bust just after Christmas 18!) So when it goes belly up they can walk away.

It's there responsibility, they need to get the BBFC to contact the site owners with guidelines, so far nobody has seen diddly squat!

Have a nice day

regards

Andy and the team.

First paragraph - The banks aren't THAT draconian anymore with the buck charge against the card thing. Also if the law implemented charged the websites trying to be accessed there would be MASSIVE blowback...like going to Iraq for WMDs that don't exist blowback... If the process has to go through a major card company's database, VISA for instance, they will know what is a gift card and what isn't. Visa will blowback hard against that too because they don't want all that extra work and charges because something over 60% of the ENTIRE internet is "porn" as classified by governments.
That said, non-store specific gift cards were among the absolute stupidest idea ever implemented. Card fraud has gone through the roof since then, because those cards in the right hands can be turned into "blanks" and then used in conjunction with skimmers to fraud your account.

Third paragraph, I think this is what you're looking for/thinking of DM1
http://www.dailymail.co.uk/news/article-5404171/Government-climbs-bed-porn-giant.html
I dunno, "think of the children" hasn't done SHIT for school shootings and laws here. I believe the congress' response was "Now isn't the time to talk about guns". But then, the US seems to care more about kids access to their definition of smut than them getting shot in the face...

A couple of things to remember:

All governments are composed of STUPID old people who are in the game for their own benefit. All of us who vote for them are considered "useful idiots", nothing more. Many of the laws passed in other countries are ILLEGAL to implement in the US and many other civilized countries. For example, the EU's taxes on internet transactions are flatly against US law, so Fuck Those Assholes. It's why I pulled out of the EU completely and will never operate systems there again.

This idiotic piece-of-shit legislation requires an undue amount of data collection/retention, which I am pretty sure is going to be declared unlawful by the EU. They have VERY strict laws about that sort of thing. I highly suspect that they too will be saying "Fuck Those Assholes" regarding the UK when this abomination fully kicks in.

Whether this stupidity takes hold elsewhere remains to be seen, but let me make one thing perfectly clear. PornHub is a money laundering front for eastern Europe and Russian mobs. That tells you everything you need to know about your elected officials who suggest dealing with them in any way. Remember that during the next election cycle and do everything you can to make sure your press/media picks it up and runs with it. All they have to do is talk to anyone in the business in Eastern Europe and follow the Mindgeek money trail thru all the acquisitions and take-overs back up to the top.

1. The UK is adopting the Europe wide Data Protection Act (GDPR) in May along with the rest of the EU Countries. Retaining data is not illegal (either in the UK or the EU) if you have given permission for it to be retained. Companies can keep data on an individual 'until such time as it is no longer required' and you have the right to ask for it to be deleted.
2. But, as I set out, it is unlikely they will retain any more than userid, password, email address and verification reference
3. The UK isn't going to be part of the EU at some point in the near future so even if data retention was illegal, it wouldn't actually matter what the EU thought.

I have been observing this piece of legislation via several sources, all of them wondering what and how this will be implemented.

The one piece of info. that may be most relevant to all download stores selling into the UK no matter where they are located. Assuming that people will circumvent the ISP blocks to view the websites and the overseas website owner will tell the UK regulator to "Go forth and multiply" when requested to implement age verification.

The government will need to take some action to force compliance. So the government has been talking with banks and credit card suppliers about blocking certain card transactions (ostensibly under money laundering regulations). So your UK customer may find his way to your store but when he makes a purchase, his UK based credit card supplier will decline the transaction. It doesn't need a very high tech system to draw up a list of website payment providers and then ban them.

Sorry I can not find the link to where I read this artical, but it was within the last 6 weeks and on one of the anti legislation websites.

Regards
Fred Gunn
Ex Messytease.com

This would defeat the whole principal of putting a blocking page on?!? At the meetings I've attended I've never once heard this. Was the website reputable?

Andy the team.

Hello Andy,
I think I found this article via Pandora Blakes blog, which linked to an article by the openrights.org group and then on to another website. But I just cannot find the link back to it now, I think the memory is going due to old age.
The implication was that it would be the weapon of last resort against foriegn websites who refuse to implement age verification. It did not mention it's use against UK websites.

I will keep searching to find the bloody article.

Regards
Fred Gunn

Then MM has already solved the problem for all stores hosted on his system.....i.e. UK customers will not need to use their credit cards to purchase wam products because the UMD is already set up to allow customers to use PAYPAL via UMD's relationship with Epoch processing.

So....if you are in the UK and want to purchase a wam product in a UMD store, just use Paypal and not a credit card. If you have a UK wam business that is not hosted on the UMD system, then offer your customers alternate payment systems like Bitcoin that do not need a credit card.

