A follow up to The Ofcom Files.
Some notes on Ofcom’s strategy to date.
As many of you know, I represent the U.S. website 4chan, pro bono, in its U.S. federal lawsuit against the UK’s communications regulator, Ofcom, together with my co-counsel Ron Coleman. The suit seeks to defend 4chan from the UK’s attempts to censor that website using the UK’s new Internet censorship law, the Online Safety Act.
What some of you may not know is that I have personally committed to defend, pro bono, any U.S. website which operates lawfully in the United States – no matter how large or small – against the UK’s attempts to infringe on the First Amendment.
And indeed, I am currently representing every single U.S. social-media enforcement target of the UK Online Safety Act, again pro bono, without exception. I will continue to do so until the Online Safety Act’s capacity to harm American citizens is destroyed, by America enacting a shield law.
This means, necessarily, taking on some of the most controversial sites on the web as one’s clients. One such client, a social media forum called “Sanctioned Suicide” or “SaSu,” has long been a target for Ofcom’s ire because of the subject matter that the site hosts – principally, it is a mental health webforum where suicidal people are allowed to discuss the most taboo subject of all taboo subjects, suicide itself, and how they plan to go about it.
To say that this site’s subject matter is controversial is an understatement. As a Catholic, I freely admit I struggled at first with representing the site. SaSu, 4chan, Gab, and Kiwi Farms – the complete list of Ofcom’s U.S. enforcement targets to date – are some of the most unsympathetic websites in the world, from a political point of view.
But they’re not violating U.S. law.
Ultimately, in these United States, even suicidal people have the right to freedom of speech and association. Every American is entitled to a defense against any attempt to take those rights away.
Ofcom’s target selection was, in my view, part of a deliberate strategy to influence American behavior: pick the most radioactive free speech targets in the world, isolate them in confidential proceedings, punish them, and publicly shame them by claiming (in America, utterly toothless) fine notices or blocking orders as a “win,” then parade those “wins” in front of the rest of America’s tech industry to frighten the rest of our country into compliance.
The only way to counter that strategy is to deny Ofcom a clean precedent and ensure that any “orders” they give to Americans are visibly and publicly refused – and therefore are, politically speaking, extremely costly. We achieve this by ensuring that no target goes without competent counsel, every target knows what Ofcom is trying to do, and every case will be fought like hell, in as public a fashion as possible. As Justice Brandeis said, “sunlight is the best disinfectant.”
The victory condition of the U.S. pushback against Ofcom is the successful defense of the First Amendment – all of the First Amendment. If we concede even a scintilla of our constitutional rights, we fail. If we let any target fight alone, we fail. If we let Ofcom notch up any wins in secret where it cannot be subject to U.S. government scrutiny, we fail. If any censorship demand gets through our border unchallenged, we fail.
That means we defend every site, however small or controversial it may be, from any and all foreign attempts to infringe on their constitutional rights. It means not giving up so much as an inch of ground without a major fight, if those are the instructions. It means we must not ever lose.
We do this because the defense of any American is the defense of us all.
The story of Ofcom v SaSu
SaSu is a tiny forum which didn’t have much of an appetite for a fight. Accordingly, when Ofcom came calling at the end of February, SaSu more or less immediately IP blocked the entire UK in hopes of avoiding enforcement action. (Ofcom claims this occurred in July; it in fact occurred in May.)
And, for a time, this worked. Today, however, I can reveal that Ofcom has reversed its decision and is going after the site anyway.
Ofcom alleges that SaSu’s geo-block went down.
This is demonstrably false. The block has been consistently functional for months, and when Ofcom’s e-mail landed in my inbox, I went to check it myself by using my own VPN to access the Internet through a London IP (unlike UK policymakers, I know how to use one). Sure enough, SaSu’s nationwide site block prevented me from viewing the site.
What appears to have happened is that SaSu had a site mirror and that someone figured out a way to hit the mirror – which was also subject to the geoblock, something which took me under a minute to personally confirm – without using a VPN.
This is possible for a range of reasons. The primary one is that the notion of a “UK based IP” is nonsense. Geolocation databases work by figuring out where people log in from and only after doing a lot of pattern recognition do those addresses get associated with that location. So there will be UK-based IPs that geolocate to Poland, for example, even though the end-user is sitting in the UK, because the database thinks that that IP address belongs in Poland.
What might have happened is that a third party, understanding this, could have found SaSu’s mirror, hit SaSu’s mirror with one of these IPs, and then handed the file off to the regulator as some kind of “gotcha” demonstrating that the IP geoblock was ineffective, and using the fact of the access plus the fact that there was a mirror URL to claim that SaSu was somehow trying to dishonestly mislead the regulator about its compliance with the OSA through geoblocking. (The reasons why SaSu had a mirror are SaSu’s alone/none of Ofcom’s fucking business; what it suffices to note is that both SaSu’s main site and the mirror blocked the UK.) If this is in fact what happened, it would have been a profoundly dishonest tactic by UK activists to try to bring down regulatory hellfire on a disfavored American company, and it merits a full parliamentary investigation (though, I won’t hold my breath waiting for that).
