I too have been here for years and really don't want to share personal details / photos with third parties, As I have purchased numerous videos using my credit card, is this not proof enough, that I am over eighteen?

I understand why it has to be done, but age verification is not for me.

The influence of America's conservative prudes is spreading around the world.

I will probably have to say goodbye to the remaining visible bits of this website when the time comes, just like I have had to bid farewell to the large number of UK media websites who try to monetise cookie rejection and adblocking.

Feel sorry for people like Rev who rely on video sales to put food on the table. Even if he only loses 5 to 10% of his customers, it's going to hit him hard.

Here's to the final few weeks of access to everything on the site.

Your secret identity is safe with me Carlos the Jackal...I mean Mr Philip Holland!

Going to be a no from me too. It's a bit sad as I've been around in some form or another in the internet messy scene since well before the UMD existed. I wonder if this will finally be the thing that moves UMD over from the central (and in some ways only), game in town for messy fetish stuff to other forums that don't revolve quite so much around production and sales, which because of the necessity of the credit card processors led to some of the more confusing rules here over the last few years. That wouldn't be a bad thing, afaic.

I love that the people trying to sell us on how safe this is focus on how UMD never gets your ID information. The age verification service knows your real life credentials and knows you asked to be verified on UMD. Having that information in one place is a liability. The argument that they'll be careful and won't get hacked is wishful thinking. Banks are careful and get hacked. Health insurance companies are careful and get hacked. Governments are careful and get hacked. The only sensible option is to not hand over pictures of yourself and scans of your government ID to some company.

Just use a VPN y'all.

I don't think any UMD user is trying to "frame" this as anything other than annoying. You were asking how this will stop children accessing the site and a couple of people have tried answering.

No one asked for this, and yes it's bullshit, but it's the law. Maybe it won't stop children viewing the site, it obviously won't stop paedophile priests, but it's something this site needs to have to operate in the UK. That's something I very much want to continue.

What would you rather? MM breaks the law or disregards over half of this site's user base just because you don't like the idea behind this law?

That is a good question, I'll flag your post for MM's attention so he can give a difinitive answer.

But I suspect it'll most likely be because the new laws require that everyone granted access to R and X material must have been age-verified by the new systems, with no exceptions for "had my account more than 18 years".

Out of curiosity I had ChatGPT analyse the requirements of the UK's Online Safety Act in this regard, and it states based on the actual legislation and Ofcom's documentation of it, that no, an account having existed for more than 18, 20, or 25 years does not comply with the act's requirements, anyone who can access adult material must be proved over-18 by one of the approved methods. I'm not going to post the whole chat as it's long - I first had the AI familiarise itself wih the Act and it's requirements related to adult content access, and then asked it the specific question about account ages (this is how you get the best from an AI, first "put it in the mindset" so it already has a non-biased view of the thing you're researching, and then ask the question). But it's summary was:


Note the OSA uses "age assurance" rather than "age verification" to refer to the new systems, as they are intended to assure that all accessing users are proved to be over-age.

I'd guess the various US and other country laws probably have similar requirements.

True, that was just meant as a quick look - proper detail would need to check everything required by all the individual US state ones at least (UMD being based in the US). But the Ofcom guidance (as the UK regulator charged with enforcing it) appears to rule out anything that doesn't include a "robust and dependable check" that positively identifies the current users as over 18. Given the anonymous nature of UMD accounts, I suspect account age would fail on that measure.

https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/age-assurance

But taking a wider view, this has all been inevitable for years, the original UK push was the result of a Daily Mail campaign way back when David Cameron was PM. The first attempts crashed and burned in Parliament but it was clear even then it was just a matter of time. The world is changing, fast. And as for privacy on line, that ship sailed years ago and isn't coming back.

Yes, but if UMD doesn't comply with the UK requirements then ultimately it gets blocked in the UK. Those of us tech-savvy will fairly easily get round that but lots of people won't, and the UK is fully a third of the global WAM marketplace, so losing UK access would have a big impact.

Then there are all the individual US state laws, which are all different - I'm sure MM will have looked into all of this in great detail.

And before everyone says "but VPNs" bear in mind there are politicians who want to extend proof of age requirements to VPN services. So that isn't a magic bullet, at best it buys a few years. They went after porn first because that's an easy target, very few if any people are going to stand up in public and defend the porn industry. But this is the begining, not the end. Gambling is probably next, and after that, who knows.

