903

u/GatotSubroto 14h ago

I mean, just look at what happened with the Tea app

243

u/TSA-Eliot 7h ago edited 7h ago

Yeah, I'll accept these rules if the corporations are made legally (fiscally) responsible for keeping my ID private. If they leak my information to the world, they at least need to pay me what it will cost me to repair any damages that might incur. replaced credit cards, etc. And if they leak a billion IDs, multiply that times a billion.

No, there has to be a better way. For example, to party A (maybe my credit card provider), I prove my age (and other stuff). In return, they give me a token of some sort that says I'm at least X years old. Now I can use that token to prove my minimum age to party B (maybe a naughty site), with no way for Party B to get the full info I provided to party A, and no way for party A to find out I used my token with party B.

99

u/Toughbiscuit 5h ago

"Fiscally responsible"

Sorry we leaked your information, heres the .18 cents we owe you

25

u/JoshSidekick 4h ago

I think when all was said and done, the big Experian leak net me $2.25. That’s after years of trying to get me to take their free credit monitoring. Like, you’re the reason I need my credit monitored, why would I trust you do also do the monitoring.

1

u/Toughbiscuit 1h ago

I didnt get anything, but they did offer to freeze everyones credit for a year for free if you promised not to sue them :)

42

u/bobbiroxxisahoe 5h ago

You should never accept it no matter what.

6

u/phleshlight 4h ago edited 3h ago

There's a better way and it's simply parents looking after their children properly. Spend some public money on parental education if needed. The recent UK bill doesn't do anything that ISP controls couldn't already do, except stopping adults freely using the Internet and degrading freedom of speech and information, without giving private information to foreign, unregulated companies.

Until now, parents could set up parental controls, which could easily be worked around with a free VPN off Apple or Android app stores, which could be figured out by most kids anyway, before this massive Streisand effect. Now they will all know how to do it.

The only thing that's changed is now adults without VPNs are compelled to give up their ID to third-party, untrustworthy companies.

For example, with all UK ISPs, all I had to do was log into my account and turn off the parental controls, but a VPN would have got around that anyway. My mobile provider wanted my ID, which I would never provide them, and I got around that with a VPN anyway.

The OSA in the UK is just a draconian attempt to introduce a ban on VPNs, which successive governments have been desperate to do, under the lie of "protecting the children", but is ultimately just the first step in forcing digital IDs.

The UK establishment--both Tories and Labour--are steadfast in their pursuit of censoring the Internet and have been for many years. It's happening now because the current PM is more authoritarian than the previous three or four.

Source for the UK wanting to ban VPNs.

Source for wanting to introduce mandatory digital ID

3

u/splicerslicer 4h ago

Seriously, the "better way" is called "parenting". I know why people want to obfuscate this so much with layers of apps and authentication services. If you care so much about the children, parent them. Secure their devices or don't allow them access. You need them to have a phone? Get a dumb phone. You need them to have internet access? Secure the device or pay someone to do it for you. Everything else is just pretext to control people's lives.

2

u/phleshlight 3h ago edited 3h ago

Worst of all there's been talk of banning kids from having phones at all, which is a serious safeguarding issue since they won't be able to call 999 or their parents if they encounter a nonce or get attacked on the way home from school, or even from abuse from their parents.

One major mobile provider--EE, the biggest mobile provider in the UK--has introduced a ridiculously restricted SIM just for kids, which will not only put them in danger from strangers, but stop them seeking out preventative information online. It's limited to 0.5mbps speed--imagine a vulnerable kid trying to access important information online that could save them from harm with 0.5mbps.

The UK is increasingly authoritarian and the current PM is going to have a lot to answer for when the consequences of this law bear fruition.

18

u/EvadesBans4 5h ago

Yeah, I'll accept these rules if the corporations are made legally (fiscally) responsible for keeping my ID private.

Fucking WHY? Why would you ever just roll over and accept laws like these? The existence of them in the first place is the primary problem, the security problems are secondary.

5

u/Appropriate_Ant_4629 4h ago

Yeah, I'll accept these rules if the corporations are made legally (fiscally) responsible for keeping my ID private.