Correction to my previous statement viz the new UK new law where I said "Buy stock in VPN companies"....amend that to "buy stock in Paypal" instead because this new law will be great for increasing Paypal's business.

Incidentally, you must be 18 years old in order to open a Paypal account....so why is this new law necessary at all. If you have a Paypal account then defacto Paypal assume responsibility for age verification anyway.

Personally I think the UK should sync their new law with the laws regarding tatoos....i.e. you need to be 18 to have a tatoo....so just plant one on your arse and then every time the UK asks for age verification just send them a scan of your backside......just kidding.

MK

https://www.gov.uk/government/news/bbfc-proposed-to-enforce-age-verification-of-online-pornography

Above is the OFFICIAL stance from the UK GOV.

Read it careful and it explains what I said, the BBFC will contact the site owners with guidance if your not correct under UK law. So, until they get in touch DO NOTHING!
As that's what those have passed the bill are asking us to do... #TheEnd for now!

Unless of you want to go believing some odd website that could be run by anybody?!? Who could of course be faking their entire piece, but that's up to you.


regards

Andy and team.

This article says

"A 2016 report by the NSPCC found that nearly two thirds (65%) of 15-16 year olds and just under half (48%) of 11-16 year olds had viewed online pornography. Over a quarter (28%) of 11-12 year olds had seen pornography on the internet. It also found that children were just as likely to stumble across pornography (28%) as to search for it deliberately (19%)."

And where do they get that porn from...not from Paysites, but from free sites like Google and Twitter.

The UK's new law seems to be directed towards websites who are selling pornography only, while completely ignoring the 2 biggest sources of FREE pornography....i.e. Twitter and Google. Any kid knows how to use a browser and all you have to do is type the word "nude" into Google images and you can find millions of hardcore pornography pics all for free. So why is the UK obsessed with pay sites who use credit cards while totally ignoring the free media porn-infested worlds of Twitter and the Google search engine.

If they were really serious about preventing children from having access to porn then they should require all citizens in the UK to register for national ID card or plant a chip in their bodies at birth, and then require all computers sold in the UK to be equipped with a finger print or retinal scanning system before they can launch a browser on their pc.

Welcome to the world of Totalitarianism.

Meanwhile continue to do nothing to combat terrorism and let terrorists indoctrinate children and teach them how to build bombs....because that subject is uncensored on the internet. So it is OK for kids to learn how to build bombs but lord fobid they should happen to see a few boobies.

Sorry, but you're looking at this the wrong way.

Yes, correct, no site anywhere (not even ones hosted in the UK) actually has to do anything. But any site, regardless of where it's hosted, if it is a) deemed to require adult verification and b) doesn't implement it, will be blocked by all UK ISPs. The UK already has an internet filter, it's called CleanFeed and is operated by BT and made available to all ISPs using a block list created by the Internet Watch Foundation, which blocks child abuse images. On top of that there's the court-ordered blocking of major pirate content sites like ThePirateBay, which is I think operated the same way. This new list of non-compliant adult websites simply gets added to that existing infrastructure. And once live, any site, regardless of where in the world is is hosted, that doesn't comply, gets blocked by all major UK ISPs.

Using alternative nameservers will not get round this because it's implemented by dedicated traffic-filtering devices that all the ISP's traffic passes through, these are the same systems that do things like traffic prioritisation (less bandwidth for P2P and torrents, more for VoIP with defined QoS, etc). They do deep level packet inspection and can block individual URLs all the way down to single file level. Cisco make dedicated kit for this market, they're called "Service Control Engines" or SCEs for short.

So how does this affect us in the WAM world?

From reading the second link you posted it appears those of us producing fully clothed content only can relax - that press release regarding the BBFC only mentions pornography, and while the enabling legislation does include "anything where the primary purpose is arousal" it looks as if thus far all they care about is nude and sex stuff.

BUT! Anyone who has a download store on the UMD (whether fully clothed or not) has to consider that the UMD itself almost certainly will end up on the banned list if it doesn't have AV for visitors from the UK. Doesn't matter that it's run and hosted in the USA, umd.net gets added to the block list and all of a sudden no-one in the UK using Virgin Media or BT Internet or any of the other big commercial ISPs can access the site or any of it's stores. Which wouldn't be a problem if the UK was some tiny 1% player in WAM but from what MK has posted (and my own stats back this up) we're 40% of the global market. A 40% drop in income is going to hit hard.

Important points: 1. It doesn't matter where in the world a site is hosted. If it's on the block list, no-one in the UK (unless using a VPN) can see it. 2. It also doesn't matter if a site is hosted in the UK - it won't be closed or taken down, and people from other countries will still be able to access it fine - but UK consumers won't. If 95% of its traffic is from overseas the operators probably won't care. If 50% of it is UK visitors, that's going to hurt.