"k-id, the age verification provider discord uses doesn't store or send your face to the server. instead, it sends a bunch of metadata about your face and general process details."
I think the primary issue is not the "send your face" (face info) to a server. The problem is that private entities are greedy for user data, in this case tying facial recognition to activities related to interacting with other people, most of them probably real people. So this creates a huge database - it is no surprise that greedy state actors and private companies want that data. You can use it for many things, including targeted ads.
For me the "must verify" is clearly a lie. They can make it "sound logical" but that does not convince me in the slightest. Back in the age of IRC (I started with mIRC in the 1990s, when I was using windows still), the thought of requiring others to show their faces never occurred to me at all. There were eventually video-related formats but to me it felt largely unnecessary for the most part. Discord is (again to me) nothing but a fancier IRC variant that is controlled by a private (and evidently greedy) actor.
So while it is good to have the information how to bypass anything there, my biggest gripe is that people should not think about it in this way. Meaning, bypassing is not what I would do in this case; I would simply abandon the private platform altogether. People made Discord big; people should make Discord small again if they sniff after them.
> the thought of requiring others to show their faces never occurred to me at all
I know you meant as a service provider, but as a avid IRC (and an online game that conventionally alt-tabbed into a irc-like chat window) chatter as a young preteen in the 90s and 00s, I made a lot of online friends that I would not discover what they looked like IRL for decades, some never. People I was gaming with in the 90s, for the first time, I would see what they looked like over FB in a group made for the now-almost-dead game in the 10s. It was like "swordfish - man, where are you now? I don't even know your real name to find ya. shardz - you look exactly like I would picture ya!."
In the early 2000s, the biggest social media (though we didn't call it that back then) in Finland was IRC-Galleria (IRC-Gallery). It was originally made for IRC users to upload pictures of themselves and see what fellow IRCers looked like. You'd create a profile, add pictures and tag which channels/servers you were on.
Since there were no other websites like that back then, it was eventually overrun by non-IRC-users and transformed into what we'd now call a more generic social media platform. Something like the eternal September I guess. People started calling the gallery "IRC" as shorthand, which royally pissed off the original userbase. Fun times.
Then Facebook appeared and everyone moved there.
It's still up, but it's more of a historical relic these days. Not sure who, if anyone, still uses it: https://irc-galleria.net/
>as a young preteen in the 90s and 00s, I made a lot of online friends
As another 90s preteen, sure, but the internet today has a lot more pedos and groomers online than in the 90s, and preteens today easily share footage of themselves to those adult weirdos, which didn't happen in the 90s because mostly limitations of technology.
BUt if you look at tiktok live it's full of preteen girls dancing, and creepy old men donating them money to the point where tiktok live is basically a preteen strip club. We can't ignore these obvious problems just because we grew up with internet in the 90s and turned out alright.
We have to separate kids from adults on the internet somehow even though i distrust age-verifications systems as they basically remove your anonymity but a solution is inevitable even though it will be faulty and unpopular and people will try to bypass it.
The frustration aimed at Discord et al is largely misplaced. I'm sure these companies don't mind gathering extra data about their users, but the primary impetus for age verification is government legislation. Moving to alternative platforms is not a long term solution because it's attacking the problem from the wrong direction.
Not just government legislation, but also lawsuits. I'm confident that Discord is a hotbed of all kinds of abuse and inappropriate / adult content, a lot targeting younger generations, and most of their resources are spent on that. Age verification doesn't solve that problem per se, but it makes things a bit easier.
The challenge with "protect the children" is not only evildoers targeting them, but targets actively seeking things out. They'll be the first ones looking for ways to circumvent age verification.
I agree that government legislation is part of the equation, but I don't agree that moving to other platforms is not a solution. If Discord were to witness a significant exodus of paying users because of this new verification process, they would probably start fighting the fight themselves.
That said, I don't expect this to happen, switching is very hard for many reasons.
You act like public opinion has no bearing on politics.
Historical precedent: prohibition.
Alternate future: the big websites start losing billions because people just use the internet less or not at all because it's a hassle with no return, and tax revenue drops. Then the politicians start to worry.
Even in the absence of democracy, public opinion affects politics.
Speaks to the network effect I guess. People did not decide inorganically to make Discord big, and simillarly, its pretty hard to convince people to make an inorganic decision to make it small. Overtime it might happen if there is a valid alternative but expecting people to leave discord because of this thing is naive.
I can't speak about this being a current law, but there were laws in multiple US states at various times that prevented you from storing facial data on the server. In turn features like snapchat's face filters were doing all the relevant computation locally on the device (which back then was certainly a complicated achievement).
US tech companies are constantly under FTC audit relating to how they use user data. This is certainly not something that needs to be seriously worried about, certainly less so than say the way in which cameras placed all over cities are used to track all sorts of people or storing GPS locations attached to a specific devices UUID.
The point is that 1) someone can claim there is a verification so we protect kids 2) but more importantly, there is a lot of money to be made selling verification solutions and usually these SaaS companies are owned by regulators and their buddies who make the rules about verifications.
Compliance industry has grown from zero to $90B after we cracked the nut everything needs compliance.
Yep, it sounds like it was written to be falsely reassuring and it doesn't hold up to scrutiny. Facial recognition works on data, not just images, such as the ratios between features, jawline, cheek structure, etc... Most people won't spot this.
Correct. AIM, YIM, MSN, Skype... to name a few all were giants that came before Discord. There will be alternatives over time that will overtake Discord.
The real and robust method will be generating artificial video input instead of the real webcam. I really don’t think any platform will be able to counter this. If they start requiring to use a phone with harder to spoof camera input, you will simply be able to put the camera in front of a high resolution screen. The cat and mouse game will not last long.
> I really don’t think any platform will be able to counter this.
Do platforms want to counter it?
Seems to me with an unreliable video selfie age verification:
* Reasonable people with common sense don't need to upload scans of their driving licenses and passports
* The platform gets to retain users without too much hassle
* Porn site users are forced to create accounts; this enables tracking, boosting ad revenue and growth numbers.
* Politicians get to announce that they have introduced age controls.
* People who claimed age checks wouldn't invade people's privacy don't get proven wrong
* Teens can sidestep the age checks and retain their access; teens trying to hide their porn from their parents is an age-old tradition.
* Parents don't see their teens accessing porn. They feel reassured without having to have any awkward conversations or figure out any baffling smartphone parental controls.
* authorities get to selectively crack down on sites for not implementing "proper" age verification. The sites never had a widespread problem with grooming to begin with but just so happened to have a lot of other activity that the authorities didn't like.
Having everyone operate in a gray area is dangerous and threatens the rule of law.
It depends. If the law says "you must perform such-and-such steps to verify age" then no, they don't care if you can counter it. If the law says "you must use an approach that is at least x% effective" then yes they do care if enough people counter it.
We already had a half-assed solution, where websites would require you to press the button that says "I am over 18". Clearly somebody decided that wasn't good enough. That person is not going to stop until good enough is achieved.
I'm curious the sites that enforce this like 'your state has banned...' what traffic loss they have. Because I'm not gonna sign up for a porn site lmao, the stigma
Don't Windows Hello camera devices have some kind of hardware attestation? I'm sure verification schemes like this will eventually go down that path soon.
My guess is that's probably one of the reasons Google tried to push for Play Store only apps, provide a measurable/verifiable software chain for stuff like this.
They already support ID checks as an alternative to face scanning, if the latter proves to be untenable then it's literally a case of flipping a switch to mandate ID instead.
The long term solution would have to be some kind of integration with a government platform where the platform doesn’t see your ID and the government doesn’t see what you are signing up for.
I don’t this will happen in the US but I can see it in more privacy responding countries.
Apple and Google may also add some kind of “child flag” parents can enable which tells websites and apps this user is a child and all age checks should immediately fail.
Personal Identity Verification (PIV) and Common Access Card (CAC) credentials used by US government & military via NFC already work on web browsers. States should just move to digital IDs stored on smartphones, with chain of trust up through the secure element...
There's no need to counter it, the whole point is to hit the social aspect of being on these platforms. If even half the kids can't figure out how to make it work, then a massive part of the problem is solved because a much larger percentage are only using it due to network effects.
Actually, there are many ways. For example they change colors on your screen and check in real time how it reflects on your face, eyes, etc. Very hard for a model to be trained to respond this quickly to what's on the screen.
They also have you move your head in multiple directions.
You could always generate a random face model with real time rendering with enough details to trick any AI detector (or even human) and then you can do real time animation to orders or screen light tricks. You could also simply use some face filter on your face and these ones are really convincing these days (like on Snapchat and such).
Apple is believed to be adding multispectral imaging to future generations of the iPhone. This and 3d mapping are more than enough to defeat the "point the camera at a high res screen" trick.
The issue is that age verifiers (like Discord) are not really trying.
They could do what a bank does and run everyone's ID through chexsystems. It's really hard to defeat this. Fake identities don't exist in the system and stolen ones would get flagged by geographic, time of use and velocity rules.
Doesn't work for places like Australia, where the social media ban applies only to under-16s. Teenagers rarely have ID, especially in countries where the minimum driving age is higher than 16 (read: most of the world outside the US).
Also, they will probably find that out, and the moment people do so, they become suspicious to state actors. I understand the rationale behind the work around you described; I just don't think it will be a huge factor. I see this elsewhere too - for instance, I use ublock origin a lot. But how many people world wide use it? I think never above 30%, most likely significantly fewer (or perhaps all anti-advertisement extensions, I think it most definitely is below 50% and probably below 30% too).
Remind me again, why do people need government approved ids to access discord in the first place? Everyone in this thread is solutioning how we could make government ids work, but no one seems to be asking if that’s a good idea.