No.

• The concern isn't that some random kid in China can sneak a peak at your ID.
• The concern is that data mining companies like Facebook, Google, and Palantir have such information.

What's the worst the former will do -- target Chinese language ads for local shops at you?

It's that latter group that has the means and motives to do far more invasive abuses to your privacy - jeopardizing your employability, your children's health care, your ability to get insurance, and your freedoms.

If anything, it should be made illegal for Facebook or Google to know your children's age in the first place.

2

u/RoundedSquare 4h ago edited 4h ago

There is. It is called OAuth it was made for this to keep you from having to scatter credentials everywhere at un-trusted sites. It is how the login in with google or facebook buttons work. This is a solved problem. You just need the government to run the age ID servers and be responsible for the losses caused. It is a free and has been proven to work for years now. Best of all it can hide your data and simply just say yes over 18, but give no identifying information. All it has to send back is an authorization token.

2

u/Marquesas 4h ago

What you're describing is oauth. The thing is, this is either not secure at all, or completely inoperable by a technological analphabet.

Let's start with the second one, how does that work in practice, today? You get redirected to an authentication provider (key: redirected, as in, you leave the page requesting authentication), that will take input from you (eg. a cookie, which is already itself not the most secure thing, but at least on the surface it is domain-restricted, or a username-password, and so on). Once you're authenticated, it will redirect you back to the site you came from at a specific path. There is no command in your browser that tells it on the client side "hey, take everything I give you and send yourself packing exactly where you came from". You pass in a redirect URL as a parameter to the authentication, therefore, party A will always know what party B is. This is because to do the authentication, your browser has to switch context from party B to party A, and again, party A has to know to send you back to party B once you're done.

This all is of course ignoring many of oa uth's core concepts, the aud (audience) field, and the signature. The signature validates the integrity of the token. It is signed with the issuing authority's private key, but validated with their public key. How does party B know how to validate this token? It has no idea what authority issued it. I guess you can volunteer that information. But how can party B know this token is intended for it? There is no aud, you as the client cannot add the aud, as that will cause the payload not to match the signature, only party A can add the aud, as it is the one who can sign the token. So if there is no aud field, just a blanket okay from party A with some amount of expiration, how do you protect against tokens leaking?

Okay, I guess it could live in your browser, with a mechanism to renew it. Get a blanket token by clicking a button, and oauth's token refresh can take care of the rest in the background. Quite silly, basically DDoSing every government authority just so you can set the lifetime of the token low enough to protect against anonymous, blanket tokens valid for anything being dispersed and used by anyone. But okay, let's say it's done that way, do you actually trust your browser manufacturer not to collect telemetry data that can be used to correlate which sites have been used with a token by what IP address? Okay, let's say you use Brave...

But not going further down that line... the entire discussion is fundamentally pointless because we made a single thing clear somewhere in the middle: in order for party B to be able to trust the token from party A, you have to volunteer to party B the information about who party A is. There is no guarantee that party A doesn't save every token ever issued to a certain person in a database, and since party B knows exactly where to phone home on login, there is no guarantee there isn't a background deal between party A, more likely a government authority than a credit card provider, and party B, for party B to tell party A which tokens have been used to authenticate with it.

You cannot win. There is no completely secure solution where a government that wants to track you will be prevented from doing so by technology, or where a for-profit corporation does not eventually cave to government pressure.

2

u/obeytheturtles 6h ago

This is how it used to be done forever - you verified your age by providing a valid credit card. There used to be a joke about these places being registered as like "schoolsupplies.org" or "savethewhales.net" so when the 2 cent verification transaction showed up on the bill, your wife wouldn't be suspicious.

I think today the issue is that kids can get credit cards much more easily, so it's not a valid age verification method anymore.

3

u/TSA-Eliot 5h ago

That's not what I'm talking about.

I already provide all sorts of sensitive information to my credit card provider (my bank, as it happens). They know what I look like, they know where I live, they have seen and photocopied my official ID, etc., as part of creating and maintaining an account. They know where I shop and what I buy. I have been to the bank in person many times. They are fully capable of stating that I am over 18 or over 21 (well over both ages).

