upvote

points

by Sweepi1 days ago |
comments
upvoteby deminature8 hours ago|
next
[-]
Not immediately deleting the selfie is a pretty fundamental and egregious mistake to make. People are particularly sensitive to selfies not being handled correctly after Discord lost thousands of them, despite promising to delete them after age verification occurred (and then not doing so) https://www.bbc.com/news/articles/c8jmzd972leo

The damage is limited because the selfie is only retained on device, but it still does not signal competency from the EU to fail at the most basic hurdle of disposing of the selfie once verification is complete.

reply
upvoteby jimmydorry3 hours ago|
parent|
next
[-]
>Discord lost thousands of them, despite promising to delete them after age verification occurred (and then not doing so)

This is misleading, yet everyone seems to repeat it. Discord's implementation of ID verification did not retain IDs. Reporting on this was so poor, but what appears to have happened was that people that failed age estimation / ID checks had to raise a support ticket and get manually reviewed. That support platform was pwned and the active support tickets were leaked. Who knows how long these support tickets were set to live for, but up to 70,000 active tickets getting leaked feels like a drop in the bucket. It's also not immediately clear to me what the alternative is (other than not getting hacked), when you require human intervention to review problematic IDs. Even if the ID only lived on their server for 24 hours during manual review, across a userbase of >200 million users, that's a lot of IDs at risk at any given moment, especially during these initial roll outs of age verification.

reply
upvoteby deminature52 minutes ago|
parent|
[-]
This is a distinction without a difference. Users were assured their selfies would not be retained and they were. Discord then proceeded to lose those selfies to bad actors, after promising not to retain them. The incident has caused enormous distrust of all age verification systems, which were already starting in the mind of the community from a base level of skepticism. It's already highly invasive to take a photo of yourself, but then the user must trust that the organization on the other end will handle it appropriately. To have that trust so conspicuously broken poisons the well for all other age verification systems and websites that are legally compelled to use it, or face penalties from aggressive organizations like OFCOM.
reply
upvoteby stavros7 minutes ago|
parent|
[-]
Were users assured that the selfies they emailed to support would not be retained? I'm loath to defend the multimillion dollar corporation, but let's at least be fair.
reply
upvoteby GoblinSlayer4 hours ago|
parent|
prev|
[-]
Welp, this ship has sailed, corporations and governments have data hoarding addiction. They might not yet ask where your grandpa lived 57 years ago, but they seriously ponder this idea how to extort it from you of where else to get this data.
reply
upvoteby michelb6 hours ago|
prev|
[-]
>The App has not launched, they published the source code in order to invite external review.

I read that from many reactions in discussions, but not from their own channels? (Maybe I missed that)

It is ready for deployment: https://commission.europa.eu/news-and-media/news/european-ag...

The message is that it is ready, 'ticks all the boxes' (the published code does not) and that is now ready for integration by other countries. https://xcancel.com/vonderleyen/status/2044340323120193595#m

Then in the article I read that what we see now is a 'demo' version. So the code on Github is not the current code?

reply