You require a human to identity proof in real life and bind that to a digital identity with a strong authenticator. Anti fraud detection systems can suspend or ban if evasion attempts are detected. Perfect is not the target, it doesn’t have to be.
See: Login.gov (USPS offline proofing) and other national identity systems.
>You require a human to identity proof in real life and bind that to a digital identity
That's going to be a no from me, dawg. I'm sympathetic to ID checks like if you're buying beer or whatever, but not linking my real life identity to discord or whatever.
Which is by nature transient. There are many more and quite dangerous strings attached to doing this online. You never know if all parties involved in the verification are trustworthy.
> you will simply be able to put the camera in front of a high resolution screen
Are you sure it's that simple? How high does the resolution need to be for the camera to not be able to tell? And I'm sure there are sublet clues. Remember, you can't modify the photo or change the camera.
you put a flickering light, pwm creating artifacts in the video and have it apologize for it, to hopefully break some watermarks. my led light started acting up since yesterday, i have no other bulb.
You forgot one (the sane one, which is coming soon anyway):
Using a government issued eID system. The EU is going to rollout eID in a way that a site can just ask “is this person > age xy?”. The answer is cryptographically secure in the sense that this person really is this age, but no other information about you has to be known by the site owner.
Which is the actual correct way to do it.
I don’t understand why all the sites go crazy with flawed age verification schemes right now, instead of waiting a until the eID rollout is done.
EDIT:
I forgot to mention that it’s only the correct way if the implementation doesn’t give away to your government on which sites you browse…
Which I believe is correctly done in the upcoming EU eID but I could be wrong about it.
What I don't understand about this approach is if it's truly completely privacy preserving what stops me from making a service where anyone can use my ID to verify? If the site owner really learns nothing about me except for my age then they can't tell that it's the same id being used for every account. And if the government truly knows nothing about the sites I verify on they can't tell that I'm misusing the id either. So someone must know more then you are letting on.
Sites need to deal with Australia, which punted all responsibility to the platforms and provided no real assistance (like say the government half of the eID system that manages all the keys and metadata)
There are also alternatives that can be good enough, such as the Swedish BankId system, which is managed by a private company owned by many banks. They provide authentication and a chain of trust for the great majority of the population on about all websites (government, healthcare, banking and other commercial services) and is also used to validate online payments (3D Secure will launch the BankId app).
While it's not without faults (services do not always support alternative authentication which may support foreigners having the right to live in the country), it has been quite reliable for so many years.
So just to say, you can have successful alternatives to a government controlled system as many actors may decide it is quite valuable to develop and maintain such a system and that it aligns with their interest, and then have it become a de-facto standard.
Its like it is evolving in front of our eyes! Eventually they might get somewhere that meets all the requirements, natural selection governed by lawsuits.
Persona is the same company oftentimes used for the "show your ID to get in the bar and also we'll data harvest you... and share your data with various people if asked". Go ahead and google search on them for more insight.
NOTE: The script is broken, DO NOT ATTEMPT TO USE THE SCRIPT NOW. Attempting to run it may get your account flagged stopping you from trying face verification either temporarily or permanently, forcing you to use your ID.
Well, it’s a clever idea. Discord seems to have intentionally softened its age-verification steps so it can tell regulators, “we’re doing something to protect children,” while still leaving enough wiggle room that technically savvy users can work around it.
But in practice, this only holds if regulators are either inattentive or satisfied with checkbox compliance. If a government is competent and motivated, this approach won’t hold up—and it may even antagonize regulators by looking like bad-faith compliance.
I’ve also heard that some governments are already pushing for much stricter age-verification protocols, precisely because people can bypass weaker checks—for example, by using a webcam with partial face covering to confuse ID/face matching. I can’t name specific vendors, but some providers are responding by deploying stronger liveness checks that are significantly harder to game. And many services are moving age verification into mobile apps, where simple JavaScript-based tricks are less likely to work.
> Discord seems to have intentionally softened its age-verification steps so it can tell regulators, “we’re doing something to protect children,” while still leaving enough wiggle room that technically savvy users can work around it.
...source?
I sincerely doubt that Discord's lawyers advocated for age verification that was hackable by tech savvy users.
It seems more likely that they are trying to balance two things:
1. Age verification requirements
2. Not storing or sending photos of people's (children's) faces
Both of these are very important, legally, to protect the company. It is highly unlikely that anyone in Discord's leadership, let alone compliance, is advocating for backdoors (at least for us.)
Usually in cases like this, there is no source, there can’t be. Long long ago, long enough to be past the statute of limitations, I was involved in a similar regulatory compliance situation. We specifically communicated in such a way that “actual effectiveness” wasn’t talked about, and we set that up with a single, verbal only and without recording, meeting between the team and one of the lawyers.
Point is, these kinds of schemes where internal communication is deliberately hobbled to comply maliciously with requirements while still being completely in the clear as far as any actual recorded evidence goes. And there’s always at least one person piping in with a naïve “source?” as if people would keep recorded evidence of their criminal conspiracies.
Unless the governments come out with a first party national digital ID that can convey age of majority, they had better make themselves happy with a checkbox because nothing else is realistically possible.
Worked for me as well. Hopefully my account of 11+ years isn't penalized because of this. Not like it matters because I'll quit anyways if forced to send my face or ID.
You probably won't even have to validate then. I guess they can safely assume that you didn't create your account when you were 7 years or younger. They said they expect 80% of users or so to be auto-verified by some other means (account age, typing statistics, whatever)
1. Removes the pain of age verification, encouraging some people to stay in the proprietary walled garden when everyone would be better served by open platforms (and network effects).
2. Provides a pretext for more invasive age verification and identification, because "the privacy-respecting way is too easily circumvented".
3. Encourages people to run arbitrary code from a random Web site in connection with their accounts, which is bad practice, even if this one isn't malware and is fully secure.
Proving that something is possible doesn't mean encouraging it. This was a beautiful work of reverse engineering, that shows how hard it can be to verify personal data without invading privacy. I prefer this awareness to blind trust.
The code was released, therefore it is not arbitrary (problem #3). Should companies react with more invasive techniques (problem #2), users can always move to other platforms (problem #1).
>users can always move to other platforms (problem #1)
Until the cycle restarts again with new platforms.
Also, I am convinced self-hosting or getting a new platform (including return to traditional forums) to run might as well be bureaucratically harder at this point, given the case of lfgss' shutdown: https://news.ycombinator.com/item?id=42433044
This suggests that the immediate availability of a drop-in replacement today means there is no utility in encouraging that growth.
There are multiple open-source tools that do everything Discord does. There are few-to-none that offer everything Discord does, and certainly none that are centralized, network-effect-capture-ready.
Short term:
* Small group chats with known friends: Signal, whatsapp, IRC, Matrix
* Community chat: Zulip, Rocket.chat
* Community voice: Mumble, Teamspeak
* Video / screen sharing and voice chat: Zoom, BigBlueButton, Jitsi
Highly recommend wrapping the code to drop into the console in a immediately-invoked function expression; as it stands, it doesn't work in macOS Safari without an IIFE because top-level await is not supported in any version of Safari yet https://caniuse.com/wf-top-level-await.
In a way I agree with you; but practically 100% of iOS/iPad users are forced to use Safari. Plus, it's nice to have a browser engine that's not Chromium.
I don't understand why (mostly) young people put so much effort into remaining customers of a service that is actively hostile against them and that they do not like. Does the convenience of remaining on a service you don't like the management of outweigh the mild effort to find an alternative solution?
> the mild effort to find an alternative solution?
Calling it a "mild effort" assumes skills that older generations took for granted but many young people seem to have been actively trained out of. We're past the era where I take for granted that aspiring programmers need to have the basics of a terminal or shell explained to them, into one where they might need an explanation for the basics of a file system and paths. I wouldn't be surprised to hear that hardly any of them could touch-type, either. (I wonder what the speed record is for cell phone text input...)
Yes, they can query a search engine (kind of) or, I guess nowadays, ask ChatGPT. But there's going to be more to setting up an alternative than that. And they need to have the idea that an alternative might exist. (After all, they're asking ChatGPT, not some alternative offering from a company that provides alternatives to Google services....)
I don't think it's beyond their comprehension to ask: "how can I have a chat system that I personally control?" The rest will be taken care of.
Look at the Amnezia VPN. It's an app that helps you buy a VPS from a range of cloud provides, then sets it up, completely from the phone, as an exit node under user control.
I don't see why a chat server cannot be set up and managed this way. It only takes one dedicated developer to produce.
You’re ignoring the obvious reason, aside from the network effect: there are no alternative solutions. Some people are building Discord alternatives but they are far from production-ready, often lacking critical features (e.g. Matrix not being able to delete rooms, or still having trouble with decrypting messages). It is simply the case at this point in time that Discord is factually the least bad option for many many use cases.
I don't control most of the discord communities I'm in. Some have been going a long time, and every platform migration sheds and shreds members. The 'mild effort' to move an old community to a new platform more often than not killed the community
> and every platform migration sheds and shreds members.
What's the problem? You're filtering out people who don't really care about participation in whatever group or society is there. People who want to participate will move to an acceptable service and those who feel that is too much effort probably weren't participating much (if at all) anyway - in that case the only difference is the visible list of people with accounts going down, not the actual "users".
Why do middle aged people still use Facebook marketplace rather than another platform? Because even if you put in the effort to use something different, you’ll be the only one there.
The effort to coordinate everyone to move at the same time is bordering on impossible.
Most people don’t really care that their privacy is violated, at least not any more than a superficial “oh well it’s obvious they’re doing that, but what can you do about it!”, no point switching platform if there’s no one there to talk to.