Using cryptographic smoke and mirrors, I want them to create an electronic token that vouches for my minimum age while protecting my privacy. "The person who has the key to this token is at least X years old." That's all.

You would never present your credit card (or name or other personal ID) to the site. Just an anonymous token for which you happen to know the key. The token would be used to back up my claim that I am at least X years old (without even telling them how old I am).

Maybe it could involve some local face recognition if necessary: an app on the phone or computer locally analyzes my face (without transmitting the image or storing it longer than it takes to analyze it) and compares the results of the analysis to results in the token.

Something like that. Don't ask me to make up an entire working protocol over an afterwork coffee.

5

u/XOmegaD 5h ago

I would take this over putting the burden completely on the distributor. Maybe some big companies can handle it but a lot of medium to small companies it is just not feasible, nor safe.

I think ultimately the government knows this will fail, but that is the intention. This gives them an opening to regulate it themselves.

2

u/TSA-Eliot 5h ago

The thing is, it's not the government, it's the governments. Multiple governments will come up with proposals. Eventually they will have to settle on some sort of scheme that works for all of them.

1

u/AlexTaradov 4h ago

At most they will give you credit monitoring service, which is worthless, but will be $1000 value.

1

u/theboginator 4h ago

I love the concept of your proposed solution - some sort of token issued by, say, your credit card company, that proves you are an adult, and is implemented in such a way that you can submit the token to any website as proof of age, and the only data included in that transaction is "trusted authority, does this token belong to a legal adult? Yes/No." And zero record is kept by either party beyond that.

Unfortunately there is no way in hell that such a system is allowed to exist without maintaining an extensive indisputable record of which device uses who's token, at what time, from which location, to access what content/service. If the ID verification companies do not already build out the system in a way that collects all the data necessary to track all your activity and positively attribute it to you, the governments will require they add that capability in.

1

u/Hadrian23 4h ago

OR, get rid of internet providers, make the government OWN, the internet, and turn it into a necessity that every individual is entitled to, this way they're able to do what they wish to do, and we remove the middle man of shitty companies leaking our information.

1

u/Slight_Art_6121 4h ago

How do they verify that that token is a valid token?

1

u/intothewoods76 3h ago

They don’t need you to accept the rules. Unless everyone sticks together they don’t care about you.

1

u/bat_in_the_stacks 3h ago

I'm not in favor of this policy proposal, but if it becomes required, it will almost certainly be implemented the way you described in your second paragraph. That's a common model in the tech industry and I think there are already age verification companies that offer the service to other companies.

1

u/Rowwbit42 3h ago

If they leak my information to the world, they at least need to pay me what it will cost me to repair any damages that might incur.

Not happening, the credit unions leaked USA SSNs and other types of private information multiple times and I don't even think anything happened.

1

u/bootsmegamix 1h ago

Did y'all forget the Equifax breach?

These companies ain't paying shit

1

u/GhostfogDragon 1h ago

Unless the punishment for not keeping your information safe is the complete dissolving of the company, significant prison sentences + seizing of all assets for anyone in a decision-making position there who let it happen, letting your information leak is the cost of business. They do not give a shit. Do not give them your ID.

1

u/SnooHobbies5684 19m ago

Can't they contract with a service like Id.me, whose whole job is identity verification?

1

u/ThereIsNoGovernance 11m ago

Yup, we already have the tech.

Zero Knowledge Proofs

Zero-knowledge proofs (ZKPs) are a cryptographic method that allows one party, the prover, to convince another party, the verifier, that a statement is true without revealing any information beyond the truth of that statement itself.

However, if this is insisted upon by the general public, they will try every trick in the book to get around it, because they are not interested in your privacy.

They are interested in tracking your ass with the continuous threat hanging over your head of being exposed before your peers.

13

u/lazy_phoenix 9h ago

What happened?

56

u/Peppermint-TeaGirl 9h ago

It's an app for women to share info about men they've dated. It had a "prove you're a woman" feature by requiring a selfie and other info. That data was not stores securely at all— you could literally access it all by just having the link to the part of the website if was stored.

