A follow up to The Ofcom Files.

Some notes on Ofcom’s strategy to date.

As many of you know, I represent the U.S. website 4chan, pro bono, in its U.S. federal lawsuit against the UK’s communications regulator, Ofcom, together with my co-counsel Ron Coleman. The suit seeks to defend 4chan from the UK’s attempts to censor that website using the UK’s new Internet censorship law, the Online Safety Act.

What some of you may not know is that I have personally committed to defend, pro bono, any U.S. website which operates lawfully in the United States – no matter how large or small – against the UK’s attempts to infringe on the First Amendment.

And indeed, I am currently representing every single U.S. social-media enforcement target of the UK Online Safety Act, again pro bono, without exception. I will continue to do so until the Online Safety Act’s capacity to harm American citizens is destroyed, by America enacting a shield law.

This means, necessarily, taking on some of the most controversial sites on the web as one’s clients. One such client, a social media forum called “Sanctioned Suicide” or “SaSu,” has long been a target for Ofcom’s ire because of the subject matter that the site hosts – principally, it is a mental health webforum where suicidal people are allowed to discuss the most taboo subject of all taboo subjects, suicide itself, and how they plan to go about it.

To say that this site’s subject matter is controversial is an understatement; as a Catholic I freely admit I struggled at first with representing the site. SaSu, 4chan, Gab, and Kiwi Farms – the complete list of Ofcom’s U.S. enforcement targets to date – are some of the most unsympathetic websites in the world, from a political point of view.

This was, in my view, a deliberate strategy by Ofcom: pick the most radioactive free speech targets in the world, isolate them in confidential proceedings, punish them, and publicly shame them when you claim the fine notices or blocking orders as a win. The only way to counter that strategy is to ensure that no target goes without competent counsel, every target knows what Ofcom is trying to do, and every case will be fought like hell, in as public a fashion as possible. As Justice Brandeis said, “sunlight is the best disinfectant.”

The victory condition of the U.S. pushback against Ofcom is the successful defense of the First Amendment – all of the First Amendment. If we concede even a scintilla of our constitutional rights, we fail. If we let any target fight alone, we fail. If any censorship demand gets through our border, we fail.

That means we defend every site, however small or controversial it may be, from foreign attempts to infringe on their constitutional rights. It means not giving up so much as an inch of ground without a major fight, if those are the instructions. It means we must not ever lose.

We do this because the defense of any American is the defense of us all.

The story of Ofcom v SaSu

SaSu is a tiny forum which didn’t have much of an appetite for a fight. Accordingly, when Ofcom came calling at the end of February, SaSu more or less immediately IP blocked the entire UK in hopes of avoiding enforcement action. (Ofcom claims this occurred in July; it in fact occurred in May.)

And, for a time, this worked. Today, however, I can reveal that Ofcom has reversed its decision and is going after the site anyway.

Ofcom alleges that SaSu’s geo-block went down.

This is demonstrably false. The block has been consistently functional for months, and when Ofcom’s e-mail landed in my inbox, I went to check it myself by using my own VPN to access the Internet through a London IP (unlike UK policymakers, I know how to use one). Sure enough, SaSu’s nationwide site block prevented me from viewing the site.

What appears to have happened is that SaSu had a site mirror and that someone figured out a way to hit the mirror – which was also subject to the geoblock, something which took me under a minute to personally confirm – without using a VPN.

This is possible for a range of reasons. The primary one is that the notion of a “UK based IP” is nonsense. Geolocation databases work by figuring out where people log in from and only after doing a lot of pattern recognition do those addresses get associated with that location. So there will be UK-based IPs that geolocate to Poland, for example, even though the end-user is sitting in the UK, because the database thinks that that IP address belongs in Poland.