Because being principled damages your social opportunities. Trust me. I resisted Instagram for years. When I finally gave in I instantly had access to more events, was able to connect with more people, felt less excluded. I realised all that I had missed out on.
I don't think asking people to abandon a platform works. We need to fight for open protocols.
The network effect as seen in the other comments plays a big part, but also discord offers a useful service that really nobody else does well. there's a lot wrong with it but you can still create a community in a few clicks and you have text messages, photos, videos, gifs, voice chats, screenshare, a comprehensive permission/role system, tons of bots.. all for free and without needing to be too tech savvy, that's pretty damn cool.
No other chat platform has as many seamless features and such a big userbase. The friction of verifying the identity for a random person that doesn't care about privacy is not really a big deal compared to the downgrade that migrating to another platform would be.
I think for a lot of people (me included) Discord isn't just a chat service like WhatsApp but more of a "home base" where you can hang out with all your friends, make new friends, share media, chat, play games together, stream games to each other, etc.
In the gaming sphere it's so universally used that all the friends you've ever made while gaming are on it, as well as all your chat history, and the entire history of whatever server you met them on. And if you want to make new friends, say to play a particular game, it's incredibly easy to find the official game server and start talking to people and forming lobbies with them.
My main friend group in particular has a server that we've had running since we were teenagers (all in our mid-20s now) which is a central place for all of the conversations we've ever had, all of the pictures we've ever sent each other, all the videos we've ever shared, and so on. That's something I search back through frequently looking for stuff we talked about years ago.
So I'm not saying it's impossible to move, but understand that it would require:
- Intentionally separating from the entire gaming sphere, making it so, so much harder to make new friends or talk to people.
- Getting every single one of your friends that you play games with to agree to downloading and signing up for this new service (in my case that would be approx. a dozen people)
- Accepting that this huge repository of history will be wiped out when moving to the new service (I suppose you could always log back in and scroll through it, but it's at least _harder_ to access, and is separated from all your new history)
On top of this, every time I've looked for capable alternatives to Discord I've come up empty-handed. Nothing else, as far as I can tell supports free servers, the ability to be in multiple servers, text chat divided into separate channels, optional threaded communication, voice chat joinable at any time with customizable audio setup (voice gate, push-to-talk, etc), game streaming from the voice chat at any time, and some "friend" system so that DMs and private calls can be made with each other. And even if I found one, then again I can't express enough that in the gaming sphere effectively _zero_ people use it or even know what it is.
Anyways, I'm not saying that nothing could make me abandon Discord, I'm just saying that doing so is a tremendous effort, and the result at the end will be a significantly worse online social life. So not a mild inconvienence.
>Accepting that this huge repository of history will be wiped out when moving to the new service (I suppose you could always log back in and scroll through it, but it's at least harder to access, and is separated from all your new history)
This is true, but one needs to regularly back this up elsewhere if you care about it. If you're not in control of it, it can go away in an instant; Discord could one day decide to ban your server or anything else, and then it's gone.
When I was a kid, we'd host the pics we want to post on forums on geocities and rename the file extensions to .txt to get past its "no hotlinking images" policy. So it's not like much has changed.
There are a lot of barriers between kids and better solutions, one of which is that anything needs a domain and a server, and that means a credit card.
Getting everyone to switch away from Discord has been hard because getting everyone to spontaneously switch with no clear benefit hasn't worked. They want to just keep using the app and get back into a game with their friend.
It's different to lock a door and task users with getting the key to come back in. This is more similar to an MMORPG that kills their audience because they cause the core group to stop playing and then all of the other players experiences get worse, which causes a downward trend that avalanches.
Nothing more "adversarial" than continuing to allow a service to leach on whatever information you're giving to it despite it kicking you in the face at every opportunity.
>remaining customers of a service that is actively hostile against them
because that's not how they view it. For most Gen Z users and younger their digital identity already is their identity and they have no problem verifying it because the idea of being anonymous on a social network defeats the purpose of being there in the first place.
Universalising any group is dangerous, but this isn't true for even the least informed young people I know.
They grew up being watched. They know what these data harvesting operations are and how dangerous this is. They've got front row seats to the dystopia. The difference is that they can't / couldn't do anything about it.
They think the world is broken and that you broke it. They're pissed off. And powerless. Not a good combination
Even McKinsey is now reporting on it,
Some Gen Zers push back on a lack of privacy, creating online subcultures that fantasize about anonymity: the pastoral “cottagecore” aesthetic, inspired by tiny cabins and homegrown greens, was one of Gen Z’s first major trends.
Some opt out; the New York Times recently reported on a group of self-described Luddite teens who found community by kicking smart devices in favor of the humble flip phone.
Even if you don’t go that far, many young people are veering away from “everyone knows everything” social media to curate a close group of friends and carefully monitor how much they put online.
I suspected something along these lines was possible when I looked at this provider a couple months ago.
If I recall, I had a fairly decent view of their various checks because it was delivered completely unminified, including a couple amusing sections and unimplemented features. (A gesture detector with the middle finger gesture in the enumerable commented out, for example...)
Another attack vector that I speculated upon was intercepting and replacing their tflite model with ones own, returning whatever results required.
Additionally, I believe they had a check for virtual camera names in place, as checks would quietly fail with a generic message in the interface, but show the reason as being virtual camera within responses. (Camera names are mutable though, so...)
The reaction to Discord age verification fiasco once again makes me believe that HN users just don’t have friends.
There is no alternative for Discord for bigger groups.
If there was, I still couldn’t move multiple social circles to it, no matter how much I evangelised.
The “just don’t use the less morally aligned platform” argument has always been valid only for those without a strong need for it, whether it’s X or Discord.
> The reaction to Discord age verification fiasco once again makes me believe that HN users just don’t have friends. There is no alternative for Discord
Are you saying that people who don't talk to their friends over Discord don't have friends?
Is that a statement you genuinely find reasonable?
Using whatever platform you prefer with a subset of people is fine and doable, but you're lying to yourself if you think that it is the "start" of anything.
I mostly use Telegram with my friends circle. You can have groups with individual topics. But we don't do group calls. I don't really see the appeal of group calls unless you are a gamer maybe. If I want to talk to them, I go meet them.
Worth noting when you open up the developer tools console in discord (facebook and some other sites do it too), you get a regular message printed with "If someone told you to copy/paste something here, there’s an 11/10 chance you’re being scammed." and then "Pasting anything in here could give attackers access to your Discord account." in bold+red text. It used to also mention "free nitro" as an example of a scam you may be falling for.
I've heard, but haven't confirmed, they also detect you opening developer tools using various methods and remove your auth keys from localstorage while you have it open to make account takeovers harder. (but not impossible)
Opening the browser console in a separate window mitigates some of that detection.
Every time I open the dev tools on Safari (to reverse-engineer some random broken website that doesn't let me do what I need to and forces me to write yet another Python script using Beautifulsoup4), Google logs me out of all of my accounts.
To add insult to injury, Google's auth management is so broken that if I log in to the "wrong" account first by accident (E.G. when joining a work meeting from Calendar.app), that account now becomes primary for Google Search / Youtube, and there's no way to change that without logging back out from all accounts and then logging into them again.
> I've heard, but haven't confirmed, they also detect you opening developer tools using various methods and remove your auth keys from localstorage while you have it open to make account takeovers harder. (but not impossible)
You can open the network tab, click an API requesst, and copy the token from the Authorization header.
>I've heard, but haven't confirmed, they also detect you opening developer tools using various methods and remove your auth keys from localstorage while you have it open to make account takeovers harder. (but not impossible)
No, they just keep moving it between updates. It's still there. It just gets harder to extract.
The implementation doesn't matter. Current options for bypassing it don't matter. The nature of the content being blocked doesn't matter.
The root problem is that Discord is asking users for their real identity in exchange for accessing social media content. That is a line that simply should not be crossed.
They can change the implementation later. They can make it harder to bypass. They can identify users who bypassed it and start them over from square one. They can change what type of content is blocked. They can alter the deal, but users cannot take back their identity once it is handed over.
Discord has become a platform that is outwardly adversarial to its users. Don't try to fight it. Don't keep investing in a platform that's actively hostile to you. Cut your losses now and find something else.
As always, motivated minors will trivially bypass things.
Only annoyed adults, who don't see the point in pursuing a bypass, will supply their actual ID, which is what will eventually get breached in the inevitable yet-another-breach.
I pray the status quo is good enough for legal requirements and the hacks like these don't mean the end of on-device verification (or the requirement of chain of trust from boot)
Tangentially, it's kind of weird how most of the sites' systems to verify your age try to get you to do it on a phone.
I've never used twitter on a phone, yet that's the only official way to go through the age verification process. Youtube too.
I attempted to get through the youtube one on a new account to see an age-gated video, but couldn't finish the process and gave up. At the time, I remember thinking it would be easier for me to buy an age verified google account from someone.
My theory is that the vast majority of users won't have an Android with root access/a jailbroken iPhone, which reduces the risk of using a virtual camera? Then they can just block emulators/rooted/jailbroken devices which increases the barrier to entry.
Is this not easily patched by the provider encrypting and signing the whole payload? I would have thought that would be table stakes for an identity provider.
You're assuming discord or twitch actually care. I doubt they actually do. It's there to preempt the regulatory hammer, and the presence of clunky workarounds like this doesn't affect it if it doesn't reach the mainstream. If it does, they can just patch it.
the hammer of the gov't works slowly, but such bypasses will eventually be worked around - it doesn't matter if twitch/discord/etc actually care or not, because their care is irrelevant.