And just to be clear, I hate all of this and don't think it'll solve the "problem". But I'm also realistic enough to realise that opposing it is pointless, it's coming, whether we like it or not. MM is trying to do the best he can to implement what's legally needed without exposing a single byte more data than is required to make it compliant. And the privacy ship sailed long ago, so personally I'd no objection to verifying, given the number of companies and government agencies worldwide that already have my details from years of on-line purchases and international travel, one more makes no realistic difference. And now I can use Yoti to verify I'm over-18 on all other sites that accept it, without needing to do the ID check again, just the account on my phone is enough.

The part that's missing is what Yoti (or other age verification service) then does with the data once the age verification confirmation has been passed to UMD. From what I can gather from their terms and conditions (which I found to be opaque, so I could be wrong), the data is retained indefinitely. This is likely to be a prime target for hackers and I also cannot understand how this would be compliant with GDPR which requires data to be retained for only as long as is necessary. It is not even clear whether personal data could be retained after an account has been deleted, which makes it even worse.

In the past 12 months I have been the victim of data breaches at four different organisations: three blue chip companies (two well-known retailers and a premium car brand) and a trade union. The latter included leaking two types of special category data that potentially puts my personal safety at risk and the former resulted in me having to change my personal bank account and all my credit cards, involving significant inconvenience. Yet, it seems, I cannot sue any of these organisations unless there has been actual financial loss or a catastrophic level of psychological harm. All of these data breaches have occurred at well-known organisations that should have known better, yet now I'm expected to supply my personal data to age verification companies I've never heard of and have somewhat mixed reviews.

Quick response: As I said, I flagged this to MM, and he's said he'll reply to everyone's points in a few days (he's letting questions accumulate so can answer them all in one go), but also said I can share this bit: This is because a site's internal dating of user profiles means absolutely nothing to the law--site operator could just fudge that and lie. If things go wrong, the site will need to prove that the user was verified through an outside 3rd party service that has some systemic ability to actually check ID.

TBH I should have thought of that myself, but basically anyone with database access (here, that's MM, on a bigger site, anyone with root access to the SQL server) can just type "update users set date_signup='1895-10-31' where username='MasterSplosher23'" and all of a sudden our theoretical user signed up in the 19th century and is now at least 140 years old, even though in fact they joined yesterday on their 18th birthday. So basically that data has no legal standing, and neither does the user number as that could also be reset or changed to one from a long-deleted user if an operator wanted to do so. Hence why everyone, even those of us here since the start, have to age-verify.

This site is hosted in the states and should not be bound by UK Law. I am interested in how the UK would prevent the UMD from operating. How would the UK do anything about the site without MM agreeing to. The UK just like the US have no means to prevent its citizens from accessing this site. There is no governance in place for this.

Read the thread again, starting at the top with MM's big post and going down, paying particular attention to DungeonMasterOne's replies. If your questions haven't been answered, maybe you could could Google them?

If you're in a jurisdiction that doesn't require age verification then you don't need to do anything.

This entire site is MM's own personal work. No dev team, no managers. It's literally one of the very last of the independents from the days when anyone with a good idea and some coding skills could build and run their own Internet business and website. It's a truly amazing piece of work, and yes, all one person's doing.


You're talking about huge corporate environments with large teams of developers and DBAs and sysadmins. This place isn't like that. It's one man's lifetimes work.


Very simple. Ofcom orders all UK ISPs to block their users from accessing the site. Said ISPs block the domain and null-route the IP address(es). Any ISP that refuses to comply is breaking the law, and can be prosecuted.


It doesn't require governance, it just requires technical measures - the same ones that are already deployed by ISPs on behalf of the Internet Watch Foundation to block access to known CSAM material anywhere in the world from being accessed in the UK.

Hay DM 1 what do you know about the laws in Canada? Any yes this can all be avoided by using a VPN set to a country with no laws, can't be 100% sure but should work.

Phil

It's very clear that not everyone is as defeatist as you are. Plenty of people are not willing to roll over to the whims of big tech, especially when it is as risky as this. Just because you've given up doesn't mean this is inevitable. The metaverse was "inevitable" but nobody ever used it.

I am an ageing technophobe in the UK with no smart phone or VPN
So, can UMD recommend a reliable trustworthy VPN if that is able to avoid this hassle?

I have used Proton VPN for 5 plus years, it works well, throughput is good, so very little overhead and you can set it to any country/location of your choice. I use it on Linux, but is just as good on Windows 10 and OSX

Phil

Hey again! I'm happy that this thread didn't fall apart People mostly seem to understand the reasons why we have to do age verification, though we're all completely justified to be cynical about their effectiveness or the motives behind them. The concerns about hacking and irresponsible data handling are extremely valid, but new regulations are coming at us from every angle worldwide and noncompliance can mean getting fined, shut down, or blocked right at the ISP level.

