Lol I thought they were supposed to delete the ID images once confirmed
But the ai training lol
FTA: The IDs leaked were from people appealing age verification.
That’s different from the age verification process, which goes through a third party provider.
In short, the leaked IDs were from a standard shitty support platform (Zendesk, Salesforce, etc), not the much-advertised “safe and private” age verification system.
Official statement from Discord: “Oopse woopse we did a fucky wucky. Sue us hahaha you won’t”
Crazy, that thing I said would happen finally happened.
Ah yes, another reason not to give me ID to these tech companies. Anyone that demands my ID online can go fuck themselves while I find a replacement service.
Do people really have to scan an ID to us Discord?
No. According to an article the IDs were from people who were challenging an age determination. Still bullshit, but you don’t need ID to use Discord as a general rule.
The unauthorized party also accessed a “small number” of images of government IDs from “users who had appealed an age determination.”
Small is, of course, a relative term. I would consider a small number to be 2 or 3. They may feel that 10,000 users is a small number. Who can say?
as a very minimum, it would make sense to demand safe-deleting the photo immediately after the verification process, with fucking prison time to someone if it is found they did not comply with that.
but that is clearly not the direction the society is going 🤷♂️
You are absolutely right. This is a huge violation of user privacy on Discord‘s side which of course is as outrageous as it was to be expected from Discord. Like, Discord is the first company I would suspect to not care about any of this. They probably think lower of consumers than video game companies do.
When I use the linux or web client it asks for a selfie with my ID card when I try to enter a server.
Works fine on Android.
Contacted support, they say my account is not flagged as underage but I have to submit the photo anyway. I told them i won’t.
In the United Kingdom yes because of our authoritarian Online Safety Act that came into power earlier this year. If I join a discord channel marked as nsfw I get a prompt for id which I bypass with a VPN in another country.
That fast, huh?
I wish I could convince my giant discord community to go anywhere else. It’s so fucking hard. I’ve built IRC networks and a matrix server. I host every fediverse app imaginable. I hate being attached to this company and my income being reliant on it.
Back in the day when our community was switching from xmpp to discord, our solution was to write a bot on either end that relayed messages from one to the other. The xmpp bot got more and more naggy over time until eventually we put the xmpp side in read-only for everyone except the relay bot. It did a good enough job at building momentum to switch that the final holdouts came over when we went r/o.
You might consider building something similar if you want to make a genuine effort to switch to matrix or IRC. A relay bot solves the problem of the first people being punished by virtue of being first.
Its a good suggestion and something I’ve considered. Unfortunately we’re using conduit as our server and that type of integration doesn’t seem to work well outside of synapse. That said I know some people have gotten it working I just need to dig a little deeper. It’s a chore for sure but it seems like the only path forward.
I hear you. I used to teach classes in a particular field and most people followed our updates and events on Facebook. I tried for years to change that and pry people loose from the Zuck. Mostly unsuccessfully. I agree with the other user who suggested bridging protocols. Bridge them then incentivise use of the good one and/or disincentivise use of the evil one to naturally encourage people to migrate.
Indeed, seems the only path forward. Thansk for sharing.
Best part:
The unauthorized party gained access to “information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams”
I really wish there was a good competitor to Discord. I have not found one that has the same screen sharing feature. Revolt (now Stoat) gets close but lacks the screen sharing - something me and my friends use a lot. They are adding this soon so hopefully it is good
Now more than ever people will have to choose between privacy and comfort. And not to be a dick, but now more than ever, people choosing comfort are fucking over people who choose privacy.
I know that person he is me.
I don’t know why people keep saying this. You either pay for a service, or you get a company extracting as much data as they can from you for advertiser or VC money. Servers and bandwidth cost money
Revolt (Stoat?) is alright, but good luck getting people to join there lol, Discord is the only thing people are willing to join
Matrix or Jitsi with Lemmy or any popular forum software would be my suggestion. More secure and private but require some technical knowledge.
that has the same screen sharing feature
Uhm, yeah, it’s a chat app, not a screen-sharing app.
Screen-sharing is part of chat apps nowadays. You’re fully within your rights to stay on IRC and pretend that featureful chat is not the norm these days, but that doesn’t mean society is going to move to IRC with you. Like it or not, encrypted chat apps have to become even more usable for the average person for adoption to go up. This reminds me of how all the old Linux-heads insisted that gaming was for children and that Linux didn’t need gaming. Suddenly now that Linux has gaming, adoption is going way up - what a coincidence.
Edit: Also for the record, I have a tech-savvy friend who refuses to move to Signal until there are custom emoji reactions, of all things. You can definitely direct your ire towards these people, but the reality is some people have a certain comfort target, and convincing them to settle for less is often harder than improving the app itself.
Yeah no, sometimes you need screen sharing in the “chatting app”
A lot of university clubs are on Discord, and my cyber club does tutorials and labs on the weekends where the leader screen-shares. It’s nice because you can see the video in real time and ask questions whenever, rather than watching a pre-recorded video and having to hope you have no issues while following along.
I mean, this is literally why Zoom blew up so much during COVID. Real-time learning works more than asynchronous learning for a lot of people.
It’s Matrix.
We don’t need another competitor. We need more people using the federated option.
Same thing with alternatives to windows. We already have it, but people are too stupid to use it.
My take on this is a little more fundamental than the whole ID/age thing. We all knew this would happen, and why? Because nobody has addressed the first problem. Security is only as strong as the weakest link, and companies are not transparent with customers.
Companies spell out in their Terms and Privacy statements that they have Affiliates that data gets shared with. And they want you to accept them all blindly, without clarifying who they are and what they do.
Even here, with a reported breach, they are not naming them and just calling them “third party”. So they screwed up and many people have their information and IDs out in the wild because if them, but we don’t even get to know who they are?
His are we to trust a company of we don’t know who they’re in bed with? How are we to rate their security and assess our risk of using their service without all the information?
As far as I can tell Discord handled it pretty well as far as breaches go. But maybe if I know they are using a shit company as one of their vendors I might think twice about using them.
Its the same logic as the next article in my feed, where crunchyroll is getting pushback from the subtitle service they are using. And that’s not even their own security in mind. People make choices based on what companies do, so be transparent with it all and we will have the warm fuzzies if things match up. If they don’t then the company gets customer feedback so they can adjust.
I am jack’s complete lack of surprise
One of Discord’s third-party customer service providers was compromised by an “unauthorized party,” the company says.
So, not Discord but a 3rd party company that handle Discord’s customer service, and if you didn’t use their customer service then you’re not affected.
Moral of the story, never ask for help.
So they kept the images illegally, hm?
Sigh