What might have happened is that a third party, understanding this, could have found SaSu’s mirror, hit SaSu’s mirror with one of these IPs, and then handed the file off to the regulator as some kind of “gotcha” demonstrating that the IP geoblock was ineffective, and using the fact of the access plus the fact that there was a mirror URL to claim that SaSu was somehow trying to dishonestly mislead the regulator about its compliance with the OSA through geoblocking. (The reasons why SaSu had a mirror are SaSu’s alone/none of Ofcom’s fucking business; what it suffices to note is that both SaSu’s main site and the mirror blocked the UK.) If this is in fact what happened, it would have been a profoundly dishonest tactic by UK activists to try to bring down regulatory hellfire on a disfavored American company, and it merits a full parliamentary investigation (though, I won’t hold my breath waiting for that).

Ofcom, in reopening the investigation on the basis that the geoblock was down when the geoblock was in fact up, (1) reveals that it has no idea how the Internet works and (2) has made a pretty titanic mistake. Now it’ll either need to assert that the geoblock isn’t effective (when, for the most part, it is) or it’ll need to climb down (causing fury among the political constituencies which have so much power in Westminster that they forced the file to reopen in the first place).

What seems clear to me is that Ofcom needs a scalp to present to Ofcom’s political masters. It’s been decided that SaSu is it. SaSu is, arguably, the most important scapegoat that was used to justify the Online Safety Act. Web censorship advocates like the Molly Rose Foundation – one of the major NGO sponsors of the Online Safety Act – seemingly exist for the sole purpose of advocating for increasingly insane levels of censorship of the Internet for everyone in the UK, always pointing to a single target as the justification, and never calling for any solution other than mass censorship of the entire country.

That target is, and for years has been, SaSu. The NGOs in question refuse to name the site, ostensibly for harm reduction purposes, but this also prevents people from openly engaging with the issue and having an honest conversation about what the site is, what (American) legal protections it benefits from, and, therefore, what practical limitations there are on the UK trying to close it down, both now and when the UK was drafting and enacting the UK Online Safety Act.

The UK’s inability to have those honest conversations at the proper time is what is causing the Online Safety Act to, slowly but surely, fail as an international regulatory scheme. This habit also led the UK to enact the Online Safety Act instead of adopting other, less censorial, approaches to make the Internet a safer place, which were ignored.

Even today, aforementioned “Safety” NGO and others are using the simple fact of the SaSu’s existence to try to convince legislators that a nationwide VPN ban that applies to every one of the 69 million men, women, and children in the United Kingdom is necessary to end SaSu specifically – tantamount to using a thermonuclear bomb to swat a fly. Only three weeks ago, these groups called for the Prime Minister to open a parliamentary inquiry and wrote a 51-page report seeking to apply additional pressure for retaliatory action and additional global censorship powers. SaSu was even mentioned by Keir Starmer, albeit not by name, when he tried justifying the Online Safety Act to President Trump.

There was even direct political pressure put on Ofcom by Parliament itself on October 31st to do something about SaSu.

One could be forgiven for thinking that SaSu is the UK censorship-industrial complex’s favorite company, given how much they talk about it to practically anyone who will listen. In a way, it is the Online Safety Act’s necessary target: these organizations have spent years saying that the Online Safety Act was the required solution to a company like SaSu. If the Act fails to end it, the Act itself also fails. The credibility of the entire regime rests on beating this one website.

For this reason, SaSu was the very first site Ofcom targeted for enforcement action in February 2025, months before Ofcom went after 4chan or anyone else. When that happened, the UK censorship NGO sector clearly expected SaSu to get wiped off the face of the Earth.

But SaSu, rudely, didn’t die, a fact which makes the UK censorship-industrial apparatus incandescent.

The UK has no power to shut the site down, because the site and its operators are in the United States, they are not violating U.S. law, and they are conducting themselves in a manner that is protected by the First Amendment.

So, it appears, as with 4chan, Ofcom has elected to proceed with a mock execution. Based on the fact that the nationwide IP block is still live, the precedent they want to set – the message they want to send – seems pretty clear to me: Geo-IP blocking the entire UK is no longer enough to comply with the Online Safety Act.