Ofcom, in announcing that it was “progressing” an open but dormant investigation on the basis that the geoblock was down when the geoblock was in fact up, (1) reveals that it has no idea how the Internet works and (2) has made a pretty titanic mistake. Now it’ll either need to assert that the geoblock isn’t effective (when, for the most part, it is) or it’ll need to climb down (causing fury among the political constituencies which have so much power in Westminster that they forced the file to reopen in the first place).
What seems clear to me is that Ofcom needs a scalp to present to Ofcom’s political masters. It’s been decided that SaSu is it.
SaSu is, arguably, the most important scapegoat that was used to justify the Online Safety Act. Web censorship advocates like the Molly Rose Foundation – one of the major NGO sponsors of the Online Safety Act – seemingly exist for the sole purpose of advocating for increasingly insane levels of censorship of the Internet for everyone in the UK, always pointing to a single target as the justification, and never calling for any solution other than mass censorship of the entire country.
That target is, and for years has been, SaSu. The NGOs in question refuse to name the site, ostensibly for harm reduction purposes, but this also prevents people from openly engaging with the issue and having an honest conversation about what the site is, what (American) legal protections it benefits from, and, therefore, what practical limitations there are on the UK trying to close it down, both now and when the UK was drafting and enacting the UK Online Safety Act.
The UK’s inability to have those honest conversations at the proper time is what is causing the Online Safety Act to, slowly but surely, fail as an international regulatory scheme. This habit also led the UK to enact the Online Safety Act instead of adopting other, less censorial, approaches to make the Internet a safer place, which were ignored.
Even today, aforementioned “Safety” NGO and others are using the simple fact of the SaSu’s existence to try to convince legislators that a nationwide VPN ban that applies to every one of the 69 million men, women, and children in the United Kingdom is necessary to end SaSu specifically – tantamount to using a thermonuclear bomb to swat a fly. Only three weeks ago, these groups called for the Prime Minister to open a parliamentary inquiry and wrote a 51-page report seeking to apply additional pressure for retaliatory action and additional global censorship powers. SaSu was even mentioned by Keir Starmer, albeit not by name, when he tried justifying the Online Safety Act to President Trump.
There was even direct political pressure put on Ofcom by Parliament itself on October 31st to do something about SaSu.
One could be forgiven for thinking that SaSu is the UK censorship-industrial complex’s favorite company, given how much they talk about it to practically anyone who will listen. In a way, it is the Online Safety Act’s necessary target: these organizations have spent years saying that the Online Safety Act was the required solution to a company like SaSu. If the Act fails to end it, the Act itself also fails. The credibility of the entire regime rests on beating this one website.
For this reason, SaSu was the very first site Ofcom targeted for enforcement action in February 2025, months before Ofcom went after 4chan or anyone else. When that happened, the UK censorship NGO sector clearly expected SaSu to get wiped off the face of the Earth.
But SaSu, rudely, didn’t die, a fact which makes the UK censorship-industrial apparatus incandescent.
The UK has no power to shut the site down, because the site and its operators are in the United States, they are not violating U.S. law, and they are conducting themselves in a manner that is protected by the First Amendment.
So, it appears, as with 4chan, Ofcom has elected to proceed with a mock execution. Based on the fact that the nationwide IP block is still live, the precedent they want to set – the message they want to send – seems pretty clear to me: Geo-IP blocking the entire UK is no longer enough to comply with the Online Safety Act.
Ofcom is trying to set the precedent that no matter where you are in the world, and no matter how much you try to keep UK users off your site, Ofcom believes you have to follow its rules – even if you’re American and you’re engaged in constitutionally protected speech and conduct. To that end, Ofcom has renewed its previous threats of fines, arrest, and imprisonment, against SaSu and its operators – all Americans.
This is not what I expected. I had expected the UK, after encountering serious resistance to its extraterritorial expansion plans in the United States with 4chan’s refusal to comply, to start considering the merits of backing down. Instead, the UK is choosing to escalate, going after a target who the Online Safety Act’s political masters desperately want to, even need to, eradicate, even though that target made good-faith efforts to block the UK from its services.
Hate to spoil the party, but Ofcom will need to go try some other country’s websites to set that precedent. The UK is not going to be allowed to lay a finger on an American.
I reproduce relevant correspondence below. We have also sent this correspondence to the White House, both Houses of Congress, individuals spearheading legislative initiatives to erect censorship shield laws in four different states, and the nation’s leading free speech advocacy organizations.