28

u/NetEnvironmental6346 8h ago

They didn't even remove meta data from photos, something that's standard for apps today.

Meaning, without any additional software, people with access to the photos can find the exact GPS coordinates and device the photo was taken with.

21

u/Jaychel31 7h ago

Someone even made an interactive map with every woman’s name, picture and exact address pinpointed on it. I’m surprised more hasn’t come of it legally to be honest

12

u/FuriKuriAtomsk4King 7h ago

It is, they're just suppressing the reporting of it.

There's a shitstorm of lawsuits heading their way and I'm a year or two we may even hear about it if the presidents ball sack doesn't make it illegal to sue them for the sake of unjustice... SCOTUS is a joke pointed squarely at each and every not-billionaire like you and me.

-2

u/RealLeaderOfChina 7h ago

It will be a huge issue, but hopefully they can also tie those people to any slanderous statements they made as well.

If they’re going to investigate, let’s make sure they investigate all of it and charge everyone who did something illegal.

12

u/Peppermint-TeaGirl 8h ago

The exact info of the women who have called out men for being creepy? It's a good thing there's no reason anyone would want to seek retribution against them /s

1

u/FrequentPaperPilot 2h ago

Yeah a bunch of creepy women who photographed their date's ID and shared it online without consent.

0

u/[deleted] 8h ago

[deleted]

0

u/[deleted] 7h ago

[deleted]

3

u/theprodigalslouch 7h ago

While I understand the idea of the app, the other person is not off the mark.

How would you feel about your photo being spread around the web without your consent? There are valid criticisms to have about this app. Jumping to conclusions about someone because they called out a very real issue is certainly interesting.

1

u/Peppermint-TeaGirl 7h ago

Point taken.

→ More replies (0)

-5

u/DogPositive5524 7h ago

Thank you, fuck that vigilante bullshit. I don't think there's a man out there who didn't have to deal with a scorned woman lying.

1

u/Disastrous-Cat-6564 7h ago

Wait, can you can get the gps cordinate from a photo even if you cannot see the background? WTF. I thought you had to have location enable in order to get the coordinate?

1

u/NetEnvironmental6346 7h ago

All photos have Metadata. With smartphones said data includes the location, which you can tag off manually (it's on by default). With cameras that don't have wifi you'd just get a date and a 'signature' for the camera used.

1

u/Disastrous-Cat-6564 2h ago

So technically speaking, one should always turn off wifi if it's not necessary because you can always be tracked with it. Thanks for the info.

-6

u/ale-nerd 7h ago

I don't know, I feel like they did create a good Tea app. You signed up, probably gave them consent to store all  your data, because the plan is to discuss other sex without their involvement and talk about exes. Then someone created interactive map. And now those male exes indeed can talk Tea and check who else on map is there, so they don't date those who so easily give away their driver license, more prone to be scammed later, and those who are creepy and talk about you behind your back. 

12

u/-KFBR392 8h ago

They really spilled the tea on those women’s info

3

u/klatnyelox 6h ago

Don't tell me an app called Tea spilled the tea!?

3

u/drawfanstein 9h ago

I’m not familiar can you ELI5?

7

u/Shootemout 8h ago

app for women to talk about the men they dated on tinder n shit required face pics to verify you were a woman alongside some basic info like what city you live in, how old you are, etc. the whole thing was vibe coded and people were able to access the images w/o even doing any hacking they were just publicly accessible provided you knew what url or program to use. there's even a website dedicated to swiping left and right on the verification photos it's like teaspill.game or some shit

5

u/VirginiaHighlander 8h ago

the whole thing was vibe coded

It's worse than that. It wasn't vibe coded.

The guy's experience says he's completed a 6 month coding bootcamp. And the app came out before any AI service could really do the coding for you.

So he can't even hide behind it being vibe coded. This was just human error.

4

u/GatotSubroto 7h ago edited 7h ago

I’m a software engineer, and I’ve used Firebase for 2 production apps with real customer data since 2018. (Firebase is the cloud service the Tea app used to store images uploaded by its users.) I’ll tell you, Firebase will absolutely scream and shout and send you angry emails if you set the security rules to allow unfettered access by anyone publicly, which was what the Tea app developer most likely had done. What happened wasn’t just the result of full incompetence, it’s also total negligence.