> the presence of clunky workarounds like this doesn't affect it if it doesn't reach the mainstream.
i suspect that mainstream would eventually find it - like how VPNs suddenly became very popular in the UK.
It worked for me (I got the green success message) however I did not get a confirmation DM from the "official Discord account" like others said they did.
I hope that Discord, Twitch and Snapchat will die soon after introducing verification of adult persons. I hope it will be replace by more open and privacy respecting services.
This is an abhorrent threat to the safety of our children and just another example of how the [Red / Blue]* party are failing in online safety.
That is why we, the [Blue / Red] party are announcing today a manifesto pledge to outlaw all computers that allow unsigned booting of unauthorized platforms, to outlaw all browsers that do not participate in the chain of trust this provides, and to outlaw all websites that do not verify the code path from boot to browser.
Only with complete trust and authorization will we be able to sleep safe in the knowledge our children’s faces are being scanned by law abiding patriots and not subverted by evil hackers like xyzeva and Dziurwa.
— General Secretary gorgoiler
.. .. ..
*What do you do, btw, if you extend your political machine into another country by subsuming their party into yours, but when their colour is traditionally X and yours is traditionally Y? Mixed light: the White party? Mixed paint: the Brown party?
Age verification itself isn't such a bad thing. I feel most people are more angry about having to verify their actual identity. Every ad provider knows your address and complete identity every time you log into anything though. I guess its the illusion of anonymity that's so popular.
There's often a degree of uncertainty with the data advertisers have. This would heavily reduce that uncertainty and enable worse behavior on the part of advertisers.
The comments so far assume that Discord / Twitch / Snapchat don't care as entities that people will start bypassing their age verification systems. I believe the rank-and-file think that's the case. I think even the engineers and PMs think that's the case. But that's not the game.
There are many ways in which such a system could be implemented. They could have asked people to use a credit card. Adult entertainment services have been using this as a way to do tacit age verification for a very long time now. Or, they could have made a new zero-knowledge proof system. Or, ideally, they could have told the authorities to get bent.
Tech is hardly the first industry to face significant (justifiable or unjustifiable) government backlash. I am hesitant to use them as examples as they're a net harm, whereas this is about preventing a societal net harm, but the fossil fuel and tobacco industries fought their governments for decades and straight up changed the political system to suit them.
FAANG are richer than they ever were. Even Discord can raise more and deploy more capital than most of the tobacco industry at the time. It's also a righteous cause. A cause most people can get behind (see: privacy as a selling point for Apple and the backlash to Ring). But they're not fighting this. They're leaning into it.
Let's take a look at what they're asking from people for a second, the face scan,
If you choose Facial Age Estimation, you’ll be prompted to record a short video selfie of your face. The Facial Age Estimation technology runs entirely on your device in real time when you are performing the verification. That means that facial scans never leave your device, and Discord and vendors never receive it. We only get your age group.
Their specific ask is to try and get depth data by moving the phone back and forth. This is not just "take a selfie" – they're getting the user to move the device laterally to extract facial structure. The "face scan" (how is that defined??) never leaves the device, but that doesn't mean the biometric data isn't extracted and sent to their third-party supplier, k-Id. From the article,
k-id, the age verification provider discord uses doesn't store or send your face to the server. instead, it sends a bunch of metadata about your face and general process details.
The author assumes that "this [approach] is good for your privacy." It's not. If you give me the depth data for a face, you've given me the fingerprint for that face. A machine doesn't need pictures; "a bunch of metadata" will do just fine.
Discord is also doing profiling along vectors (presumably behavioral and demographic features) which the author describes as,
after some trial and error, we narrowed the checked part to the prediction arrays, which are outputs, primaryOutputs and raws.
turns out, both outputs and primaryOutputs are generated from raws. basically, the raw numbers are mapped to age outputs, and then the outliers get removed with z-score (once for primaryOutputs and twice for outputs).
Discord plugs into games and allows people to share what they're doing with their friends. For example, Discord can automatically share which song a user is listening on Spotify with their friends (who can join in), the game they're playing, whether they're streaming on Twitch etc. In general, Discord seems to have fairly reliable data about the other applications the user is running. Discord also has data about your voice (which they say they may store) and now your face.
Is some or all of this data being turned into features that are being fed to this third-party k-ID? https://www.k-id.com/
k-ID is (at first glance) extracting fairly similar data from Snapchat, Twitch etc. With ID documents added into the mix, this certainly seems like a very interesting global profiling dataset backstopped with government documentation as ground truth. :)
Neat that this exists, but priming children to copy/paste random JavaScript into their Dev consoles feels like a recipe for disaster. Bets on how long before malware starts buying up "discord age verification bypass" ad spots?
It seems unlikely that "is user adult" is not already easily modeled by any of these companies to within a very high degree of confidence. Even 15 or 20 years ago Google search could bracket your age pretty effectively. It doesn't seem like this adds metadata that wasn't already there.
The official app/client is 100% legally compliant in its unmodified state. But doing something like using another client, having your PDS say you're age verified, or using a ublock origin rule to change where the geolocation API thinks you are completely sidestep it.
It was never going to be perfect. I suspect the goal with things like these is to add additional friction to the process, to make it much harder for the general population to bypass them.
"k-id, the age verification provider discord uses doesn't store or send your face to the server. instead, it sends a bunch of metadata about your face and general process details."
I think the primary issue is not the "send your face" (face info) to a server. The problem is that private entities are greedy for user data, in this case tying facial recognition to activities related to interacting with other people, most of them probably real people. So this creates a huge database - it is no surprise that greedy state actors and private companies want that data. You can use it for many things, including targeted ads.
For me the "must verify" is clearly a lie. They can make it "sound logical" but that does not convince me in the slightest. Back in the age of IRC (I started with mIRC in the 1990s, when I was using windows still), the thought of requiring others to show their faces never occurred to me at all. There were eventually video-related formats but to me it felt largely unnecessary for the most part. Discord is (again to me) nothing but a fancier IRC variant that is controlled by a private (and evidently greedy) actor.
So while it is good to have the information how to bypass anything there, my biggest gripe is that people should not think about it in this way. Meaning, bypassing is not what I would do in this case; I would simply abandon the private platform altogether. People made Discord big; people should make Discord small again if they sniff after them.
> the thought of requiring others to show their faces never occurred to me at all
I know you meant as a service provider, but as a avid IRC (and an online game that conventionally alt-tabbed into a irc-like chat window) chatter as a young preteen in the 90s and 00s, I made a lot of online friends that I would not discover what they looked like IRL for decades, some never. People I was gaming with in the 90s, for the first time, I would see what they looked like over FB in a group made for the now-almost-dead game in the 10s. It was like "swordfish - man, where are you now? I don't even know your real name to find ya. shardz - you look exactly like I would picture ya!."
Just some musings.
In the early 2000s, the biggest social media (though we didn't call it that back then) in Finland was IRC-Galleria (IRC-Gallery). It was originally made for IRC users to upload pictures of themselves and see what fellow IRCers looked like. You'd create a profile, add pictures and tag which channels/servers you were on.
Since there were no other websites like that back then, it was eventually overrun by non-IRC-users and transformed into what we'd now call a more generic social media platform. Something like the eternal September I guess. People started calling the gallery "IRC" as shorthand, which royally pissed off the original userbase. Fun times.
Then Facebook appeared and everyone moved there.
It's still up, but it's more of a historical relic these days. Not sure who, if anyone, still uses it: https://irc-galleria.net/
Wikipedia: https://en.wikipedia.org/wiki/IRC-Galleria
3 replies →
>as a young preteen in the 90s and 00s, I made a lot of online friends
As another 90s preteen, sure, but the internet today has a lot more pedos and groomers online than in the 90s, and preteens today easily share footage of themselves to those adult weirdos, which didn't happen in the 90s because mostly limitations of technology.
BUt if you look at tiktok live it's full of preteen girls dancing, and creepy old men donating them money to the point where tiktok live is basically a preteen strip club. We can't ignore these obvious problems just because we grew up with internet in the 90s and turned out alright.
We have to separate kids from adults on the internet somehow even though i distrust age-verifications systems as they basically remove your anonymity but a solution is inevitable even though it will be faulty and unpopular and people will try to bypass it.
65 replies →
[dead]
The frustration aimed at Discord et al is largely misplaced. I'm sure these companies don't mind gathering extra data about their users, but the primary impetus for age verification is government legislation. Moving to alternative platforms is not a long term solution because it's attacking the problem from the wrong direction.
Not just government legislation, but also lawsuits. I'm confident that Discord is a hotbed of all kinds of abuse and inappropriate / adult content, a lot targeting younger generations, and most of their resources are spent on that. Age verification doesn't solve that problem per se, but it makes things a bit easier.
The challenge with "protect the children" is not only evildoers targeting them, but targets actively seeking things out. They'll be the first ones looking for ways to circumvent age verification.
4 replies →
I agree that government legislation is part of the equation, but I don't agree that moving to other platforms is not a solution. If Discord were to witness a significant exodus of paying users because of this new verification process, they would probably start fighting the fight themselves.
That said, I don't expect this to happen, switching is very hard for many reasons.
5 replies →
You act like public opinion has no bearing on politics.
Historical precedent: prohibition.
Alternate future: the big websites start losing billions because people just use the internet less or not at all because it's a hassle with no return, and tax revenue drops. Then the politicians start to worry.
Even in the absence of democracy, public opinion affects politics.
1 reply →
Yes the same outraged users were totally fine with giving Discord all their personal conversations.
Speaks to the network effect I guess. People did not decide inorganically to make Discord big, and simillarly, its pretty hard to convince people to make an inorganic decision to make it small. Overtime it might happen if there is a valid alternative but expecting people to leave discord because of this thing is naive.