My message to Washington and state legislators
Free speech test cases are rarely made in relation to popular speech. But we call them “test cases” for a reason: because they are the test of the boundaries, and their outcome determines the future trajectory of the law and human behavior.
The lesson from this correspondence is unmistakable: the UK thinks that anyone who refuses to adhere to its content rules, wherever they are based, is fair game for threats of fines and imprisonment, even if they try to wall themselves off from the UK with comprehensive blocks of UK IP addresses.
This includes every single person in the United States. Companies like SaSu are the canaries in the coal mine. Companies most of us use every day like Meta or X are next.
This problem is not going to go away. As we have seen with the escalating war of words between the UK and X, which culminated in a British King’s Counsel putting X’s Head of Global Government Affairs through a Maoist-style pro-Online Safety Act struggle session at an inquiry hearing only yesterday, it is clear the United Kingdom – or, at least, the bunch of yahoos who currently run it – will not be content to allow any American to enjoy the full measure of their constitutional rights online, no matter how obscure the U.S. site in question may be.
They will attempt to crush anyone who resists, even if that resistance is in the form of Americans doing everything in our power to block the entire UK from our services to try to get British censors off our backs. The UK is willing to punish and threaten American companies – large and small – and American citizens in order to set the precedent that the UK is in charge of America’s Internet.
Our government should not allow this to be done to any American, on principle. No American client of mine will ever bend to that sort of pressure. We need to act now to prevent our most valuable companies, and their hundreds of millions of American users, from being subjected to it.
These attempts to disrespect and override American sovereignty must be answered before the same thing is done to websites used by millions of other American citizens, when the UK inevitably turns its attention to the larger and more well-moderated services we all know and love, including all of our world-beating AI companies.
In the final analysis, American citizens shouldn’t have to put up with this bullshit from foreigners. We fought, and won, many wars to secure our freedoms.
As I have been doing for nearly an entire year, I strongly urge the White House and Congress, and legislators in each of the fifty States, to intervene to protect the free speech of all American citizens.
UPDATE, 7 NOVEMBER 2025 (edited 11 Nov 2025)
Ofcom replied to our initial e-mail responding to their “progressing” this investigation (see first PDF at the bottom of this post) and this blog post as follows on November 7th:
Take note of the following language, in particular:
Your email also suggests that Ofcom is proceeding with this investigation because of domestic UK political pressure. That is not the case. (Emphasis added.) Our decision to proceed in this matter is in line with our duties under the Online Safety Act 2023 as the UK’s independent online safety regulator, as well as our Online Safety Enforcement Guidance.
The e-mail is extraordinary: Ofcom didn’t like that I referred to its enforcement effort against SaSu as a coordinated, politically motivated hit, so it felt the need – in correspondence to a target’s lawyer – to specifically respond to the allegation and complain about the public defense of my client that I made in a blog post.
As to the blog post, we’ll deal with that in a second.
It’s pretty obviously a true statement that this investigation has a political dimension to it.
Putting aside, for a moment, the fact that a certain UK NGO – the country’s leading pro-censorship organization…
- kvetched to Parliament about this matter in September,
- called for the Prime Minister to open an investigation into my client in October, and then
- triggered the House of Lords’ Digital Committee to give Ofcom a written dressing-down repeating that NGO’s point of view, verbatim, only last week,
…it remains true that Ofcom reopened the investigation to minor but noticeable press fanfare and – miraculously! – also had that very NGO extensively quoted in a press drop that landed a mere 57 minutes after I received Ofcom’s message, followed up by prime morning TV spots for that UK NGO 14 hours later (approximately 8AM local time in London) – during which time the UK NGO called for my client to be fined, arrested, and prosecuted!
All for conduct that is perfectly lawful in the United States. Exhibit A:
Exhibit B, the pressure group’s CEO informing the world that Ofcom’s investigation announcement was timed to align with that pressure group’s embargoed press release, which blames my client’s website – a discussion board where people do nothing but talk – for the off-platform actions of third parties which the site itself does not, and cannot, control:
Recapping, this is what I wrote to Ofcom on November 6th:
I am aware that Ofcom is under considerable external political pressure at home, including e.g. from the Molly Rose Foundation…
This leads me to a very distressing conclusion: either Ofcom is lying to my client about its reasons for reopening this investigation, or it hasn’t done its due diligence and is taking its marching orders from NGOs without regard for the facts on the ground.
I personally think Ofcom is reopening this investigation as a result of domestic UK political pressure…
…versus what Ofcom said to me on November 7th…
Your email also suggests that Ofcom is proceeding with this investigation because of domestic UK political pressure. That is not the case.
…and what the Molly Rose Foundation said about Ofcom’s reasons for proceeding with the investigation:
[The reopening of the investigation against SaSu] comes hours before the Molly Rose Foundation was due to publicly issue a letter…
It shouldn’t take… an embargoed media release to apply pressure on the regulator to enforce the Act.