We all need to get better at writing our representatives and showing up to vote for more sensible laws, but meanwhile these laws do have teeth as explained by DM1 and others. We can't ignore them just because we disagree with them, and throwing our hands up in despair doesn't accomplish much. It makes sense to focus our energy on what we can actually do to stay legal while maintaining as much independence as possible.

Based on recent questions and comments I've been getting, I've been updating our User Verification FAQ. Here is some of the info I've added:


Having an older account at this site unfortunately cannot exclude you from the age verification requirement. That's because a site's internal record of the user's signup date or account age has no legal bearing; The site must be able to prove that it got the confirmation from a separate age verification service that has the ability to check photo ID.


Having made a purchase on our stores using a credit card doesn't qualify as age verification. Intuitive as that might be, governments at large only recognize photo ID as valid proof of age. Also, billing companies are set up to process sales, not to function as age verification systems or to explicitly communicate age status via API.


Age verification is not identify verification, so it is not used try to determine a person's actual identity beyond proving they are of legal age, which is all the law requires. For this reason, we can rely on the verification service's determination that the visitor is of age without us needing to know any of their personal information.


You can use Veriff with just a computer or an older cell phone, just as long as you have a way to snap a photo of your ID and your face.


I'll stay agnostic about how people connect to the site, as compliance is based on point of access, not intent. But I do need to be careful about hosting guidance right on this site about how to bypass your local laws. So going forward, please don't make posts explaining how to use a VPN in the context of getting around age verification blocks.

About the level of blocking: I have published a list of countries and U.S. states that require age verification, but I didn't publish which would get partial blocking vs. full blocking. The laws on this are so vague that for now I'm only going to implement partial/granular blocking where any blocking is required. I will turn on full-page blocking for an area if I become aware of a law that makes it clear that it's required there. For now, nobody will experience full-page blocking.

I appreciate the folks who are truly helping to bring more signal to the noise instead of just FUD. Navigating through this stuff isn't acquiescence or defeatist, and it's not "rolling over." We will resist in every way that we can while staying legal in every way required.

so each of our pics now needs to be marked R, or X? thats gonna be tough to get through each pic, what happens if not marked, does the album rating take precedent or will the website delete pics if not marked?
is it ok to just mark X rated on each pic that is obvioulsy X rated?

do i need to reg my age separate from being verified if living in CA?

Some excellent questions here


If you have a ton of pics that need to be gone through, let me know and I can help. I can go through them myself and help mark them manually, and I have some other tricks up my sleeve too.


I actually neglected to mention that if the gallery or forum pics aren't labeled, they'll infer their labels from the album or post. So if the nature of the pics matches the album or forum's labeling, there would be no need to mark the images individually. I'll try to be more clear about that that for now on.

I should also clarify that instead of saying "tags" I'm using "labels" to refer to things such as gender, explicit, synthetic, and off-topic.


Yes. The x-rated tag is for any masturbation, sex, oral, etc.


No. For now, California isn't a state that is requiring age verification.

Thank you for your long responses and updates to the FAQ MM. I also understand the need to stay neutral with the VPN talk as things evolve with the folks pushing this legislation, there is a chance that taking an opinion on it will get you in trouble.

For folks who are not tech savvy there are a lot of YouTube content creators out there that cover a lot of IT related topics that have come up on this site from time to time, things like latency connecting to the site. Some of those content creators are sponsored by companies that you might get benefit from. I would look for content creators that have over 100k followers and at least 80% of that in views on their videos before trusting their advice.

This. As numerous people have already mentioned, the best data security in the world doesn't seem to have stopped hackers from successfully breaching it and stealing data. The added incentive of being able to blackmail millions of people will surely make these services the number one target for hackers. And unlike a bank or car company, you can bet people would be far more reluctant to take action because it might 'out' them.

Whilst it seems hard to defend stopping minors from seeing p0rn and violence, you might want to consider that these laws also result in the blanket blocking of non-sexual webpages because they are deemed related to such things, for example to offer advice and counselling to questioning LGBT and other vulnerable young people.

Something that doesn't seem to get talked about it who owns and controls the data verification companies and what happens when inevitably they get sold or taken over. Also I can't believe that some of them aren't owned by big tech or finance and lobbied governments to enact this legislation in the first place for profit. If the AV services used on this site are free for us to use, what is their business model? Are the site owners paying them? Government? Are there loopholes which allow them to sell our data?