Internet News

Ofcom has investigations into two pornographic services - Itai Tech Ltd and Score Internet Group LLC - under our age assurance enforcement programme.

Under the Online Safety Act, online services must ensure children cannot access pornographic content on their sites. In January, we wrote to online services that display or publish their own pornographic content to explain that the requirements for them to have highly effective age checks in place to protect children had come into force. We requested details of services' plans for complying, along with an implementation timeline and a named point of contact.

Encouragingly, many services confirmed that they are implementing, or have plans to implement, age assurance on around 1,300 sites. A small number of services chose to block UK users from accessing their sites, rather than putting age checks in place.

Certain services failed to respond to our request and have not taken any steps to implement highly effective age assurance to protect children from pornography.

We are today opening investigations into Itai Tech Ltd - a service which runs the nudification site Undress.cc - and Score Internet Group LLC, which runs the site Scoreland.com. Both sites appear to have no highly effective age assurance in place and are potentially in breach of the Online Safety Act and their duties to protect children from pornography. Next steps

We will provide an update on both investigations on our website in due course, along with details of any further investigations launched under this enforcement programme

Encrypted chat apps like Signal and WhatsApp are one of the best ways to keep your digital conversations as private as possible. But if you're not careful with how those conversations are backed up, you can accidentally undermine your privacy.

When a conversation is properly encrypted end-to-end, it means that the contents of those messages are only viewable by the sender and the recipient. The organization that runs the messaging platform--such as Meta or Signal--does not have access to the contents of the messages. But it does have access to some metadata , like the who, where, and when of a message. Companies have different retention policies around whether they hold onto that information after the message is sent.

What happens after the messages are sent and received is entirely up to the sender and receiver. If youre having a conversation with someone, you may choose to screenshot that conversation and save that screenshot to your computers desktop or phones camera roll. You might choose to back up your chat history, either to your personal computer or maybe even to cloud storage (services like Google Drive or iCloud, or to servers run by the application developer).

Those backups do not necessarily have the same type of encryption protections as the chats themselves, and may make those conversations--which were sent with strong, privacy-protecting end-to-end encryption--available to read by whoever runs the cloud storage platform youre backing up to, which also means they could hand them at the request of law enforcement.

With that in mind, lets take a look at how several of the most popular chat apps handle backups, and what options you may have to strengthen the security of those backups.

How Signal Handles Backups

The official Signal app doesnt offer any way to back up your messages to a cloud server (some alternate versions of the app may provide this, but we recommend you avoid those, as there dont exist any alternatives with the same level of security as the official app). Even if you use a device backup, like Apples iCloud backup, the contents of Signal messages are not included in those .

Instead, Signal supports a manual backup and restore option. Basically, messages are not backed up to any cloud storage, and Signal cannot access them, so the only way to transfer messages from one device to another is manually through a process that Signal details here . If you lose your phone or it breaks, you will likely not be able to transfer your messages.

How WhatsApp Handles Backups

WhatsApp can optionally back up the contents of chats to either a Google Account on Android, or iCloud on iPhone, and you have a choice to back up with or without end-to-end encryption. Here are directions for enabling end-to-end encryption in those backups. When you do so, youll need to create a password or save a 64-digit key.

How Apples iMessages Handles Backups

Communication between people with Apple devices using Apples iMessage (blue bubbles in the Messages app), are end-to-end encrypted, but the backups of those conversations are not end-to-end encrypted by default. This is a loophole we've routinely demanded Apple close.

The good news is that with the release of the Advanced Data Protection feature , you can optionally turn on end-to-end encryption for almost everything stored in iCloud, including those backups (unless youre in the U.K., where Apple is currently arguing with the government over demands to access data in the cloud, and has pulled the feature for U.K. users).

How Google Messages Handles Backups

Similar to Apple iMessages, Google Messages conversations are end-to-end encrypted only with other Google Messages users (youll know its enabled when theres a small lock icon next to the send button in a chat).

You can optionally back up Google Messages to a Google Account, and as long as you have a passcode or lock screen password, the backup of the text of those conversations is end-to-end encrypted. A feature to turn on end-to-end encrypted backups directly in the Google Messages app, similar to how WhatsApp handles it, was spotted in beta last year but hasnt been officially announced or released.

