digitalscream

I wouldn't be so sure of that - the OSA appears to require sites to proactively prevent such content being posted, not just respond to user reports of potentially-illegal content. And, if you make a determination that something's fine when somebody in Ofcom decides differently - eg when a disgruntled ex-member inevitably reports it - the fine is 10% of global revenue or £18 million, whichever is greater. There's also the age-gating requirement, which isn't 100% clear at the moment, but will likely require the use of identity-verification services. Worse than that, you can actually be held in violation of the OSA for over-moderating too - you have to have an appeals process, and if too many appeals are successful you can also be fined because this is such an ass-backwards law. The law doesn't really provide definitions; those are yet to be published by Ofcom, but can also be changed by Ofcom at any point without any involvement from Parliament, so you have to keep an eye on Ofcom constantly. Oh, and there's fees too - which aren't yet published, but they're to cover the cost of enforcement (as if the fines don't do that already), and aren't necessarily related to revenue. EDIT: No, apparently the fees will just be for the largest sites, so at least that's something. Incidentally, it doesn't just apply to current content; it applies to all historical content too, so you're going to need to find a way to scan every post on the site and document the results. The kicker, after all of this, is that it includes private messages too. Proactive moderation of PMs means, basically, that they're no longer private. It's vastly more onerous than just knocking up risk assessment documentation. When this was going through Parliament, I put all these concerns to my MP at the time - his response was a variation on "If you have nothing to hide, you have nothing to fear".

@peponbass - the pattern you described is very common. They tend to join the forum, then blast out 20-100 PMs to people for all of the recent WTB threads they can find, all copy-paste about their "friend" who has one. Then comes the external contact details (so it can't be traced by the forum admins), then the wifes/brothers/sisters payment details in a different currency...and then you're ghosted. I must've caught 30 of those scammers in the last 12 months alone. An interesting thing they tend not to consider - if you get them to reply to an email of yours, the email headers will usually include their actual IP address (they tend not to use commercial webmail services). You can then use a tool like https://www.ipqualityscore.com/vpn-ip-address-check to find out exactly where they are (and it'll never match where they say they are).

Not a problem - I'm a big fan of transparency, and warning others in the community is definitely a good thing (it could happen anywhere). Cheers, but...honestly, it seemed like the only bit that I could reasonably control! It's increased admin workload a bit, but it hasn't become particularly problematic (yet).

Just spotted this - I'm the unfortunate schmuck who runs thefretboard, and this particular set of scams (there were more than one) came down to accounts compromised through two vectors: one was a man-in-the-middle attack, and the other was simple password reuse from other sites that have been breached. The scammer would compromise an existing user account with good reputation, change the email address and then get scamming...thus bypassing all the in-community protections. Given that enforcing MFA would destroy the site's traffic, and forcing everybody to change their passwords would be...unpopular...the simple solution was to prevent users changing their email addresses (they have to come through admin requests now) until I can finish rewriting the forum software to actually not be junk. Just on this other point... There's a very good reason, and we had one scammer in the early days who took loads of people for a total of thousands - he'd do it across guitar forums, photography forums, even a Jack Daniels enthusiast forum. The point is that Action Fraud don't care unless there's a pattern of high-value crimes; even when presented with all the evidence they need to make an open-and-shut case, they won't touch it when the value's that low. His approach was depressingly simple...he'd just sell the same thing over and over again, and post an empty envelope via Royal Mail Signed For to another address on the same street. Because they only tracked stuff by postcode in those days, he could "prove" that it was signed for, but the buyer would never know that there was nothing sent and RM would back up his story.

Guitarist from Mr Dangerous' band here...and yes, Douglas would be vastly preferable for me, at least. Particularly since my dad [i]is[/i] actually a member on here (GregBass). Thanks for the feedback - as he said, this is our first effort, so we're still feeling our way around the process of recording. Apart from anything, a big part of it was that we wanted to record an album within our first year and prove to ourselves that we could do it without studio assistance (apart from the mixing and mastering, because those are skills we just don't have between us at a pro level). This may or may not come as a surprise to you, but the guitars, bass and vocals were all done with an Eleven Rack. Oh, and yes - [i]everything[/i] is a little bit faster live. We get too excited