UK OSA: Already More Harm than Good

As I wrote about when the UK's Online Safety Act (OSA) first lurched into effect, this legislation was a disaster waiting to happen. Well, the wait is over. The BBC recently published a major report on a data breach at Discord, where a third-party service used for age verification was hacked. As expected, the government-issued ID photos and personal data of over 70,000 users were exposed.

To the surprise of absolutely no one with a functioning brain stem, this wasn't an isolated case. It was just the largest so far. A few months before the Discord news, a dating advice app called 'Tea' suffered a similar fate, leaking around 72,000 images, including 13,000 verification selfies and photo IDs.

Let's talk about the Discord incident, because it perfectly illustrates the sheer, galaxy-brain genius behind the OSA. The UK government, in its sausage roll-sized wisdom, decided that the best way to make the web "safer for the children" was to force citizens to hand over their passports and driver's licenses to a patchwork of American tech companies and their even less secure third-party vendors who couldn't give a toss about your data security. Yes, let's create a massive, centralised trove of unchangeable private information, data with immense monetary value and the potential for life-ruining consequences, and just leave it in a big pile. In an age where cybercrime is a booming, profitable industry, what could possibly go wrong? It's for the children!

This level of thinking is so unfathomably stupid and completely out of touch that it can't possibly be just about incompetence. It serves no purpose other than allowing the government to wave its virtue-signalling flag, all while hiding a far more disgusting agenda of surveillance and control. It's not like they weren't warned. The vast majority of security and tech experts screamed from the rooftops that these data "honeypots" were an irresistible target for hackers. The UK government heard these educated facts and opinions and deliberately chose to ignore them.

And it gets worse. Buried in the Act is a 'spy in your pocket' clause that gives the government power to force apps like WhatsApp and Signal to scan our private, encrypted messages. The tech giants have been clear: they will pull their services from the UK before they break encryption for the entire world. So, the government's master plan for 'safety' is to either read all our private chats or leave us without secure messaging apps altogether.

This isn't the only way the OSA is actively harming the UK's internet, either. The geoblocking is getting real. Personally, I was visiting an indie news site from the EU to look up an article the other day and was immediately met with a "Sorry, you have been blocked" message. Sure enough, I fired up a VPN, like many other Brits have to now (Alexa, play the NordVPN sponsorship spiel!), and a quick look around their site explained exactly why they'd blocked the entire UK. They have a few articles with NSFW images, not even nudity, mind you, and as a small site, they couldn't waste their limited resources trying to accommodate the OSA's stupidity.