Nitro already cancelled. Can’t just back out of a bad idea, going to have to work for it
nthpwr on
already signed your death warrant im afraid
LuckyHearing1118 on
Grasping for straws at this point
UpsetKoalaBear on
There’s plenty of actual third party age verification methods with third party security vetting backing them up. Yoti is one of them. [They even have a bug bounty.](https://hackerone.com/yoti)
Yoti Keys is on device and encrypted. It uses age estimation instead of ID verification. They don’t require you to give your name, address, or ID.
All the app does is tell the provider “this user is over 18.” It doesn’t send any more than necessary.
It gives no other information about the user, nor does the encrypted data leave your phone. It just gives you a Passkey (like how you store passkeys to login to websites).
You have a private key on your device. The public key is on their server. The only way to decrypt the age verification data, is with the private key. [You can read the privacy policy here.](https://www.yoti.com/privacy/keys/)
Ask yourself why they chose Persona instead of a system like Yoti Keys. Yoti Keys, by the way, is completely compliant with age assurance laws.
Nowhere, in the UK’s OSA or the EU’s DSA, do they specifically mention to use Persona nor do they mention they have to store the data. They just ask for attestation.
The companies are using this law for malicious intent. The laws just require age assurance, the laws don’t require companies to use a specific platform to do it on.
Zero-Trust age assurance _can_ exist and be fully compliant.
RidetheSchlange on
They will go with an alternate that will work with palantir now or later or be bought by palantir. Whatever happens, Palantir will still get the data. Just leave American networks.
RhoOfFeh on
And they were going to try and get all of our IDs, revealing the links between real-world and online identities in essentially plaintext.
unspecified_person11 on
Just a reminder that this same identity verification software is still used by OpenAI, Anthropic and LinkedIn.
ithinkitslupis on
“We need to age verify to protect kids” … immediately exposed as state espionage.
>The leak occurred because Persona accidentally exposed 53MB of original source code on a public IP address that was meant to be hidden. This allowed for the discovery of 269 distinct verification checks, including facial recognition matching against world leaders and crypto-wallet tracking. Users believing they are verifying their age for social platforms or AI access are instead being screened against global watchlists and intelligence databases with direct ties to ICE and FinCEN.
Yeah it’s pretty clear that we should never trust age verification systems to respect privacy no matter what the government writing the laws say the intent is. The governments themselves are working with these companies behind closed doors to violate privacy.
This is in addition to hackers breaching 70k government IDs given to discord less than a year ago, where just incompetence or mistakes can get you leaked all the same.
McSmiggins on
Worth pointing out Reddit also uses Persona for it’s ID stuff…
Even if Discord “don’t have the options turned on” it’s one “whoopsy” away from “accidentally” turning it on
E6DA on
Too late. I already canceled Nitro and deleted my account. Next.
Dave-C on
Peter Thiel, the same Peter Thiel who received millions of dollars from Epstein’s private accounts? That Peter Thiel?
Strange that he wants to verify ages now…
Aranthos-Faroth on
If you remove public trust, you need to build it back up.
You can just say “lol jk” and think it fixes it.
Fuck every person in discord that decided this and who’s still there.
Neumaschine on
Barely used it. Cut ties and uninstalled. Too late! See this Reddit? Do that and lose us in masses.
snuuginz on
LOL good luck getting your customers back, assholes!
ThePhonyOrchestra on
Sure they did.
Companies can say anything these days
GlasgowTrafficCone on
Too little too late. Some clown there thought it was a good idea so nope i wont be back.
rjksn on
I’m sure they’re sorry you found out. Not sorry they tried to get a big bag of money.
Jussepapi on
Yeah I’m out, bros.
GimmeAllYourCurry on
Great job Discord- you fuckin nuked your company.
frozenpissglove on
Imagine that. You opened up your platform to an evil company and the government immediately went into over reach mode.
Usual_Award on
Between this flock surveillance cameras and ring cameras the concern is escalating.
SignalAd9220 on
Seems like several companies have to seriously shoot themselves in the foot by handing user data over to Palantir and Thiel, and receive lasting damage via their users leaving.
Until other companies perceive it as too risky and won’t even try to add this shit.