The guy is bragging that his press release is what got Ofcom to move off the plate.
Yet Ofcom, in a letter sent to the very same Molly Rose Foundation on November 11th, copying both the DSIT Minister and the House of Lords Digital Committee, curiously makes no mention of any embargoed press release, speaking only to its response “to new facts” which had been supplied to Ofcom by yet another pro-web censorship NGO, Samaritans:
Kind of open-and-shut, isn’t it. Seeing as these NGOs, the Government, and Ofcom are all on the same side, and given the phased increase of the political drumbeat leading to a dramatic announcement by the regulator, about “progressing” an investigation which was already open, when investigations are supposed to be fucking confidential, I have serious questions about the extent to which Ofcom’s announcement was in fact not spontaneous but coordinated. If it’s coordinated, it’s a very bad thing indeed. If it’s spontaneous and was made in response to NGO political pressure, it’s arguably even worse.
Politics and media spin are not games that Ofcom is supposed to be playing with the vast powers it has been granted, as a so-called “independent regulator.”
If my client’s site is truly that dangerous to UK internet users, why did Ofcom wait two days working in concert with a press campaign instead of, oh, I dunno, calling us up and reporting any suspected “bugs” in the geo-block so that they can be patched?
Particularly when the target was voluntarily doing so already?
Approaching the matter from this perspective, I replied to Ofcom’s November 7th rebuttal as follows, also on November 7th:
As to the blog post, it occurred to me I forgot to clear up the record on that so I added the following:
Ofcom then issued its own response, in public:
Utterly extraordinary. Let me explain what probably happened here.
The UK regulator has now publicly confirmed that the “mirror” site for my client’s site is not accessible in the UK. This, of course, has been the case all along, as I verified within ten minutes of receiving Ofcom’s email on Thursday afternoon. I’m not sure what, exactly, happened here, but I am advised that both mirror and the base site in this case were both covered by the IP block at all times.
If I had to guess, it’s that some NGO found some UK-based IP addresses which weren’t captured by the block because they weren’t properly geolocated. They probably then assembled a dossier and reported this to the UK regulator, and the UK regulator, under pressure from its political masters in Westminster, decided to do a rush job on enforcement and drive a truck through a hole that can be measured in micrometers, betting no one would be willing to publicly defend what is, arguably, the most controversial lawful website on the planet.
They bet wrong.
The Molly Rose Foundation and Ofcom both can’t be right here. My money is on Molly Rose Foundation’s version of events being the correct one. If so, this would mean that highly political pressure groups are working hand-in-glove with the UK’s public bodies, Parliament and others, to try to show that the OSA can be successfully wielded against all those pesky Americans who won’t just be sensible and surrender our rights simply because a bunch of censors in the UK ordered us to.
And the fact that Ofcom felt the need to put up a corrective press release 36 hours after the start of the reopened “investigation,” and a mere 72 hours (max) after getting a tip from the Samaritans?
They’re not treating this like a law enforcement investigation, where they’d take their time and make sure they got it right. They’re definitely not treating it like a public safety matter, where they know how to reach us and know that I generally respond within the hour.
What Ofcom should have done here is kept its mouth shut, taken the time to do a full investigation and tried to resolve it with my client before trying to get ahead of a media cycle. What Ofcom did instead – kabuki with friendly NGOs, advance leaks to the friendly media, making a big deal about announcing that an already-open file was still open in its own statement on its own website, and, when challenged, rushing out statements to rebut its critics in real time – is not running a public safety operation. What Ofcom is actually doing here is running a media campaign to defend its own credibility, and defend the credibility of the Online Safety Act project.
At the end of the day, the IP block doesn’t really matter: my client has that block up to minimize hassle from aggressive foreign regulators and to keep their spam out of its inbox, not because it has any legal obligation to give a single solitary fuck about what an unelected British bureaucrat tells it to do.
Ofcom doesn’t have the legal power to order around my dog in the United States. It certainly doesn’t have the legal power to order around American citizens.
I hope Washington, D.C. sees this and understands that this bullshit is what awaits every American Internet company, including Meta and X, if the United States doesn’t put a stop to this now.
Ultimately, what Ofcom is doing here is the perfect modern-day teachable moment for why the First Amendment exists in the first place. A British regulator is threatening Americans in order to censor them, on pain of jail time, using only the flimsiest of excuses and immense, overbroad, and highly discretionary enforcement powers, to please politicians.
America and the UK fought a war over this. UK regulators doing this to Americans for doing nothing other than lawfully exercising their constitutional rights is not a situation the United States should ever accept.
I call upon the Trump Administration to use all available trade levers to put this misbehavior to an end, and upon the U.S. Congress to enact a foreign censorship shield law.
UPDATE, 9 NOVEMBER 2025
Postscript:
—