Ofcom is trying to set the precedent that no matter where you are in the world, and no matter how much you try to keep UK users off your site, Ofcom believes you have to follow its rules – even if you’re American and you’re engaged in constitutionally protected speech and conduct. To that end, Ofcom has renewed its previous threats of fines, arrest, and imprisonment, against SaSu and its operators – all Americans.

This is not what I expected. I had expected the UK, after encountering serious resistance to its extraterritorial expansion plans in the United States with 4chan’s refusal to comply, to start considering the merits of backing down. Instead, the UK is choosing to escalate, going after a target who the Online Safety Act’s political masters desperately want to, even need to, eradicate, even though that target made good-faith efforts to block the UK from its services.

Hate to spoil the party, but Ofcom will need to go try some other country’s websites to set that precedent. The UK is not going to be allowed to lay a finger on an American.

I reproduce relevant correspondence below. We have also sent this correspondence to the White House, both Houses of Congress, individuals spearheading legislative initiatives to erect censorship shield laws in four different states, and the nation’s leading free speech advocacy organizations.

My message to Washington and state legislators

Free speech test cases are rarely made in relation to popular speech. But we call them “test cases” for a reason: because they are the test of the boundaries, and their outcome determines the future trajectory of the law and human behavior.

The lesson from this correspondence is unmistakable: the UK thinks that anyone who refuses to adhere to its content rules, wherever they are based, is fair game for threats of fines and imprisonment, even if they try to wall themselves off from the UK with comprehensive blocks of UK IP addresses.

This includes every single person in the United States. Companies like SaSu are the canaries in the coal mine. Companies most of us use every day like Meta or X are next.

This problem is not going to go away. As we have seen with the escalating war of words between the UK and X, which culminated in a British King’s Counsel putting X’s Head of Global Government Affairs through a Maoist-style pro-Online Safety Act struggle session at an inquiry hearing only yesterday, it is clear the United Kingdom – or, at least, the bunch of yahoos who currently run it – will not be content to allow any American to enjoy the full measure of their constitutional rights online, no matter how obscure the U.S. site in question may be.

See, e.g.:

They will attempt to crush anyone who resists, even if that resistance is in the form of Americans doing everything in our power to block the entire UK from our services to try to get British censors off our backs. The UK is willing to punish and threaten American companies – large and small – and American citizens in order to set the precedent that the UK is in charge of America’s Internet.

Our government should not allow this to be done to any American, on principle. No American client of mine will ever bend to that sort of pressure. We need to act now to prevent our most valuable companies, and their hundreds of millions of American users, from being subjected to it.

These attempts to disrespect and override American sovereignty must be answered before the same thing is done to websites used by millions of other American citizens, when the UK inevitably turns its attention to the larger and more well-moderated services we all know and love, including all of our world-beating AI companies.

In the final analysis, American citizens shouldn’t have to put up with this bullshit from foreigners. We fought, and won, many wars to secure our freedoms.

As I have been doing for nearly an entire year, I strongly urge the White House and Congress, and legislators in each of the fifty States, to intervene to protect the free speech of all American citizens.

UPDATE, 7 NOVEMBER 2025

Ofcom replied to our initial e-mail responding to their reopening this investigation (see first PDF at the bottom of this post) and this blog post as follows:

This e-mail is extraordinary: Ofcom didn’t like that I referred to its enforcement effort against SaSu as a coordinated, politically motivated hit, so it felt the need – in correspondence to a target’s lawyer – to specifically respond to the allegation and complain about the public defense of my client that I made in a blog post.

As to the blog post, we’ll deal with that in a second.

It’s pretty obviously a true statement that this investigation has a political dimension to it.