It’s on us to make sure of this – we vote with our money, engagement, and user numbers that draw bigger investors, advertisers etc.
wrxninja on
“Tell the public we ‘found’ a code rather than admitting that we knew about it from the beginning for damage control”
26 Comments
Damn we got caught!
Too late. The damage is done.
When are we cutting ties with discord?
Nitro already cancelled. Can’t just back out of a bad idea, going to have to work for it
already signed your death warrant im afraid
Grasping for straws at this point
There’s plenty of actual third party age verification methods with third party security vetting backing them up. Yoti is one of them. [They even have a bug bounty.](https://hackerone.com/yoti)
Yoti Keys is on device and encrypted. It uses age estimation instead of ID verification. They don’t require you to give your name, address, or ID.
All the app does is tell the provider “this user is over 18.” It doesn’t send any more than necessary.
It gives no other information about the user, nor does the encrypted data leave your phone. It just gives you a Passkey (like how you store passkeys to login to websites).
You have a private key on your device. The public key is on their server. The only way to decrypt the age verification data, is with the private key. [You can read the privacy policy here.](https://www.yoti.com/privacy/keys/)
Ask yourself why they chose Persona instead of a system like Yoti Keys. Yoti Keys, by the way, is completely compliant with age assurance laws.
Nowhere, in the UK’s OSA or the EU’s DSA, do they specifically mention to use Persona nor do they mention they have to store the data. They just ask for attestation.
The companies are using this law for malicious intent. The laws just require age assurance, the laws don’t require companies to use a specific platform to do it on.
Zero-Trust age assurance _can_ exist and be fully compliant.
They will go with an alternate that will work with palantir now or later or be bought by palantir. Whatever happens, Palantir will still get the data. Just leave American networks.
And they were going to try and get all of our IDs, revealing the links between real-world and online identities in essentially plaintext.
Just a reminder that this same identity verification software is still used by OpenAI, Anthropic and LinkedIn.
“We need to age verify to protect kids” … immediately exposed as state espionage.
>The leak occurred because Persona accidentally exposed 53MB of original source code on a public IP address that was meant to be hidden. This allowed for the discovery of 269 distinct verification checks, including facial recognition matching against world leaders and crypto-wallet tracking. Users believing they are verifying their age for social platforms or AI access are instead being screened against global watchlists and intelligence databases with direct ties to ICE and FinCEN.
Yeah it’s pretty clear that we should never trust age verification systems to respect privacy no matter what the government writing the laws say the intent is. The governments themselves are working with these companies behind closed doors to violate privacy.
This is in addition to hackers breaching 70k government IDs given to discord less than a year ago, where just incompetence or mistakes can get you leaked all the same.
Worth pointing out Reddit also uses Persona for it’s ID stuff…
Even if Discord “don’t have the options turned on” it’s one “whoopsy” away from “accidentally” turning it on
Too late. I already canceled Nitro and deleted my account. Next.
Peter Thiel, the same Peter Thiel who received millions of dollars from Epstein’s private accounts? That Peter Thiel?
Strange that he wants to verify ages now…
If you remove public trust, you need to build it back up.
You can just say “lol jk” and think it fixes it.
Fuck every person in discord that decided this and who’s still there.
Barely used it. Cut ties and uninstalled. Too late! See this Reddit? Do that and lose us in masses.
LOL good luck getting your customers back, assholes!
Sure they did.
Companies can say anything these days
Too little too late. Some clown there thought it was a good idea so nope i wont be back.
I’m sure they’re sorry you found out. Not sorry they tried to get a big bag of money.
Yeah I’m out, bros.
Great job Discord- you fuckin nuked your company.
Imagine that. You opened up your platform to an evil company and the government immediately went into over reach mode.
Between this flock surveillance cameras and ring cameras the concern is escalating.
Seems like several companies have to seriously shoot themselves in the foot by handing user data over to Palantir and Thiel, and receive lasting damage via their users leaving.
Until other companies perceive it as too risky and won’t even try to add this shit.
It’s on us to make sure of this – we vote with our money, engagement, and user numbers that draw bigger investors, advertisers etc.
“Tell the public we ‘found’ a code rather than admitting that we knew about it from the beginning for damage control”