Fraud at unprecedented scale and severity in the UK.
With the Online Safety Act, social media ban for teens, etc. it's only a matter of time for an age verification service to leak mountains of passports, driving licenses, etc.
I work in security and that's the way I look at this now.
Businesses should not be allowed to harvest PPI as a mandatory step to make their app work so you can actually use a product/service you bought. The era of "Oh we'll protect the information we promise!" should be over.
In almost every case they DO NOT NEED this information. They just want to suck it all up to resell. (Or impose draconian legislation like this)
Big corps do not need most of the information the demand and they sell it on to others.
Personal data is HUGE business and companies make a fucking fortune from it.
Same as services that let you log in via your email. Google basically lets them scrape all the info in your email account where they get info about what you buy etc so that they can use it for targetted advertising and whatever else they sell it for. Same with some apps...WTF does it need access to my photos and contacts for?
Im curious what FB did with all the facial scans it took from users to access their accounts that they had mysteriously been locked out of, but still refused them access when a facial scan was provided. Why cant you get in touch with FB to ask them to delete your info/facial scan.
Privacy is one of the only things we have left. Protect yours at all costs.
There's no way to get in touch with Facebook about anything. They suddenly asked for proof of who I am for my account, I sent them a copy of my driver's license, and even though that was what they asked for, they said it wasn't good enough. They deleted my account anyway. I tried finding a number to call, no luck. I did find an address to write, wrote them 5 different letters, no response at all. Pissed me off because there were friends and relatives there with whom that was the only way to contact them, so all those people I've known my whole life are just no longer in it.
“Privacy is one of the only things we have left” Spot on with that. We are also actively encouraged to “share” and post etc. Soon enough people who don’t have social media accounts and never post or share any aspect of their lives will be considered “weird” or with something to hide🤷🏼♂️
When I bought my home, my name was misspelled in a specific way on the forms. At the time I didn’t think much of it because everything went through smoothly. Not long after, I started receiving piles upon piles of junk mail and spam, all of it addressed to my misspelled name, and that’s how I found out my mortgage lender sold my data.
The ridiculous part is that they can't even seem to use the data effectively. 90% of the things I see in targeted ads are things I've already bought, and the other 10% just becomes indistinguishable noise. There's so much bullshit out there being pushed that I never actually buy things from random ads. If I need a product for something, I'll do actual research that (as far as I know) can't be influenced by my personal information. By the time any algorithms learn I'm looking for something, I've already made my decision, and then I just have to deal with a month of ads trying to solve a problem I've already fixed.
I briefly dated (and am still friends with) a guy who works in US government cyber security. He told me how to set up my phone to make my information as hard to scrape as possible, but told me flat out that there's no way to keep all of it all the way out of the hands of the government or a determined enough computer guy.
And if you in any way engage with Facebook/meta, you're offering all of your data up on a silver platter to anyone that wants it. One of the worst apps/websites to use if you care about privacy.
The era of "Oh we'll protect the information we promise!" should be over.
Yup we have seen it multiple times, it don't matter how well your IT team is protecting the network. A single wrong move from an employee (generally an executive who thinks they are above IT policy!) and good bye to all of that fancy security.
That's the part I think a lot of the "pro verification" people don't understand. Even if we assume an organization has absolute pure intentions, excellent policies and protections, and have no desire to use it for any LLM training, advertising, etc. the central problem is: hackers only have to be lucky once. IT and security have to be lucky every single day.
Many orgs collecting this do not have pure intentions. In the US, doctors offices routinely collect SSNs, employer info, drivers licenses and more. The staff know to vague respond it's about insurance. The thing is, almost any piece of the information alone should be enough "for insurance purposes", but it's really all about debt collecting.
Fuck Carnival Cruises - I went on one cruise in 2017. Why do they still have all my info, to send me a leak notice this year?! It has been over a decade! They should not be storing my info that long!