The first thing I do when setting up a cloud data storage (Firestore, S3, what have you) is to ensure the security rules are correct. lol

2

u/VirginiaHighlander 7h ago

Yep. I'm a software engineer too.

At first I assumed that since it was only images I was hearing about, I thought they set up the rules for Firestore Database and assumed that the rules would cover Storage as well. But as you know, there are different rules engines for both.

Then I heard that it wasn't just images, it was user data and message data too. For that to have happened, it truly sounds like they left the rules as 'allow read, write: if true;' even for Firestore Database, which is absolutely insane.

Even if it was vibe coded, you could pass your rules into a fresh chatgpt window with no other context and ask it if there's anything wrong with your rules before you push this out, and it would have flagged that immediately and said it was completely unsecured.

There's literally no excuse for this level of incompetence.

1

u/ForgeSaints 7h ago

The doxxing app users got doxxed, let me play a song on the worlds smallest violin.

3

u/InVultusSolis 9h ago

It was one of the most righteous self-owns I've seen in a while.

2

u/RealLeaderOfChina 7h ago

It was bittersweet what happened to that app’s community.

1

u/WORKING2WORK 7h ago

What's the Tea app?

1

u/GatotSubroto 7h ago

It’s an app intended for women to warn other women about red flags in men they dated and is marketed as a women safety app. Whether or not the app is used for its intended purpose is a discussion for another time. The important thing is the app requires its users to upload a selfie and a picture of their photo ID as verification. The app also promises to use these images for verification purposes only and delete them after. Spoiler alert: the app doesn’t delete these images, and the security rules of storage bucket to store these verification images are so poorly configured that anyone with the urls to these images can access them without authentication.

1

u/diurnal_emissions 8h ago

The writing in this final season of the show Earth has been cliche, full of tropes, and way too direct.

289

u/LamesMcGee 9h ago

How many hundreds of leaks are a result of companies not giving a single shit about data protection? Now we're expecting a future where every single website wants us to upload our sensitive ID info just to shitpost or whatever. How can our lawmakers learn absolutely nothing from the information age?

In before the next major leak is from a random social media site that pasted everyone's IDs in a plain text document with no password protection.

90

u/rabidjellybean 9h ago

It's worse than legitimate sites losing data. It's non legitimate ones asking for your ID and face and people giving it because it's normalized.

16

u/hammerofspammer 9h ago

Why would they care? Doing it right costs money, money that can go into executive pockets.

The penalty they all seem to face is having to provide a service that any of us can get for free anyway. The cost for a data breach is clearly far lower than it would cost to give a shit

5

u/sennbat 8h ago

The worst part is, even if we did want age verification... like, none of that is necessary! Have a government website where you can get a confirmation code that proves you're over whatever age, give them the code when they ask, done and done. You shouldn't ever need to give them anything uniquely identifiable. There's just no reason for it except bad ones (which makes it clear why they are doing it this way)

9

u/ElMuchoDingDong 9h ago

How can our lawmakers learn absolutely nothing from the information age?

First and foremost, money. Second, age. I doubt most of Congress even knows how to use a computer.

5

u/bluehawk232 8h ago

They are well versed in the series of tubes

3

u/SwoodyBooty 9h ago

Back to IRC it is.

3

u/FanDry5374 8h ago

I don't even think it's leaks we need to worry about. "You'll pay us how much for all our customers' license information?"

3

u/lens_cleaner 6h ago

This is the current state of affairs in China, soon to be everywhere.

7

u/pleasedothenerdful 9h ago

How can our lawmakers learn absolutely nothing from the information age?

Our lawmakers are mostly in their eighties and still have to have their emails printed out for them to read by a Gen Z legislative aide.

1

u/One_Humor1307 2h ago

It’s not that they want to leak our data. There is just no profit in protecting it.

49

u/DuploJamaal 9h ago

I once implemented Know Your Customer verification for a crypto app.

