Anyone still defending age verification online is an idiot.
I don‘t think I‘ve ever seen someone defend it online but there were a few people laughing it off which is not much better.
To be fair, they were before this incident too.
So, I looked at age verification - it was made clear photos were on device only and never transmitted.
If this turns out to be false, then the legal fallout would be apocalyptic.
(Edit: or not, see the comment by ambitiousprocess below)
Here’s the information directly from the FAQ as of right now:
Q: Is my data stored when I use Face Scan or Scan ID verification?
A: Discord and k-ID do not permanently store personal identity documents or your video selfies. The image of your identity document and the ID face match selfie are deleted directly after your age group is confirmed, and the video selfie used for facial age estimation never leaves your device.
That sounds like the video stays on your device but the photos do not.
Big company lies again what a big surprise
Yeah, but those methods of verification weren’t the subject of this breach, this was some manual bullshit done through Zendesk.
Where is that small print? It should be archived before Discord tries to change it.
Check down on data security ;)
Looks like it’s already been archived: https://web.archive.org/web/20250930051220/https://support.discord.com/hc/en-us/articles/30326565624343-How-to-Complete-Age-Verification-on-Discord
It’s also here:
you agree to legal mediation other than a court in their terms of service, so… not really
Those don’t always hold up, especially when the shit is really hitting the fan.
“dont always… when it hits the fan” is a little too elusive compared to a legal document you agreed to online imho so i will not necessarily hold to that
Yep that’s a lot of stuff, it’s a money spending contest.
The fact that these photos and PII (personally identifiable information) were not destroyed after the verification process was certified is absolutely atrocious OpSec. I don’t even care which of the two companies is ultimately responsible, because they are both responsible.
- Zendesk for their bad OpSec
- Discord for both outsourcing this AND not having contractual requirements to properly secure and destroy PII when it was no longer required.
I work in IT, and treat PII like it’s dangerously radioactive, because in the digital world, it really is.
“Apparently” only those who were challenging the verification results and uploaded awaiting reverification are affected.
Not that that isn’t bad enough
Right. It blows me away the required training we have to do for physical files more secured than Fort Knox! Tech world? Eh just throw it in the recycle bin
I agree completely its moronic, but I do imagine the law requires it
Proofs the UK is a shithole as well funnily enough.
Nothing against the Brits but their government oh damn that’s bad.
The Labour under Starmer is closet Tory. I wish that the popular Manchester Labour mayor (whose name I forgot) takes his place as PM, which actual leftist politicians try to make him to be. Although this will be a Sysiphean task under the ruthless politicking in British politics and Labour Party’s own strict rule on who could become PM.
Andy Burnham!
And this is why this provide xyz private information for verification bs should be illegal
And why any service asking it should be moved on from.
Pretty sure these people could have found a teamspeak, matrix, or mumble server without the requirement.
Hmm, I don’t recall ever doing age verification for Discord. Were older accounts grandfather’d in, or is it currently limited by region or something?
I think it’s a UK thing
They have been passing legislation to basically dox their citizens for them to gain access to the internet
It was obvious things like this will happen, unlike banks and government sites social media sites don’t have strict cyber security requirements and they want these sites to have a government ID. It was a bad idea from the start.
Also currently being rolled out in Australia too 😔
Any time your account gets locked for age reason it requires it. So if you have never had an age lock it’s unlikely you had to do it.
It’s as easy as someone reporting you for being underage with no proof or even just saying “I’m 14 and what is this” as a meme to get locked tho.
Hell the auto flag system can hit you if you just talk like a kid sometimes.
I believe people from
EUUK and people who say they were under 13 and got reported. They needed to send in a pic of them holding their ID to get unbanned.edit: UK people not EU
Politicians: That’s the point.
Joking aside, now that I think about it, what difference does does it make if companies are stealing infos and spying on you with government mandated age verification checks, and hackers stealing your government mandated age verification info? This just reinforces my view that governments (and companies) are nothing but glorified gangsters.
A hacker stealing your id can do way more malicious stuff like more expertly crafted phishing and identity fraud just to name two.
No one involved in this from the government to the companies is innocent in this chain though in my opinion. A breach is always bound to happen.
To me giving a company or government permission to create the databases allowed for mass facial recognition is the same thing as giving the facial recognition data to criminals. It will be leaked/hacked/sold, etc. It is only a matter of time.
How many Social security numbers in the U.S. have been leaked/hacked/sold/illegally transferred? ~340 million.
Facial recognition will be a near useless tool for security in 10 years, and 100% for population monitoring at the rate we are going.
Option 3: companies that you pay to provide authentication service. Regulated so that they clearly tell you if they are subsidizing service outside of your payments.
We nearly already do this with certificate services and they would probably be in a good position to offer an id service.
Thank god I never gave them an image.
Don’t ever use Tencent apps
so instead of creating some kind of authorization system that would not require sending your private information to everyone the govt did nothing and instead put that responsibility on EVERY company. begs the question why rushing so much?
More than half of them turn out to be AI
Oh no it’s that thing everyone would say would happen!
Why shouldn’t I make the Torment Nexus!?
this is why i dont give my ID to any service(obv including Discord) anymore.
Fuck Discord
I agree, but fuck this dumb law first and foremost.
the only person who’s allowed to verify my age is my cat because he won’t stop being a dick about it
I’d like to use your cat verification system too.