Everyone in the Group Chat Needs to Get Encrypted

Note that even if you take the extra step to turn on end-to-end encryption, everyone else you converse with would have to do the same to protect their own backups. If you have particularly sensitive conversations on apps like WhatsApp or Apple Messages, where those encrypted backups are an option but not the default, you may want to ask those participants to either not back up their chats at all, or turn on end-to-end encrypted backups. Ask Yourself: Do I Need Backups Of These Conversations?

Of course, theres a reason people want to back up their conversations. Maybe you want to keep a record of the first time you messaged your partner, or want to be able to look back on chats with friends and family. There should not be a privacy trade-off for those who want to save those conversations, but unfortunately you do need to weigh whether or not its worth saving your chats with the potential of them being exposed in your security plan .

But also its worth considering that we dont typically need every conversation we have stored forever. Many chat apps, including WhatsApp and Signal , offer some form of disappearing messages, which is a way to delete messages after a certain amount of time. This gets a little tricky with backups in WhatsApp. If you create a backup before a message disappears, itll be included in the backup, but deleted when you restore later. Those messages will remain there until you back up again, which may be the next day, or may not be many days, if you dont connect to Wi-Fi.

You can change these disappearing messaging settings on a per-conversation basis. That means you can choose to set the meme-friendly group chat with your friends to delete after a week, but retain the messages with your kids forever. Google Messages and Apple Messages dont offer any such feature--but they should, because its a simple way to protect our conversations that gives more control over to the people using the app.

End-to-end encrypted chat apps are a wonderful tool for communicating safely and privately, but backups are always going to be a contentious part of how they work. Signals approach of not offering cloud storage for backups at all is useful for those who need that level of privacy, but is not going to work for everyones needs. Better defaults and end-to-end encrypted backups as the only option when cloud storage is offered would be a step forward, and a much easier solution than going through and asking every one of your contacts how or if they back up their chats.

The Children's Commissioner, Rachel de Souza, is calling on the government to introduce a total ban on apps that use Artificial Intelligence (AI) to generate sexually explicit deepfake images of children and real adult people.

Dame Rachel de Souza's new report exposes how Generative Artificial Intelligence (GenAI) is being misused to create sexually explicit deepfake images of real people, and the alarming effect these nudification tools are already having on children's safety, wellbeing and participation online.

Despite being relatively new technology, GenAI -- which is often free to use and widely available -- has supercharged the growth of these tools. While it is illegal to create or share a sexually explicit image of a child, the technology enabling them remains legal -- and it is no longer confined to corners of the dark web but now accessible through large social media platforms and search engines.

Children's Commissioner Dame Rachel de Souza said:

• In our lifetime, we have seen the rise and power of Artificial Intelligence -- once the stuff of science fiction -- to shape the way we learn, connect and experience the world. It has enormous potential to enhance our lives, but in the wrong hands it also brings alarming risks to children's safety online.

• Children have told me they are frightened by the very idea of this technology even being available, let alone used. They fear that anyone -- a stranger, a classmate, or even a friend -- could use a smartphone as a way of manipulating them by creating a naked image using these bespoke apps.

• Girls have told me they now actively avoid posting images or engaging online to reduce the risk of being targeted by this technology -- we cannot allow sit back and allow these bespoke AI apps to have such a dangerous hold over children's lives.

• The online world is revolutionary and quickly evolving, but there is no positive reason for these particular apps to exist. They have no place in our society. Tools using deepfake technology to create naked images of children should not be legal and I'm calling on the government to take decisive action to ban them, instead of allowing them to go unchecked with extreme real-world consequences.

Speaking to children about this emerging technology, the Commissioner's new report published today, 28th April, analyses the threat of nudification technology, assessing its use online and the impact on children. In focus groups, children told the Commissioner about their biggest concerns:

• The high risk of harm to children: AI that generates naked or other sexually explicit deepfake images disproportionately targets girls and young women, and many tools appear only work on female bodies -- contributing to a culture of misogyny both online and offline.

• Easy access to harmful tools: These AI tools are widely available via mainstream platforms, including the biggest search engines and app stores, with GenAI making the creation of harmful content easier and cheaper than ever.