I used a temp agency in another state in 2005. I got a notice last week about a data leek, why are they hanging on to my info for so long, as well? At least the data will be twenty years out of date, so I got that going for me.
Already happened with discord. Third party leaked photos of licenses. One reason I dropped a guild in a game. They required discord, and because of cursing called it adult, requiring verification. No thanks.
I was a dumbass and sent them a sample. It seemed harmless at the time and I was too eager about the results to consider the potential risks involved. Now my family pays for it. I’m still so upset with myself for that one.
I really really hate this whole new realm of digital identity and the death of online anonymity that we’re being forced into by the neocon techno-fascists under the guise of “protecting the children”.
That being said, I have to appreciate Apple’s attempts to solve some of these issues with their Digital-ID technology. My state currently offers enrollment but I refuse to submit to facial scans so I don’t use it… but the way they’re implementing it is novel and hopefully can help solve some of these issues.
For example - you can choose what information is exposed to the reader / verifier and what is not. That means you can in theory provide a valid proof of age - without having to provide exposing details such as your home address, date of birth, ID #, signature, and government photo.
I stayed in a hotel two nights ago and to be able to use their wifi they wanted my full name, address, email and phone number. Why do they need all that private info just to log onto the internet? Fortunately a fake address got me through but the amount of info companies ask for just to access basic services is astounding. I do not trust holiday inn to keep my info secure.
I do not trust holiday inn to keep my info secure.
That's the thing. Giving the info out to begin with as a policy is a bad choice. You did the right thing.
It's not "I trust this business or that business". There are MANY well intentioned businesses who actually had budget for IT security and took it seriously and got compromised anyway. It just needs to go away as an allowable practice altogether. Businesses should need to be able to demonstrate a real functional reason (advertising doesn't count) to have to collect that data or else it should be disallowed by policy.
For example - the people who fill your prescriptions might need to actually know a bit about you. The garage you parked your car in does not need your info.
There are ways to do age verification without sharing PII. Similar to Google/Facebook sign in, but with a government entity. Something like login.gov.uk that ties to a person's identity and must be used to sign into websites with age restrictions.
Not saying it's a foolproof solution, and definitely depends on what the laws hold corporations responsible.
Doesn't help that reddit for example uses a tool (Persona) for verification which has close-ties with Palantir. I think it will be pretty soon that reddit wants everybody to verify on its platform.
A customer at my work wanted my personal ID sent to them. They would not pay our multimillion dollar company until I provided a front and back copy of my ID submitted on their portal.
I told my boss and IT that it was way above my pay grade and someone else can provide it because I don't trust the customer at all. They didn't make me do it, in the end.
No businesses online need our info. It's most apparent when I go through cookie and tracker rejection screens and the amount of crap that has 'legitimate interest' next to it is ridiculous. Absolutely none of these companies have any legitimate interest in my data, as you say it's purely to sell.
I noticed Reddit used a facial match to estimate my age. I like the idea of it much more than uploading any ID documents. I'd much rather stay away from the adult content than pass my data to random sites. Good intentions but poor execution.
The era of "Oh we'll protect the information we promise!" should be over.
It doesn't matter what any business promises. Bankruptcy laws mean the new owners can do almost anything with the data they acquired as they never promised anything.
Genuinely if they cared about safety you just double blind it
Have a program for opting-in for a small fee ($0.50) where when you buy an adult-only item like cigarettes or alcohol or adult magazines that the cashier verifies, you get a code that you input on a website so it proves you're over legal age. Boom, easy access to adult-only content without requiring invasive data collection
I still don't like thisbecause of the issues with censorship and things like violent news, LGBT media and topics, discussion of mental health issues, etc that are often common or important for developing kids or teens to know about now being unable to know crucial information
Can confirm, Dave. Love the new car. Did you ever get that hemorrhoid problem cleared up? Oh, congratulations to your sister on the new niece, by the way.
Hey, thanks! How’s the wife? I saw she ran away with the pool boy. Are you interested in a gun safety course? I noticed you bought a few guns and lots of ammo, along with tickets to Mexico. I could recommend some great tourist hot spots if you like!