I can't speak about this being a current law, but there were laws in multiple US states at various times that prevented you from storing facial data on the server. In turn features like snapchat's face filters were doing all the relevant computation locally on the device (which back then was certainly a complicated achievement).
US tech companies are constantly under FTC audit relating to how they use user data. This is certainly not something that needs to be seriously worried about, certainly less so than say the way in which cameras placed all over cities are used to track all sorts of people or storing GPS locations attached to a specific devices UUID.
The point is that 1) someone can claim there is a verification so we protect kids 2) but more importantly, there is a lot of money to be made selling verification solutions and usually these SaaS companies are owned by regulators and their buddies who make the rules about verifications.
Compliance industry has grown from zero to $90B after we cracked the nut everything needs compliance.
Here is a good book about the topic https://www.amazon.com/Compliance-Industrial-Complex-Operati...
Yeah, isn't facial recognition metadata about relationships between facial features? Nothing about that statement makes me more at ease.
Yep, it sounds like it was written to be falsely reassuring and it doesn't hold up to scrutiny. Facial recognition works on data, not just images, such as the ratios between features, jawline, cheek structure, etc... Most people won't spot this.
Correct. AIM, YIM, MSN, Skype... to name a few all were giants that came before Discord. There will be alternatives over time that will overtake Discord.
The real and robust method will be generating artificial video input instead of the real webcam. I really don’t think any platform will be able to counter this. If they start requiring to use a phone with harder to spoof camera input, you will simply be able to put the camera in front of a high resolution screen. The cat and mouse game will not last long.
> I really don’t think any platform will be able to counter this.
Do platforms want to counter it?
Seems to me with an unreliable video selfie age verification:
* Reasonable people with common sense don't need to upload scans of their driving licenses and passports
* The platform gets to retain users without too much hassle
* Porn site users are forced to create accounts; this enables tracking, boosting ad revenue and growth numbers.
* Politicians get to announce that they have introduced age controls.
* People who claimed age checks wouldn't invade people's privacy don't get proven wrong
* Teens can sidestep the age checks and retain their access; teens trying to hide their porn from their parents is an age-old tradition.
* Parents don't see their teens accessing porn. They feel reassured without having to have any awkward conversations or figure out any baffling smartphone parental controls.
Everyone wins.
I think you forgot :
* authorities get to selectively crack down on sites for not implementing "proper" age verification. The sites never had a widespread problem with grooming to begin with but just so happened to have a lot of other activity that the authorities didn't like.
Having everyone operate in a gray area is dangerous and threatens the rule of law.
3 replies →
It depends. If the law says "you must perform such-and-such steps to verify age" then no, they don't care if you can counter it. If the law says "you must use an approach that is at least x% effective" then yes they do care if enough people counter it.
We already had a half-assed solution, where websites would require you to press the button that says "I am over 18". Clearly somebody decided that wasn't good enough. That person is not going to stop until good enough is achieved.
11 replies →
Until somebody (likely a politician or anti-porn advocacy group) decides to poke the bear and ruin it
3 replies →
If we normalize this shit everyone will lose.
> Reasonable people with common sense don't need to upload scans of their driving licenses and passports
Cue random bans.
> People who claimed age checks wouldn't invade people's privacy don't get proven wrong
And? Is that supposed to change anything?
> Everyone wins.
Only if the lawmakers agreed.
> Porn site users are forced to create accounts
I'm curious the sites that enforce this like 'your state has banned...' what traffic loss they have. Because I'm not gonna sign up for a porn site lmao, the stigma
Don't Windows Hello camera devices have some kind of hardware attestation? I'm sure verification schemes like this will eventually go down that path soon.
My guess is that's probably one of the reasons Google tried to push for Play Store only apps, provide a measurable/verifiable software chain for stuff like this.
That the camera is real doesn't imply the thing it's viewing is real.
11 replies →
Yes they do. Part of the reason why you can't use certain webcams that are Windows Hello compatible (I.e. with IR) in recent versions of Windows.
IIRC they had these fingerprinting pads?
They already support ID checks as an alternative to face scanning, if the latter proves to be untenable then it's literally a case of flipping a switch to mandate ID instead.
The long term solution would have to be some kind of integration with a government platform where the platform doesn’t see your ID and the government doesn’t see what you are signing up for.
I don’t this will happen in the US but I can see it in more privacy responding countries.
Apple and Google may also add some kind of “child flag” parents can enable which tells websites and apps this user is a child and all age checks should immediately fail.
26 replies →
ID is much easier to forge, it's just a flat 2-d shape. None of the physical security features come through in images.
9 replies →
They can't feasibly do this in the US since many people don't have drivers licenses or passports.
23 replies →
Personal Identity Verification (PIV) and Common Access Card (CAC) credentials used by US government & military via NFC already work on web browsers. States should just move to digital IDs stored on smartphones, with chain of trust up through the secure element...
4 replies →
And lose every user in the process
11 replies →
Most people under the driving age don’t have ID’s, at least in the US.
[dead]
> The cat and mouse game will not last long.
Yes but for completely different reasons: I will not bother to play the game and stop using the platform.
you counter this by using an id verified service like login.gov or okta verify.
That's the endgame and what the EU really wants. No poasting unless they can arrest you for inconvenient memes.
Yes this is spot on. Apple & Google mobile platforms are locked down tight for this reason. Try installing okta verify on graphene OS. You cannot.
4 replies →
Wow. The EU.
1 reply →
Alternatively, hand someone $20 and your phone and have them do the verification for you.
This is just what I did, and plan to continue to do.
1 reply →
There's no need to counter it, the whole point is to hit the social aspect of being on these platforms. If even half the kids can't figure out how to make it work, then a massive part of the problem is solved because a much larger percentage are only using it due to network effects.
Actually, there are many ways. For example they change colors on your screen and check in real time how it reflects on your face, eyes, etc. Very hard for a model to be trained to respond this quickly to what's on the screen.
They also have you move your head in multiple directions.
You could always generate a random face model with real time rendering with enough details to trick any AI detector (or even human) and then you can do real time animation to orders or screen light tricks. You could also simply use some face filter on your face and these ones are really convincing these days (like on Snapchat and such).
3 replies →
Apple is believed to be adding multispectral imaging to future generations of the iPhone. This and 3d mapping are more than enough to defeat the "point the camera at a high res screen" trick.
The issue is that age verifiers (like Discord) are not really trying.
They could do what a bank does and run everyone's ID through chexsystems. It's really hard to defeat this. Fake identities don't exist in the system and stolen ones would get flagged by geographic, time of use and velocity rules.
Doesn't work for places like Australia, where the social media ban applies only to under-16s. Teenagers rarely have ID, especially in countries where the minimum driving age is higher than 16 (read: most of the world outside the US).
4 replies →
But how many users will do so? 1%? 5%?
Also, they will probably find that out, and the moment people do so, they become suspicious to state actors. I understand the rationale behind the work around you described; I just don't think it will be a huge factor. I see this elsewhere too - for instance, I use ublock origin a lot. But how many people world wide use it? I think never above 30%, most likely significantly fewer (or perhaps all anti-advertisement extensions, I think it most definitely is below 50% and probably below 30% too).
Death Stranding 2 photo-mode works well for this.
There is an easy solution to this - require a government ID, and only permit government IDs that can be verified with the state's government.
There are a lot of countries and US states where such validation is possible.
Given the state is mandating these checks, it only makes sense that the state should be responsible for making it possible to perform these checks.
Remind me again, why do people need government approved ids to access discord in the first place? Everyone in this thread is solutioning how we could make government ids work, but no one seems to be asking if that’s a good idea.
4 replies →
You require a human to identity proof in real life and bind that to a digital identity with a strong authenticator. Anti fraud detection systems can suspend or ban if evasion attempts are detected. Perfect is not the target, it doesn’t have to be.
See: Login.gov (USPS offline proofing) and other national identity systems.
(digital identity is a component of my work)
>You require a human to identity proof in real life and bind that to a digital identity
That's going to be a no from me, dawg. I'm sympathetic to ID checks like if you're buying beer or whatever, but not linking my real life identity to discord or whatever.
13 replies →
Which is by nature transient. There are many more and quite dangerous strings attached to doing this online. You never know if all parties involved in the verification are trustworthy.
> you will simply be able to put the camera in front of a high resolution screen
Are you sure it's that simple? How high does the resolution need to be for the camera to not be able to tell? And I'm sure there are sublet clues. Remember, you can't modify the photo or change the camera.
I did this with OBS Virtual Camera for a thing in Oregon and it worked.
This is the right question. Who will benefits from blocking young people? Probably not the platform.
hardware attestation webcams :) . in the dark future of the 2k there is only windows
you put a flickering light, pwm creating artifacts in the video and have it apologize for it, to hopefully break some watermarks. my led light started acting up since yesterday, i have no other bulb.
If it was that easy, Face ID wouldn't be used
[dead]
[flagged]
You forgot one (the sane one, which is coming soon anyway):
Using a government issued eID system. The EU is going to rollout eID in a way that a site can just ask “is this person > age xy?”. The answer is cryptographically secure in the sense that this person really is this age, but no other information about you has to be known by the site owner.
Which is the actual correct way to do it.
I don’t understand why all the sites go crazy with flawed age verification schemes right now, instead of waiting a until the eID rollout is done.
EDIT: I forgot to mention that it’s only the correct way if the implementation doesn’t give away to your government on which sites you browse… Which I believe is correctly done in the upcoming EU eID but I could be wrong about it.