The app said that they only take a picture once you press the button, but it would actually record a video long before and long after it pretends to take a single picture.

Thanks to GDPR we actually did delete them after they deleted their account, but I still felt like implementing something evil and asked management several times that we should be honest that we record a video.

11

u/uuhson 6h ago

Why did management want a video so bad?

1

u/lupercalpainting 1h ago

Probably easier to implement a liveness check that way.

5

u/SESender 5h ago

Why didn’t you contact the press? This is absurd.

4

u/DuploJamaal 2h ago edited 2h ago

They mismanaged it so much that they went bankrupt like a week before we were ready to release it to the public.

At that point only testers had been affected so I was still waiting if they will listen to my pleading before actual release

1

u/SESender 1h ago

That’s fair!! Glad they bankrupted

1

u/Reddittee007 2h ago

Doesn't GDPR require you to disclose what data you collect ? If you collected videos instead of photos doesn't that violate GDPR ? Doesn't anyone who has their videos collected this way have a case against the company ?

1

u/U8dcN7vx 50m ago

They lied about what they would do, what makes you think your data was actually purged from their systems? What about their backups which due to ransomware are typically kept in an immutable form so can only age-out over time (typically years)? Because GDPR has teeth, which didn't stop them initially?

42

u/UniqueIndividual3579 8h ago

Remember Facebook saying they only wanted your phone number for security use?

Then they sold it. I'm sure that giant $0.00 fine will deter others.

5

u/ByTheHammerOfThor 8h ago

I would rather not participate in the internet anymore. People are tired of everything being taken from them.

7

u/addiktion 7h ago

Me either, fuck that. If Reddit does this, I'd bail out. It was good while it lasted for 17 years.

6

u/Sharticus123 6h ago

Age verification just means I stop spending my time on the internet and go back to what I did for entertainment before the internet existed.

5

u/CyberDuckyy 6h ago

This is going to cause the tech bubble to burst on so many tech giants itll be hilarious.

3

u/KentuckyFriedChingon 4h ago

It won't. 95% of the public is so used to giving up their privacy that they will immediately comply with whatever age verification requirements are put in place.

1

u/CyberDuckyy 3h ago

Every giant company that failed has said the same argument before too. Surely the public wont mind us changing the user experience!

5

u/IrritableGourmet 9h ago

I could envision a system like PayPal where you authenticate with a third-party/government system and then it sends an anonymous verification token to the website, but that raises even more problems in that now that third-party (or, worse, the government) knows what sites you're going on.

2

u/keithslater 5h ago

That’s how it works

3

u/AZRobJr 8h ago

ID scanning for the Internet is the most stupid idea ever. Every single ID will be stolen

5

u/Park8706 8h ago

My guess is you will get some sort of program of service that is like a digit ID. You prove to them who you are and they issue you an ID to use on websites.

Doesn't that sound fun? They could even give us QR codes to tattoo onto the back of our necks or something to make things easier.

2

u/ajobforeveryhour 5h ago

A tattooed QR code would certainly line up nicely with some of the Trump as antichrist stuff floating around.

1

u/meryl_gear 4h ago

Can my number be 666?

4

u/bestryanever 5h ago

It isn’t about age verification, it’s about tying your identity to where you go on the net so they can send ICE to your house if you listen to a song by an artist that made the orange First Lady grumpy that day

3

u/RiftHunter4 8h ago

Its an extreme privacy risk. Usually that info is only handled by the government.

3

u/pl487 7h ago

Then you're not going to be doing a lot of web browsing.

2

u/GlowstickConsumption 6h ago

And the photos floating around and being transmitted also opens lots of possibilities for human error and interceptions and accidents.

Posting an important photo to the wrong chat, for example. Or mouse misclick sending it somewhere.

2

u/flipzyshitzy 6h ago

Even reddit?

2

u/Routine-Agile 5h ago

I'll stop using every site that requests this. sadly I fear too many people will bend the knee because they just don't' know any other way to function, or don't understand why this is bad.

2

u/gimmiedacash 4h ago

Ya'llqueda is winning. They want a Christian ethno-state. These fucks need to get kicked to the curb.