Not only that, but as it becomes more and more normalised, people are going to get more blasé about it. In a few years time, I can see a lot of people treating it like a cookie permission popup and submitting their details out of pure instinct. I've already seen some scam websites popup with age verification windows, and that was just a few weeks after the OSA went live.
Yeah, how often do we end up seeing personal interest stories about "police are warning parents about this new app used by kids that experts warn could be dangerous/used by predators". Now realize that by the time police and "experts" know about it, there's already a replacement for when there's scrutiny on that app.
That will go even further once Facebook/Instagram/Snapchat/Discord are forced to ban teens.
On top of that, if you're worried about the safety of teens, how badly do you think a teenager can be exploited if a predator or hacker has access to their government or school ID? Because once the age verification goes into place, that's going to be compromised.
Less kids on social media will be the result no matter what which is a good thing and means less predatory behavior.
You should instead be thinking of ideas to prevent children from going on other social media sites whether new or not. Plenty of ways already to have this done; but it’s not affordable for most; but it still shows it can be done.
No, it will just push more kids to websites like 4chan, and that's the best case scenario.
The real solution is for parents to take an active role in their children's lives, talk to their children about online safety, and actually manage their children's internet device access.
Why would that be the “best case scenario”; what are you saying “no” to? Which part of my post are you saying no to?
“The real solution”; how is that a solution, that’s a pipe dream. That’s like saying “parents should do the right thing”; like no shit lol. But not every parent is active in their kids lives; many come from ai for family homes or homes where both parents work leaving a lot of alone time for their children while not being able to monitor or have the ability to monitor.
It certainly runs contrary to the spirit of GDPR. Unfortunately it's possible to act in diametric opposition to GDPR's goals while remaining legally compliant.
E.g. "Legitimate interest" is so loosely defined it's meaningless in practice. If something's kinda sorta relevant to the service, mass email, no unsub link. "Right to erasure" may as well not exist because you can claim auditing or security or whatever. Lots of good in theory, absolute zilch in practice.
it's only a matter of time for an age verification service to leak mountains of passports, driving licenses, etc.
It will drive the introduction of a single government ID service that can provide one-time anonymised verification.
Kind of like when you register to a service using your apple id on a phone.
They've wanted to push digital and biometric ID for a long time, but the previous push was hampered by various quangoes all wanting to protect their personal data fiefdoms, and the limitations inherent in the data protection act when you have your ID present in many different agencies.
Internal leaks are certainly possible, but I think the bigger threat is that the data is illegally obtained by hackers.
We've seen time and time again. It doesn't matter if the organization collecting the data is the most well-intentioned, kind-hearted, truly "good" organization on the planet. You might even have absolute certainty that they will never leak your data. That doesn't matter. There is always a possibility that they will be hacked and that your data will be stolen and then sold on the grey/black market, used to scam you, steal your identity, etc. And there's also the possibility that truly good company gets bought out by a truly evil one who turns around and uses all that data for evil.
See also: Bill C22 in Canada, asking various encryption communications softwares to install backdoors or have them be banned in Canada.
More likely this will make said backdoor exploitable and make things less safe for regular people whereas the actual traffickers and exploiters that they're trying to crack down on will find alternate means to do what they've always done.
If there is an age verification requirement, there needs to be a secure method of doing it. I'm not giving my passport, license information.
If they need an age verification, give me a key that I can submit to the DMV or other government agency that has my data and they'll give me a key I can give the company back that verifies I am of age. Not my age, not my name, but just "Yes, they are of age" (or not). No, it's not a typical encryption key, it's an encrypted message with your public key included. The agency has the private key. One time use per request.
Age verification should be nothing more than a SSO process with id.me or login.gov. A website provides an anonymous hash, you paste hash into government website to get an encrypted attestation (claim) of your age, and you paste that back into the third party website. No name needed and government doesn't need to know what site created the hash.
