Anyone still defending age verification online is an idiot.
I don‘t think I‘ve ever seen someone defend it online but there were a few people laughing it off which is not much better.
To be fair, they were before this incident too.
The fact that these photos and PII (personally identifiable information) were not destroyed after the verification process was certified is absolutely atrocious OpSec. I don’t even care which of the two companies is ultimately responsible, because they are both responsible.
- Zendesk for their bad OpSec
- Discord for both outsourcing this AND not having contractual requirements to properly secure and destroy PII when it was no longer required.
I work in IT, and treat PII like it’s dangerously radioactive, because in the digital world, it really is.
That’s because you have ethics
Me when I get a request for PII pertaining to a suspected corruption case: Have one of our corporate lawyers give me a written and explicit statement of what data I’m supposed to send to whom or get bent. I’m not touching that with a ten foot pole and gloves unless I have a legally solid affirmation that what I’m doing won’t come back to bite me, and that our workers’ council knows about it and will back me up.
I’m reluctant to even confirm that I can get that information in the first place. I mean, I’m the one with full access to the audit tool, so I probably do, but I’d have to access that data in the first place to check. I don’t think that anyone would notice or care so long as I don’t share that information, but as you said: dangerously radioactive; don’t touch if I can help it.
Right. It blows me away the required training we have to do for physical files more secured than Fort Knox! Tech world? Eh just throw it in the recycle bin
I agree completely its moronic, but I do imagine the law requires it
“Apparently” only those who were challenging the verification results and uploaded awaiting reverification are affected.
Not that that isn’t bad enough
Don’t ever use Tencent apps
Proofs the UK is a shithole as well funnily enough.
Nothing against the Brits but their government oh damn that’s bad.
The Labour under Starmer is closet Tory. I wish that the popular Manchester Labour mayor (whose name I forgot) takes his place as PM, which actual leftist politicians try to make him to be. Although this will be a Sysiphean task under the ruthless politicking in British politics and Labour Party’s own strict rule on who could become PM.
Andy Burnham!
congrats everyone on your two free months of credit monitoring
Fuck Discord
I agree, but fuck this dumb law first and foremost.
discord isn’t at fault here. I don’t say they do good stuff either, i just want to stick to the facts. It’s the UK government who forced them in the first place
They enforced the verification, but discord was supposed to delete the images right after.
Are you really defending somebody else’s income generating business?
Discord is a threat actor
nvm i wanted to say the complete opposite, my brain wanted to say two sentences at the same time and mixed up the words. corrected it now
Oh no it’s that thing everyone would say would happen!
Why shouldn’t I make the Torment Nexus!?
Politicians: That’s the point.
Joking aside, now that I think about it, what difference does does it make if companies are stealing infos and spying on you with government mandated age verification checks, and hackers stealing your government mandated age verification info? This just reinforces my view that governments (and companies) are nothing but glorified gangsters.
A hacker stealing your id can do way more malicious stuff like more expertly crafted phishing and identity fraud just to name two.
No one involved in this from the government to the companies is innocent in this chain though in my opinion. A breach is always bound to happen.
Option 3: companies that you pay to provide authentication service. Regulated so that they clearly tell you if they are subsidizing service outside of your payments.
We nearly already do this with certificate services and they would probably be in a good position to offer an id service.
Option 3: companies that you pay to provide authentication service. Regulated so that they clearly tell you if they are subsidizing service outside of your payments.
Then you just need to hack this company instead of Discord, you only change target.
so instead of creating some kind of authorization system that would not require sending your private information to everyone the govt did nothing and instead put that responsibility on EVERY company. begs the question why rushing so much?
The department of Social security could have created some sort of public/private key pair to very age and DOB. But that’s too much to ask for isn’t it?
Have you seen the USA? UK? Russia? China? I really don’t want the government making any system to tie internet to any identity. I really don’t want any government having any role in the internet.
so instead of creating some kind of authorization system that would not require sending your private information to everyone the govt did nothing and instead put that responsibility on EVERY company. begs the question why rushing so much?
I would suppose that this is because there is not a single way valid for every govt. For example, in Italy we have SPID, which is different from what Germany, France and every EU state have.
If Discord wanted to use it, they had to implement a numbers of way to do it, which can be not that easy.
this is why i dont give my ID to any service(obv including Discord) anymore.
Quelle surprise
So they have 2 million ai generated or free stock photos of faces?
These were images of people’s ID’s, along with photos of their faces to check for a match, not stock photos or even just real selfies on their own.
the only person who’s allowed to verify my age is my cat because he won’t stop being a dick about it
I’d like to use your cat verification system too.
Who exactly was required to submit age verification photos? Just US citizens?
Besides some countries, people that had their account flagged as possible underage also need to verify themselves.
I know a French guy that joked about being 12 in a chat, got reported by a troll that got his account locked, and had to send his ID to unlock it.
So glad I ditched discord the second they considered going public, converting people to Matrix sucks because Element is terrible for group calls, [Edit] tried setting up a Snikket server via Docker compose yesterday but their documentation sucks for manual setups, I don’t need them handling reverse proxying for me and rather they didn’t bind to the host network and instead bind to a docker network eventually my tweaks broke docker itself and I had to restart the service.