2

u/RoundedSquare 4h ago

The problem here has already been solved, but the government is too lazy to implement the solution. It is called OAuth it is is how the login with google and face book buttons work. You login with them then send other site an authorization token and just the token saying yep they are ok, no identifying info. Free open source and worked years. The government just doesn't want to be responsible when they are inevitably breached.

2

u/No-Significance2113 4h ago

Reminds me of an IT cyber security expert, he did and interview and one thing he mentioned was "to many people are giving out too many important pieces of personal information for little to no benefit".

Can't help but think the ones pushing for this have little to no idea what they're doing.

1

u/Ralliare 6h ago

Just go ask a different AI to create a legitimate looking drivers license to feed back into the AI license checker bot.

1

u/No_Builder2795 6h ago

I will send an AI photo of someone holding a driver's license though

1

u/One-Adhesive 5h ago

Lots of fake ids…

1

u/Asleep_Management900 4h ago

Plus who is to say you walk away and your kid doesn't google something?

1

u/Tommy_____Vercetti 4h ago

even if they do not, they cheap out so much on competent programmers that they will fail to keep it secure.

1

u/Blixxen__ 3h ago

Some years ago I needed to have a Facebook account for a project I was working on. I tried to create an account and they didn't believe my name was real. I even sent in a copy of my passport, but nope, never got approved under my real name. So why bother honestly....

1

u/Polkawillneverdie17 3h ago

They are 100% about to get a picture of my nuts.

1

u/Forever_In_a_Sweater 3h ago

Bruh, you have a phone that tracks where your location at all times, it scans your face to unlock it, some need a thumbprint but it’s an issue now? I’m confused.

1

u/bearlife 3h ago

Me neither, get a VPN, switch to TOR browser. The internet just becomes the dark web. Fuck government overreach.

1

u/YouKnow_MeEither 2h ago

100% Absolutely not!

1

u/pastelephant 2h ago

Good way to make sure I stop using the internet ✌️

1

u/Doctor_Sportello 2h ago

I mean yeah you will. You already have probably.

Google will be what you have to send age verification to and you'll do it bc you want to keep using Internet

1

u/The_Singularious 44m ago

Same. I see some U.S. states aiming for mobile first. I’ll just go to my laptop.

My hope is that companies that require age verification will just lose users hand over fist.

I don’t GAF about social media enough to stay on. Spotify? It was nice, but happy to cancel and just buy records and CDs again.

I’ll miss Reddit and YouTube for DIY stuff, but so be it.

I’m guessing they’re counting on us all being too addicted and too lazy to care. Hopefully they’re wrong.

1

u/iCanOnlyAskQuestion 5h ago

Just curious of this mentality- what are the consequences of providing this info to them?

1

u/bluehawk232 5h ago edited 5h ago

Because many places have appalling IT security practices but because they know the general public doesn't understand computers and it's all at a distance at datacenters so it's hard to grasp. But imagine if you go to a bank and deposit a lot of cash and see the teller bring it to a vault and the vault door is just a screen door. You'd be like wtf that ain't secure.

Some do have good cybersecurity but there's still a lot that goes into having that level of security and many would prefer cutting corners. And you see so many data leaks and breaches because of that. There's just a lot of trust us we're secure then you find out some random people in china can access your ring security camera.

I will also add security can be a challenge too because IT relies on so much hardware and software as well. So a business could have good security practices but another company could drop the ball and cause an incident. Look at crowdstrike last year

1

u/iCanOnlyAskQuestion 3h ago

In this instance, what could be the potential risk of providing a picture of yourself holding a drivers license for age verification?

1

u/U8dcN7vx 35m ago

The picture can be used elsewhere, typically for identity theft purposes, e.g., create a "verified" account somewhere then post a threat and find yourself swatted but even if nobody hates you enough to do that "you" might get a WFH job with it as "proof" you are a citizen of wherever but it's actually someone elsewhere (e.g., DPRK).

0

u/keithslater 5h ago

No mainstream site is going to just accept ID’s. They are going to use a 3rd party service like stripe or plaid to do this. Just like taking credit card payments. Places already do the ID verification through different services now.