What I don't understand about this approach is if it's truly completely privacy preserving what stops me from making a service where anyone can use my ID to verify? If the site owner really learns nothing about me except for my age then they can't tell that it's the same id being used for every account. And if the government truly knows nothing about the sites I verify on they can't tell that I'm misusing the id either. So someone must know more then you are letting on.
13 replies →
Sites need to deal with Australia, which punted all responsibility to the platforms and provided no real assistance (like say the government half of the eID system that manages all the keys and metadata)
5 replies →
There are also alternatives that can be good enough, such as the Swedish BankId system, which is managed by a private company owned by many banks. They provide authentication and a chain of trust for the great majority of the population on about all websites (government, healthcare, banking and other commercial services) and is also used to validate online payments (3D Secure will launch the BankId app).
While it's not without faults (services do not always support alternative authentication which may support foreigners having the right to live in the country), it has been quite reliable for so many years.
So just to say, you can have successful alternatives to a government controlled system as many actors may decide it is quite valuable to develop and maintain such a system and that it aligns with their interest, and then have it become a de-facto standard.
1 reply →
"Papers, please" is the fastest and slipperiest slope to authoritarianism. Europeans are ironically blasé.
Its like it is evolving in front of our eyes! Eventually they might get somewhere that meets all the requirements, natural selection governed by lawsuits.
This comment is so LLM-generated.
Hm, when attempting it I get redirected to https://age-verifier.kibty.town/webview?url=null, which says:
{"error":"error parsing webview url"}
Edit: Apparently my discord account is in some kind of A/B feature test that uses a different verification provider, Persona
Persona is the same company oftentimes used for the "show your ID to get in the bar and also we'll data harvest you... and share your data with various people if asked". Go ahead and google search on them for more insight.
https://x.com/xyz3va/status/2021734252505604108
https://xcancel.com/xyz3va/status/2021734252505604108
Hopefully your comment gets pushed to the top. Would like the security guys from the blog to see it.
It only works because the other provider has a more private implementation compounded with bad security.
NOTE: The script is broken, DO NOT ATTEMPT TO USE THE SCRIPT NOW. Attempting to run it may get your account flagged stopping you from trying face verification either temporarily or permanently, forcing you to use your ID.
pr: https://github.com/xyzeva/k-id-age-verifier/pull/12
Well, it’s a clever idea. Discord seems to have intentionally softened its age-verification steps so it can tell regulators, “we’re doing something to protect children,” while still leaving enough wiggle room that technically savvy users can work around it.
But in practice, this only holds if regulators are either inattentive or satisfied with checkbox compliance. If a government is competent and motivated, this approach won’t hold up—and it may even antagonize regulators by looking like bad-faith compliance.
I’ve also heard that some governments are already pushing for much stricter age-verification protocols, precisely because people can bypass weaker checks—for example, by using a webcam with partial face covering to confuse ID/face matching. I can’t name specific vendors, but some providers are responding by deploying stronger liveness checks that are significantly harder to game. And many services are moving age verification into mobile apps, where simple JavaScript-based tricks are less likely to work.
> Discord seems to have intentionally softened its age-verification steps so it can tell regulators, “we’re doing something to protect children,” while still leaving enough wiggle room that technically savvy users can work around it.
...source?
I sincerely doubt that Discord's lawyers advocated for age verification that was hackable by tech savvy users.
It seems more likely that they are trying to balance two things:
1. Age verification requirements
2. Not storing or sending photos of people's (children's) faces
Both of these are very important, legally, to protect the company. It is highly unlikely that anyone in Discord's leadership, let alone compliance, is advocating for backdoors (at least for us.)
Usually in cases like this, there is no source, there can’t be. Long long ago, long enough to be past the statute of limitations, I was involved in a similar regulatory compliance situation. We specifically communicated in such a way that “actual effectiveness” wasn’t talked about, and we set that up with a single, verbal only and without recording, meeting between the team and one of the lawyers.
Point is, these kinds of schemes where internal communication is deliberately hobbled to comply maliciously with requirements while still being completely in the clear as far as any actual recorded evidence goes. And there’s always at least one person piping in with a naïve “source?” as if people would keep recorded evidence of their criminal conspiracies.
Unless the governments come out with a first party national digital ID that can convey age of majority, they had better make themselves happy with a checkbox because nothing else is realistically possible.
It does appear to work. I received a message from Discord saying "We determined you're in the adult group. <learn more>"
narrator> And that's when he discovers his account has now been hacked...
;)
Worked for me as well. Hopefully my account of 11+ years isn't penalized because of this. Not like it matters because I'll quit anyways if forced to send my face or ID.
You probably won't even have to validate then. I guess they can safely assume that you didn't create your account when you were 7 years or younger. They said they expect 80% of users or so to be auto-verified by some other means (account age, typing statistics, whatever)
13 replies →
This isn't as fun as using the g-man from half life to verify
i changed the password later just to be sure.
Three problems with this:
1. Removes the pain of age verification, encouraging some people to stay in the proprietary walled garden when everyone would be better served by open platforms (and network effects).
2. Provides a pretext for more invasive age verification and identification, because "the privacy-respecting way is too easily circumvented".
3. Encourages people to run arbitrary code from a random Web site in connection with their accounts, which is bad practice, even if this one isn't malware and is fully secure.
Proving that something is possible doesn't mean encouraging it. This was a beautiful work of reverse engineering, that shows how hard it can be to verify personal data without invading privacy. I prefer this awareness to blind trust.
The code was released, therefore it is not arbitrary (problem #3). Should companies react with more invasive techniques (problem #2), users can always move to other platforms (problem #1).
>users can always move to other platforms (problem #1)
Until the cycle restarts again with new platforms.
Also, I am convinced self-hosting or getting a new platform (including return to traditional forums) to run might as well be bureaucratically harder at this point, given the case of lfgss' shutdown: https://news.ycombinator.com/item?id=42433044
> everyone would be better served by open platforms
Oh cool, which ones?!
…aaaand there's the problem.
This suggests that the immediate availability of a drop-in replacement today means there is no utility in encouraging that growth.
There are multiple open-source tools that do everything Discord does. There are few-to-none that offer everything Discord does, and certainly none that are centralized, network-effect-capture-ready.
Short term:
* Small group chats with known friends: Signal, whatsapp, IRC, Matrix
* Community chat: Zulip, Rocket.chat
* Community voice: Mumble, Teamspeak
* Video / screen sharing and voice chat: Zoom, BigBlueButton, Jitsi
I've heard about Stoat but haven't read up on it.
8 replies →
Highly recommend wrapping the code to drop into the console in a immediately-invoked function expression; as it stands, it doesn't work in macOS Safari without an IIFE because top-level await is not supported in any version of Safari yet https://caniuse.com/wf-top-level-await.
Why bother supporting Safari when they aren't interested in supporting the modern web? They're five years behind.
In a way I agree with you; but practically 100% of iOS/iPad users are forced to use Safari. Plus, it's nice to have a browser engine that's not Chromium.
1 reply →
I don't understand why (mostly) young people put so much effort into remaining customers of a service that is actively hostile against them and that they do not like. Does the convenience of remaining on a service you don't like the management of outweigh the mild effort to find an alternative solution?
> the mild effort to find an alternative solution?
Calling it a "mild effort" assumes skills that older generations took for granted but many young people seem to have been actively trained out of. We're past the era where I take for granted that aspiring programmers need to have the basics of a terminal or shell explained to them, into one where they might need an explanation for the basics of a file system and paths. I wouldn't be surprised to hear that hardly any of them could touch-type, either. (I wonder what the speed record is for cell phone text input...)
Yes, they can query a search engine (kind of) or, I guess nowadays, ask ChatGPT. But there's going to be more to setting up an alternative than that. And they need to have the idea that an alternative might exist. (After all, they're asking ChatGPT, not some alternative offering from a company that provides alternatives to Google services....)
I don't think it's beyond their comprehension to ask: "how can I have a chat system that I personally control?" The rest will be taken care of.
Look at the Amnezia VPN. It's an app that helps you buy a VPS from a range of cloud provides, then sets it up, completely from the phone, as an exit node under user control.
I don't see why a chat server cannot be set up and managed this way. It only takes one dedicated developer to produce.
3 replies →
> I don't understand why (mostly) young people put so much effort into remaining customers of a service that is actively hostile against them
The Network Effect.
That's it. Their friends are there so they're there.
You’re ignoring the obvious reason, aside from the network effect: there are no alternative solutions. Some people are building Discord alternatives but they are far from production-ready, often lacking critical features (e.g. Matrix not being able to delete rooms, or still having trouble with decrypting messages). It is simply the case at this point in time that Discord is factually the least bad option for many many use cases.
I don't control most of the discord communities I'm in. Some have been going a long time, and every platform migration sheds and shreds members. The 'mild effort' to move an old community to a new platform more often than not killed the community
> and every platform migration sheds and shreds members.
What's the problem? You're filtering out people who don't really care about participation in whatever group or society is there. People who want to participate will move to an acceptable service and those who feel that is too much effort probably weren't participating much (if at all) anyway - in that case the only difference is the visible list of people with accounts going down, not the actual "users".
4 replies →
Why do middle aged people still use Facebook marketplace rather than another platform? Because even if you put in the effort to use something different, you’ll be the only one there.
The effort to coordinate everyone to move at the same time is bordering on impossible.
which? I'd love to, but FB marketplace is the platform.
1 reply →
First mover advantage with network effects
1 reply →
Most people don’t really care that their privacy is violated, at least not any more than a superficial “oh well it’s obvious they’re doing that, but what can you do about it!”, no point switching platform if there’s no one there to talk to.
Because being principled damages your social opportunities. Trust me. I resisted Instagram for years. When I finally gave in I instantly had access to more events, was able to connect with more people, felt less excluded. I realised all that I had missed out on.
