Comment by pavel_lishin
16 days ago
> The ID is immediately deleted. We do not keep any information around like your name, the city that you live in, if you used a birth certificate or something else, any of that information.
This is also contradicted by what Discord actually says:
> Quick deletion: Identity documents submitted to our vendor partners are deleted quickly— in most cases, immediately after age confirmation.
What are the non-most cases?
Also, _Discord_ deleting them is really only half the battle; random vendors deleting them remains an issue.
Not to mention collecting them at all means those servers are a primo location for state actors to stage themselves to make copies of data before being deleted.
To say nothing of insider threats of which likely exist across every major social media platform in service to foreign govs.
It was this deep into the thread when I decided I don’t think I need internet service this bad, let alone Discord. I think I’m out. Let us know how it goes!
7 replies →
> Not to mention collecting them at all means those servers are a primo location for state actors to stage themselves to make copies of data before being deleted.
Not to nitpick, but in this case they'd be collecting data they already own.
5 replies →
> Also, _Discord_ deleting them is really only half the battle; random vendors deleting them remains an issue.
This really is the issue. Of the 5 or so data breach notifications I received last year, none are from an entity I have a direct relationship with. They're all from a vendor used directly or indirectly by these entities.
The real answer is more serious penalties for having data breaches. Having 6 concurrent "identity monitoring" services is of zero value to me.
Vendors like that would be in deep GDPR shit if they claim to not store highly sensitive data and then do in fact store highly sensitive data.
Generally the GDPR is not rigorously enforced, but when it comes to sensitive data like face scans, IDs, medical data etc. the hammer comes down a lot swifter and harder.
GDPR does not stop a breach.
Discord already lost user IDs. Will GDPR delete them from the darknet?
"We delete them immediately after we have sold them to our 579 parters"
Weird that I have to get a list of all the cookie vendors that know I visit a website to show me an ad about something I already bought but the guys with my ID don't need to be listed.
Under GDPR they need to be listed.
GDPR isn't a cookie law — it's a PII law. They need to tell you all parties that get your ID picture, or they're in breach.
3 replies →
Well since you have these IDs, for national security (AML, criminals and whatnot), we will need you to keep them if our endpoint says so, here's the endpoint
How can we even confirm that they are actually deleting them. Trust me bro vibe
Imagine the neural network you could train over such a large dataset of ID's so when you pay your bills or do the flight check-in you avoid the hassle of manually inputting the data yourself? Ah, yes, we have that already.
>"Identity documents submitted to our vendor partners"..
Yeah, say goodbye to those the privacy and safety of those documents.
Since when the city one lives in is mentioned in the birth certificate?
It was only one example they gave, and they accept multiple different types of ID; a driver's license or national ID card being other likely ones, and DLs do say where you live.
None of those documents reliably state my city of residence. At best they document where I once lived, but not even that is guaranteed.
16 replies →
[flagged]
9 replies →