• Change in girls' online participation: Girls spoke about taking preventative steps to keep themselves safe from becoming victims of nudification tools by limiting their online participation -- in the same way that girls often take steps to protect themselves in real life, such as not walking home alone.

• Demand for action from children: Young people want action taken to tackle the misuse of AI tools. Some children even questioned the purpose of these technologies which are so often used to harm: Even before any controversy206 I could already tell it was gonna be a technological wonder that's going to be abused. -- Girl, 16

The Children's Commissioner is calling for urgent action, including:

• Banning bespoke nudification apps that enable users to generate sexually explicit images of real people;

• Creating specific legal responsibilities for developers of GenAI tools to identify and address the risks their products pose and to mitigate the risks to children;

• Establishing effective systems to remove sexually explicit deepfake images of children from the internet.

• Recognising deepfake sexual abuse as a form of violence against women and girls and taking it seriously in law and policy. 

The US right leaning forum website GAB has blocked internet users located in Britain. UK users can now only see a landing page explaining that UK internet censorship laws are unacceptable to the free speech loving forum. The website explains its actions as follows:

ATTENTION: UK Visitor Detected

The following notice applies specifically to users accessing from the United Kingdom.

Access Restricted by Provider

After receiving yet another demand from the UK's speech police, Ofcom, Gab has made the decision to block the entire United Kingdom from accessing our website.

This latest email from Ofcom ordered us to disclose information about our users and operations. We know where this leads: compelled censorship and British citizens thrown in jail for hate speech. We refuse to comply with this tyranny.

Gab is an American company with zero presence in the UK. Ofcom's demands have no legal force here. To enforce anything in the United States, they'd need to go through a Mutual Legal Assistance Treaty request or letters rogatory. No U.S. court is going to enforce a foreign censorship regime. The First Amendment forbids it.

Ofcom will likely try to make an example of us anyway. That's because the UK's Online Safety Act isn't about protecting children. It's about suppressing dissent.

They're welcome to try. The idea that a British regulator can pressure a U.S. company that's IP-blocking the entire UK is as farcical as it is futile. If anything, it proves our point: censorship doesn't work. It only reveals the truth about the censors.

We proudly join platforms like Bitchute in boycotting the United Kingdom. American companies should follow suit. The power of the UK's parliament ends where the First Amendment begins.

The only way to vote against the tyranny of the UK's present regime is to walk away from it, refuse to comply, and take refuge under the impervious shelter of the First Amendment.

The UK's rulers want their people kept in the dark. Let them see how long the public tolerates it as their Internet vanishes, one website at a time.

 

Update: Ofcom responds

23rd April 2025. See article from ofcom.org.uk

The Online Safety Act introduces new rules for providers of online user-to-user, search and pornography services, to help keep people in the UK safe from content which is illegal in the UK, and to protect children from the most harmful content such as pornography, suicide and self-harm material.

Wherever in the world a service is based, if it has links to the UK, it now has duties to protect UK users. This includes having a significant number of UK users, or that the UK is a target market. These rules will also apply to services that are capable of being used by individuals in the UK and which pose a material risk of significant harm to them.

The Act only requires that services take action to protect users based in the UK -- it does not require them to take action in relation to users based anywhere else in the world.

Ofcom believes its flexible approach to risk assessment and mitigation allows all services to take appropriate and proportionate steps to protect UK users from illegal content. Some services might seek to prevent users in the UK from accessing their sites or parts of their sites, instead of complying with the Act's requirements to protect UK users. That is their choice.

If a service restricts UK users' access, that action would need to be effective in order for the service to fall out of scope of the Act. The key test remains whether the service has links to the UK. This will depend on the specific circumstances (including whether it is still targeting UK users, for example, by promoting ways of evading access restrictions). Ofcom would assess whether a service is in scope on a case-by-case basis and, where the Act applies, would consider the service's compliance with the law and, where necessary, use our investigation and enforcement powers.

We recognise the breadth and complexity of the online safety rules and that there is a diverse range of services in scope.

New regulation can create uncertainty and navigating the requirements can be challenging. Ofcom is committed to working with providers to help them comply with the Online Safety Act and protect their users. We have therefore developed a range of tools and resources to make it easier for them to understand -- and comply with -- their obligations. We also recently published a guide to help small services navigate the Online Safety Act.