I don't think asking people to abandon a platform works. We need to fight for open protocols.
The network effect as seen in the other comments plays a big part, but also discord offers a useful service that really nobody else does well. there's a lot wrong with it but you can still create a community in a few clicks and you have text messages, photos, videos, gifs, voice chats, screenshare, a comprehensive permission/role system, tons of bots.. all for free and without needing to be too tech savvy, that's pretty damn cool.
No other chat platform has as many seamless features and such a big userbase. The friction of verifying the identity for a random person that doesn't care about privacy is not really a big deal compared to the downgrade that migrating to another platform would be.
I think for a lot of people (me included) Discord isn't just a chat service like WhatsApp but more of a "home base" where you can hang out with all your friends, make new friends, share media, chat, play games together, stream games to each other, etc.
In the gaming sphere it's so universally used that all the friends you've ever made while gaming are on it, as well as all your chat history, and the entire history of whatever server you met them on. And if you want to make new friends, say to play a particular game, it's incredibly easy to find the official game server and start talking to people and forming lobbies with them.
My main friend group in particular has a server that we've had running since we were teenagers (all in our mid-20s now) which is a central place for all of the conversations we've ever had, all of the pictures we've ever sent each other, all the videos we've ever shared, and so on. That's something I search back through frequently looking for stuff we talked about years ago.
So I'm not saying it's impossible to move, but understand that it would require:
- Intentionally separating from the entire gaming sphere, making it so, so much harder to make new friends or talk to people. - Getting every single one of your friends that you play games with to agree to downloading and signing up for this new service (in my case that would be approx. a dozen people) - Accepting that this huge repository of history will be wiped out when moving to the new service (I suppose you could always log back in and scroll through it, but it's at least _harder_ to access, and is separated from all your new history)
On top of this, every time I've looked for capable alternatives to Discord I've come up empty-handed. Nothing else, as far as I can tell supports free servers, the ability to be in multiple servers, text chat divided into separate channels, optional threaded communication, voice chat joinable at any time with customizable audio setup (voice gate, push-to-talk, etc), game streaming from the voice chat at any time, and some "friend" system so that DMs and private calls can be made with each other. And even if I found one, then again I can't express enough that in the gaming sphere effectively _zero_ people use it or even know what it is.
Anyways, I'm not saying that nothing could make me abandon Discord, I'm just saying that doing so is a tremendous effort, and the result at the end will be a significantly worse online social life. So not a mild inconvienence.
>Accepting that this huge repository of history will be wiped out when moving to the new service (I suppose you could always log back in and scroll through it, but it's at least harder to access, and is separated from all your new history)
This is true, but one needs to regularly back this up elsewhere if you care about it. If you're not in control of it, it can go away in an instant; Discord could one day decide to ban your server or anything else, and then it's gone.
When I was a kid, we'd host the pics we want to post on forums on geocities and rename the file extensions to .txt to get past its "no hotlinking images" policy. So it's not like much has changed.
There are a lot of barriers between kids and better solutions, one of which is that anything needs a domain and a server, and that means a credit card.
Network effects apply but also there is no equivalent service that combines all of the salient functionality of discord.
I'm more than ready to leave if push really comes to shove. Wouldn't be the first time.
From experience, I know if I leave that few of my friends will follow. So I understand the resistance.
Because they are used to follow limitations since the day they were born, and have all the time in the world
> remaining customers of a service that is actively hostile against them and that they do not like
And yet here we all are, still in an uproar every time GitHub goes down. Change is slow, we can't all leave GitHub in a day. Same with Discord users.
I think the Discord situation is a bit different.
Getting everyone to switch away from Discord has been hard because getting everyone to spontaneously switch with no clear benefit hasn't worked. They want to just keep using the app and get back into a game with their friend.
It's different to lock a door and task users with getting the key to come back in. This is more similar to an MMORPG that kills their audience because they cause the core group to stop playing and then all of the other players experiences get worse, which causes a downward trend that avalanches.
3 replies →
I am sure that is part of the appeal to the developing mind, the adversarial nature.
Nothing more "adversarial" than continuing to allow a service to leach on whatever information you're giving to it despite it kicking you in the face at every opportunity.
1 reply →
I mean, it's called a social network
>remaining customers of a service that is actively hostile against them
because that's not how they view it. For most Gen Z users and younger their digital identity already is their identity and they have no problem verifying it because the idea of being anonymous on a social network defeats the purpose of being there in the first place.
Universalising any group is dangerous, but this isn't true for even the least informed young people I know.
They grew up being watched. They know what these data harvesting operations are and how dangerous this is. They've got front row seats to the dystopia. The difference is that they can't / couldn't do anything about it.
They think the world is broken and that you broke it. They're pissed off. And powerless. Not a good combination
Even McKinsey is now reporting on it,
https://www.mckinsey.com/~/media/mckinsey/email/genz/2023/01...
5 replies →
I suspected something along these lines was possible when I looked at this provider a couple months ago.
If I recall, I had a fairly decent view of their various checks because it was delivered completely unminified, including a couple amusing sections and unimplemented features. (A gesture detector with the middle finger gesture in the enumerable commented out, for example...)
Another attack vector that I speculated upon was intercepting and replacing their tflite model with ones own, returning whatever results required.
Additionally, I believe they had a check for virtual camera names in place, as checks would quietly fail with a generic message in the interface, but show the reason as being virtual camera within responses. (Camera names are mutable though, so...)
On Discord, I got the captcha, but then after it redirected, I got a page saying:
I'm very much an adult, this whole thing is ridiculous. Ban me, I don't care.
I got this, but then refreshing that page made it work for me
The text with the code shows another step.
I tried it a couple more times, and it worked on the third try and showed me the green successfully verified message.
The reaction to Discord age verification fiasco once again makes me believe that HN users just don’t have friends.
There is no alternative for Discord for bigger groups.
If there was, I still couldn’t move multiple social circles to it, no matter how much I evangelised.
The “just don’t use the less morally aligned platform” argument has always been valid only for those without a strong need for it, whether it’s X or Discord.
> The reaction to Discord age verification fiasco once again makes me believe that HN users just don’t have friends. There is no alternative for Discord
Are you saying that people who don't talk to their friends over Discord don't have friends?
Is that a statement you genuinely find reasonable?
They're saying people with friends generally don't have access to them all on one single alternative platform, like they might with Discord.
1 reply →
Well, someone has to start. It's ok if you use the alternative with a subset of your contacts.
It has to overcome some critical mass, i.e. political inertia.
Using whatever platform you prefer with a subset of people is fine and doable, but you're lying to yourself if you think that it is the "start" of anything.
Telegram, WhatsApp, Signal? I have friends and I don't use Discord or understand why I would want to use it.
I mostly use Telegram with my friends circle. You can have groups with individual topics. But we don't do group calls. I don't really see the appeal of group calls unless you are a gamer maybe. If I want to talk to them, I go meet them.
Signal for direct messaging and calls
> HN users just don’t have friends.
So once you have friends all connected parties requires to install Discords. How does that work?
Are your parents friendless, do they use Discord?
Self hosted TeamSpeak for communication & gaming and a signal group for chatting.
[dead]
Looks like it may already have been patched, it's not working for me.
Seems I'm not the only one either: https://github.com/xyzeva/k-id-age-verifier/issues/7
Worth noting when you open up the developer tools console in discord (facebook and some other sites do it too), you get a regular message printed with "If someone told you to copy/paste something here, there’s an 11/10 chance you’re being scammed." and then "Pasting anything in here could give attackers access to your Discord account." in bold+red text. It used to also mention "free nitro" as an example of a scam you may be falling for.
I've heard, but haven't confirmed, they also detect you opening developer tools using various methods and remove your auth keys from localstorage while you have it open to make account takeovers harder. (but not impossible)
Opening the browser console in a separate window mitigates some of that detection.
Yes, Google does this, and it is infurriating.
Every time I open the dev tools on Safari (to reverse-engineer some random broken website that doesn't let me do what I need to and forces me to write yet another Python script using Beautifulsoup4), Google logs me out of all of my accounts.
To add insult to injury, Google's auth management is so broken that if I log in to the "wrong" account first by accident (E.G. when joining a work meeting from Calendar.app), that account now becomes primary for Google Search / Youtube, and there's no way to change that without logging back out from all accounts and then logging into them again.
> I've heard, but haven't confirmed, they also detect you opening developer tools using various methods and remove your auth keys from localstorage while you have it open to make account takeovers harder. (but not impossible)
You can open the network tab, click an API requesst, and copy the token from the Authorization header.
>I've heard, but haven't confirmed, they also detect you opening developer tools using various methods and remove your auth keys from localstorage while you have it open to make account takeovers harder. (but not impossible)
No, they just keep moving it between updates. It's still there. It just gets harder to extract.
Wow that was a fun read, I never thought about the technical implementation of these verification systems.
I do not believe in the necessity of identity verification
The governments making laws which mandate it feel otherwise.
No law mandates Discord impose this globally.
To be clear - this is a wholly discretionary act on their part to implement this in jurisdictions that have no such legal requirement.
4 replies →
Guess we'll have to change the laws.. or the government.
The implementation doesn't matter. Current options for bypassing it don't matter. The nature of the content being blocked doesn't matter.
The root problem is that Discord is asking users for their real identity in exchange for accessing social media content. That is a line that simply should not be crossed.
They can change the implementation later. They can make it harder to bypass. They can identify users who bypassed it and start them over from square one. They can change what type of content is blocked. They can alter the deal, but users cannot take back their identity once it is handed over.
