Don’t ever use Tencent apps
Anyone still defending age verification online is an idiot.
I don‘t think I‘ve ever seen someone defend it online but there were a few people laughing it off which is not much better.
To be fair, they were before this incident too.
So, I looked at age verification - it was made clear photos were on device only and never transmitted.
If this turns out to be false, then the legal fallout would be apocalyptic.
(Edit: or not, see the comment by ambitiousprocess below)
Where is that small print? It should be archived before Discord tries to change it.
Check down on data security ;)
The fact that these photos and PII (personally identifiable information) were not destroyed after the verification process was certified is absolutely atrocious OpSec. I don’t even care which of the two companies is ultimately responsible, because they are both responsible.
- Zendesk for their bad OpSec
- Discord for both outsourcing this AND not having contractual requirements to properly secure and destroy PII when it was no longer required.
I work in IT, and treat PII like it’s dangerously radioactive, because in the digital world, it really is.
“Apparently” only those who were challenging the verification results and uploaded awaiting reverification are affected.
Not that that isn’t bad enough
That’s because you have ethics
Right. It blows me away the required training we have to do for physical files more secured than Fort Knox! Tech world? Eh just throw it in the recycle bin
I agree completely its moronic, but I do imagine the law requires it
Thank god I never gave them an image.
Politicians: That’s the point.
Joking aside, now that I think about it, what difference does does it make if companies are stealing infos and spying on you with government mandated age verification checks, and hackers stealing your government mandated age verification info? This just reinforces my view that governments (and companies) are nothing but glorified gangsters.
A hacker stealing your id can do way more malicious stuff like more expertly crafted phishing and identity fraud just to name two.
No one involved in this from the government to the companies is innocent in this chain though in my opinion. A breach is always bound to happen.
To me giving a company or government permission to create the databases allowed for mass facial recognition is the same thing as giving the facial recognition data to criminals. It will be leaked/hacked/sold, etc. It is only a matter of time.
How many Social security numbers in the U.S. have been leaked/hacked/sold/illegally transferred? ~340 million.
Facial recognition will be a near useless tool for security in 10 years, and 100% for population monitoring at the rate we are going.
Option 3: companies that you pay to provide authentication service. Regulated so that they clearly tell you if they are subsidizing service outside of your payments.
We nearly already do this with certificate services and they would probably be in a good position to offer an id service.
Oh no it’s that thing everyone would say would happen!
Why shouldn’t I make the Torment Nexus!?
More than half of them turn out to be AI
They’re all screenshots from Detroit: Become Human
so instead of creating some kind of authorization system that would not require sending your private information to everyone the govt did nothing and instead put that responsibility on EVERY company. begs the question why rushing so much?
To the surprise of no one here. This is the first thing I think of when a system wants me to upload an ID.
So they have 2 million ai generated or free stock photos of faces?
I’ve criticized the sort of personal information that is allowed to be managed by banking entities in the cases of Accidental Americans, where people who have nothing to do with America except that they were born in the US have their data handled by private entities to be passed onto governments they’ve never been in. Public entities that should handle and be responsible for it in their actual home countries want to wash their hands off from them and there’s too much money against too small of a minority for anyone to care about their rights. It doesn’t matter how banks have consistently proven that they or their staff can act criminally, either.
At least here, it affects a lot more people so it will likely bring in the change and reform it needs, even if the sensitivity of this data is significantly less.
Gonna have to say, this guy is definitely gonna be screwed by this:
Keep on keeping on 👍
hey don’t share my discord id photo please
Who exactly was required to submit age verification photos? Just US citizens?
UK ones too.
Just the UK, as far as I’m able to find. Some US users have to verify by clicking the box, but I do not believe they’ve been en-masse required to upload ID or use the UK’s facial recognition nonsense.
From the discord age verification FAQ:
The age verification features described in this article are fully available only to users in the United Kingdom and apply to all new and existing UK accounts.
So I guess it was only UK ones. For some reason I thought they were asking pictures in the US too.
You might be confusing it with how several states have attempted to implement identity verification for access to porn sites (which has so far avoided a similar scandal to this one by virtue of rampant, contemptuous noncompliance on the part of the porn sites)
Besides some countries, people that had their account flagged as possible underage also need to verify themselves.
I know a French guy that joked about being 12 in a chat, got reported by a troll that got his account locked, and had to send his ID to unlock it.
That’s why I used a picture of my anus for my age verification photo. The wrinkles are what sold it, I think.
Well, now I feel better about using a throwaway email when I made my account.