Putting aside, for a moment, the fact that a certain UK NGO – the country’s leading pro-censorship organization…

• kvetched to Parliament about this matter in September,
• called for the Prime Minister to open an investigation into my client in October, and then
• triggered the House of Lords’ Digital Committee to give Ofcom a written dressing-down repeating that NGO’s point of view, verbatim, only last week,

…it remains true that Ofcom reopened the investigation to minor but noticeable press fanfare and – miraculously! – also had that very NGO extensively quoted in a press drop that landed a mere 57 minutes after I received Ofcom’s message, followed up by prime morning TV spots for that UK NGO 14 hours later (approximately 8AM local time in London) – during which time the UK NGO called for my client to be fined, arrested, and prosecuted!

All for conduct that is perfectly lawful in the United States. Exhibit A:

If my client’s site is truly that dangerous to UK internet users, why did Ofcom wait two days preparing a press campaign instead of, oh, I dunno, calling us up and reporting any suspected “bugs” in the geo-block so that they can be patched?

Particularly when the target was voluntarily doing so already?

The answer, in all probability, is that highly political pressure groups are working hand-in-glove with the UK’s public bodies, Parliament and others, to try to show that the OSA can be successfully wielded against all those pesky Americans who won’t just be sensible and surrender our rights simply because a bunch of censors in the UK ordered us to.

Interesting how Ofcom treats investigations as confidential every time they get a FOIA request or a request for comment from a journalist, but not, apparently, when Parliament wants a prominent American scalp and they need to coordinate with friendly media and pro-censorship groups.

Approaching the matter from this perspective, I replied to Ofcom as follows:

As to the blog post, it occurred to me I forgot to clear up the record on that so I added the following:

Ofcom then issued its own response, in public:

Utterly extraordinary. Let me explain what probably happened here.

The UK regulator has now publicly confirmed that the “mirror” site for my client’s site is not accessible in the UK. This, of course, has been the case all along, as I verified within ten minutes of receiving Ofcom’s email on Thursday afternoon. I’m not sure what, exactly, happened here, but I am advised that both mirror and the base site in this case were both covered by the IP block at all times.

If I had to guess, it’s that some NGO found some UK-based IP addresses which weren’t captured by the block because they weren’t properly geolocated. They probably then assembled a dossier and reported this to the UK regulator, and the UK regulator, under pressure from its political masters in Westminster, decided to do a rush job on enforcement and drive a truck through a hole that can be measured in micrometers, betting no one would be willing to publicly defend what is, arguably, the most controversial lawful website on the planet.

They bet wrong.

And the fact that Ofcom felt the need to put up a corrective press release 36 hours after the start of the reopened “investigation,” and a mere 72 hours (max) after getting a tip from the Samaritans? They’re not treating this like a law enforcement investigation, where they’d take their time and make sure they got it right.

They’re definitely not treating it like a public safety matter, where they know how to reach us and know that I generally respond within the hour.

When you’re doing advance leaks to the press and rushing out statements to rebut your critics in real time, you’re not running a public safety operation. Ofcom is running a media campaign to defend the credibility of the Online Safety Act project.

At the end of the day, the IP block doesn’t really matter: my client has that block up to minimize hassle from aggressive foreign regulators and to keep their spam out of its inbox, not because it has any legal obligation to give a single solitary fuck about what an unelected British bureaucrat tells it to do.

Ofcom doesn’t have the legal power to order around my dog in the United States. It certainly doesn’t have the legal power to order around American citizens.

I hope Washington, D.C. sees this and understands that this bullshit is what awaits every American Internet company, including Meta and X, if the United States doesn’t put a stop to this now.

Ultimately, what Ofcom is doing here is the perfect modern-day lesson lesson for why the First Amendment exists in the first place. A British regulator is threatening Americans in order to censor them, on pain of jail time, using only the flimsiest of excuses and immense, overbroad, and highly discretionary enforcement powers, to please politicians.

America and the UK fought a war over this. UK regulators doing this to Americans for doing nothing other than lawfully exercising their constitutional rights is not a situation the United States should ever accept.

I call upon the Trump Administration to use all available trade levers to put this misbehavior to an end, and upon the U.S. Congress to enact a foreign censorship shield law.

—