Discord has become a platform that is outwardly adversarial to its users. Don't try to fight it. Don't keep investing in a platform that's actively hostile to you. Cut your losses now and find something else.
As always, motivated minors will trivially bypass things.
Only annoyed adults, who don't see the point in pursuing a bypass, will supply their actual ID, which is what will eventually get breached in the inevitable yet-another-breach.
These schemes only place the honest at risk.
Love that hackers are still using "greetz"
It's still pretty common in the demoscene.
What's less common, but still seen occasionally, is their opposite: "fuckings".
Came here to say the same, has been a long time since I've seen one of those in the wild!
> doesn't store or send your face to the server. instead, it sends a bunch of metadata about your face
we really need to teach people to stop being fooled by this, a "bunch of metadata" is often enough to fully reconstruct a face
Recent and related:
Discord will require a face scan or ID for full access next month - https://news.ycombinator.com/item?id=46951999 - Feb 2026 (21 comments)
I pray the status quo is good enough for legal requirements and the hacks like these don't mean the end of on-device verification (or the requirement of chain of trust from boot)
Tangentially, it's kind of weird how most of the sites' systems to verify your age try to get you to do it on a phone.
I've never used twitter on a phone, yet that's the only official way to go through the age verification process. Youtube too.
I attempted to get through the youtube one on a new account to see an age-gated video, but couldn't finish the process and gave up. At the time, I remember thinking it would be easier for me to buy an age verified google account from someone.
My theory is that the vast majority of users won't have an Android with root access/a jailbroken iPhone, which reduces the risk of using a virtual camera? Then they can just block emulators/rooted/jailbroken devices which increases the barrier to entry.
Is this not easily patched by the provider encrypting and signing the whole payload? I would have thought that would be table stakes for an identity provider.
The identity provider is on-device and has to run on phones which don't do hardware attestation.
That’s only for selfies. If they use and id I’m pretty sure it is getting sent to a k-id server.
This project is something that we would want to archive pretty quickly. I can see those service being upset over that being exposed.
You're assuming discord or twitch actually care. I doubt they actually do. It's there to preempt the regulatory hammer, and the presence of clunky workarounds like this doesn't affect it if it doesn't reach the mainstream. If it does, they can just patch it.
the hammer of the gov't works slowly, but such bypasses will eventually be worked around - it doesn't matter if twitch/discord/etc actually care or not, because their care is irrelevant.
> the presence of clunky workarounds like this doesn't affect it if it doesn't reach the mainstream.
i suspect that mainstream would eventually find it - like how VPNs suddenly became very popular in the UK.
Your browser is not currently supported. Please use a recommended browser or learn more here.
Apparently Twitch doesn't like Mozilla Firefox...
I'm against workarounds. I'm pro "leaving them and only come back when Digital ID is not required anymore".
Except you don't get to choose where other people host their communities.
If only most people leave them and it affects their bottom line.
That code snippet for Discord is pretty brittle and will likely break with future updates.
Worked, hopefully Discord will retroactively discover this and ban my account.
It worked for me (I got the green success message) however I did not get a confirmation DM from the "official Discord account" like others said they did.
Anyone got a clue what that means?
I hope that Discord, Twitch and Snapchat will die soon after introducing verification of adult persons. I hope it will be replace by more open and privacy respecting services.
Alright, how long until they patch this? Anyone takin' bets?
Sounds like it may already have been[1].
Edit: might only be a minor API call issue[2]
[1] https://github.com/xyzeva/k-id-age-verifier/issues/7
[2] https://github.com/xyzeva/k-id-age-verifier/pull/6
This is an abhorrent threat to the safety of our children and just another example of how the [Red / Blue]* party are failing in online safety.
That is why we, the [Blue / Red] party are announcing today a manifesto pledge to outlaw all computers that allow unsigned booting of unauthorized platforms, to outlaw all browsers that do not participate in the chain of trust this provides, and to outlaw all websites that do not verify the code path from boot to browser.
Only with complete trust and authorization will we be able to sleep safe in the knowledge our children’s faces are being scanned by law abiding patriots and not subverted by evil hackers like xyzeva and Dziurwa.
— General Secretary gorgoiler
.. .. ..
*What do you do, btw, if you extend your political machine into another country by subsuming their party into yours, but when their colour is traditionally X and yours is traditionally Y? Mixed light: the White party? Mixed paint: the Brown party?
Doesn't appear to be working, at least for UK purposes. Tool claimed to have worked, I dropped my VPN and my account is not age verified.
That worked for me. Got a response on desktop discord client once it was done. Wonder how long before they lock this down.
Never trust user input wins again... on one hand, discord never sees your picture, on the other, you get this. :)
Why people act like this never has been implemented like the gigs and financial apps already validate indetity
It's slightly different to access your bank account vs chatting with your friends.
Age verification itself isn't such a bad thing. I feel most people are more angry about having to verify their actual identity. Every ad provider knows your address and complete identity every time you log into anything though. I guess its the illusion of anonymity that's so popular.
Age verification is an excuse for identity checking.
I remember when people who used this site were rational experts. The emotional outbursts here are a bit disappointing.
Horseshit.
There's often a degree of uncertainty with the data advertisers have. This would heavily reduce that uncertainty and enable worse behavior on the part of advertisers.
The comments so far assume that Discord / Twitch / Snapchat don't care as entities that people will start bypassing their age verification systems. I believe the rank-and-file think that's the case. I think even the engineers and PMs think that's the case. But that's not the game.
There are many ways in which such a system could be implemented. They could have asked people to use a credit card. Adult entertainment services have been using this as a way to do tacit age verification for a very long time now. Or, they could have made a new zero-knowledge proof system. Or, ideally, they could have told the authorities to get bent.
Tech is hardly the first industry to face significant (justifiable or unjustifiable) government backlash. I am hesitant to use them as examples as they're a net harm, whereas this is about preventing a societal net harm, but the fossil fuel and tobacco industries fought their governments for decades and straight up changed the political system to suit them.
FAANG are richer than they ever were. Even Discord can raise more and deploy more capital than most of the tobacco industry at the time. It's also a righteous cause. A cause most people can get behind (see: privacy as a selling point for Apple and the backlash to Ring). But they're not fighting this. They're leaning into it.
Let's take a look at what they're asking from people for a second, the face scan,
Their specific ask is to try and get depth data by moving the phone back and forth. This is not just "take a selfie" – they're getting the user to move the device laterally to extract facial structure. The "face scan" (how is that defined??) never leaves the device, but that doesn't mean the biometric data isn't extracted and sent to their third-party supplier, k-Id. From the article,
The author assumes that "this [approach] is good for your privacy." It's not. If you give me the depth data for a face, you've given me the fingerprint for that face. A machine doesn't need pictures; "a bunch of metadata" will do just fine.
Discord is also doing profiling along vectors (presumably behavioral and demographic features) which the author describes as,
Discord plugs into games and allows people to share what they're doing with their friends. For example, Discord can automatically share which song a user is listening on Spotify with their friends (who can join in), the game they're playing, whether they're streaming on Twitch etc. In general, Discord seems to have fairly reliable data about the other applications the user is running. Discord also has data about your voice (which they say they may store) and now your face.
Is some or all of this data being turned into features that are being fed to this third-party k-ID? https://www.k-id.com/
https://www.forbes.com/sites/mattgardner1/2024/06/25/k-id-cl...
https://www.techinasia.com/a16z-lightspeed-bet-singapore-par...
k-ID is (at first glance) extracting fairly similar data from Snapchat, Twitch etc. With ID documents added into the mix, this certainly seems like a very interesting global profiling dataset backstopped with government documentation as ground truth. :)
UK user here, it still shows my account as Unverified after running :(
Check the issues/PRs on their github.
Any chance this can be used to token-log people's accounts?
It looks like only k-id's session token is transmitted back to the site, which can't be used to authenticate to Discord.
You can also self-host the backend from https://github.com/xyzeva/k-id-age-verifier.
According to discord, there's an 11/10 chance you're being scammed by doing this.
With the way things are going, just go back to email.
CC everyone.
Neat that this exists, but priming children to copy/paste random JavaScript into their Dev consoles feels like a recipe for disaster. Bets on how long before malware starts buying up "discord age verification bypass" ad spots?
too late: I have already deleted my Discord account; Twitch is also going to enforce this? hmmm...
if you don't actively use discord, then this is probably the best solution, I agree
doesn't work - request times out.
worked here - as soon as i did it i heard a dm ping from the 'official' discord account...
"We determined you're in the adult age group."
That was fast.
[dead]
There is a way to do this, where nearly everyone is fine.[0]
However, the orgs don’t get to capture verified adult user identity to pad the value of their user data profiles…
[0] https://blog.google/company-news/inside-google/around-the-gl...
It seems unlikely that "is user adult" is not already easily modeled by any of these companies to within a very high degree of confidence. Even 15 or 20 years ago Google search could bracket your age pretty effectively. It doesn't seem like this adds metadata that wasn't already there.
3 replies →
I prefer if it's pretty easy to bypass, if it's going to be law at all. My favourite example of this so far is how bluesky handles it.
https://gist.github.com/mary-ext/6e27b24a83838202908808ad528...
The official app/client is 100% legally compliant in its unmodified state. But doing something like using another client, having your PDS say you're age verified, or using a ublock origin rule to change where the geolocation API thinks you are completely sidestep it.
It was never going to be perfect. I suspect the goal with things like these is to add additional friction to the process, to make it much harder for the general population to bypass them.
[dead]
[dead]
[dead]
[dead]
[flagged]
I’ll comply with a police officer because of their threat of violence. I will not comply with online bullshit, because Discord can’t shoot me.
Never underestimate the ability of a corporation to send the feds to your door.
2 replies →