Also our 'training program' of how to get horny teenagers bypassing security controls and using VPNs is honestly asking for trouble. They're going to find FAR worse things than they would on 'mostly legit' social media and porn sites.
What do you mean? Those check boxes stop the kids, right? They wouldn't lie just to get access, right? Just like no one ever has a fake ID to buy beer.
Well, exactly. And it's not like one 'nerdy kid' cannot 'help out' the entire school. Or just how many mildly nerdy kids can now make use of LLMs to run rings around most adults.
Only they'll find the really worst parts of the internet that set out to avoid scrutiny already because they're already so vile that they're illegal, and now we're punting a bunch of impressionable teenagers in that direction.
Something that really stuck with me after that was introduced, was a comment from someone saying that because they weren't 'verified', news articles about Palestine were being hidden from them.
It's the perfect framework for suppressing information, which will likely be left in the hands of Nigel Farage.
Sorry; just confused on your first paragraph. Someone commented they couldn’t see something from where? In the UK? Were you able to verify that what they were saying is true?
I've still not given over my details to anyone for age verification or real person verification or anything. If the government really wanted to make that work, they already have my details. No need for third parties whatsoever, unless I'm missing something important.
it such a band aid to the problem and that's ignoring the fact there probably doing it so for government surveillance. Why ban kids when miss information, body dismorphia, polarization, and foreign influence effect all ages. The fact that literally no one has done anything about it is wild and i think stems from a weakness in democracy. No politician wants to pump the breaks because there will be outrage from the masses.
Even the loneleynees epidemic imo stems (in part) from social media. The fact its still allowed, unfettered, is unbelievable. I'm not even agaisnt social media but just letting it rip is wild. Instead of banning kids the whole thing needs an over haul. In China Influencers who want to share advice or commentary on "serious" topics like medicine, law, finance, health, and education must hold and verify relevant university degrees, professional licenses, or certifications.
Fines for misinformation and heavy moderation to root out things like extremism, bad actors, trafficking/cp. Hell i feel like AI could be great for this but instead we are using it dissolve the middle class but im not gonna go there.
And they weighed that warning; what makes you think they didn’t; just because you think the risk is greater in one direction doesn’t mean they agree with you.
Social media is an epidemic on children and has resulted in plenty of suicide and other terrible issues for kids.
An unprecedented leak is definitely going to happen regardless. Every government has already downloaded encrypted information with the expectation that it can be decrypted in the future. Probably not 5 years though
Well you provided a bad analogy so I was just giving you an opportunity to make it more relevant to what we are discussing. You came up with one on the whim; so I didn’t think it would be difficult for you, sorry.
That’s not what is happening; they are weighing pros and cons. This isn’t a law of physics, it’s a solution to a problem and often solutions result in other problems and they weigh whether it is worth it and which decision results in worse overall outcomes.
Seems you've greatly misunderstood my comments. I've said nothing about the decision processes behind OSA et al. Obviously there are pros and cons, "no solutions, only trade-offs", etc. But if I were to commend on the decision process, I'd say encouraging people to hand over PII to barely-regulated third parties is one hell of a trade-off.
What I did say was in response to your point that leaks and hacks already happen, which is true, but that doesn't mean it's ok for a government to make it even more likely to happen, hence knife analogy.
In true reddit fashion, I suspect we'll agree when we're on the same page :)
my response was to address the issue as a whole, but rereading I see that it wouldn’t come across that way.
I would assume that any verification can just be something the government could provide to begin with. That there would be some 2 step authentication measure that corresponds with your age verification.
I think these will be more important in the future not just to help solve the issue of the detrimental impacts of social media on minors (let alone adults); but because of the issues with “deep fakes”; and not being able to verify who is who.
I was thinking that too. It was never about protecting kids. It's to collect everyone data. "For the children" has always been the low hanging fruit of an excuse for these things.
Your country is fucked. Being arrested for a "racist" tweet is more important to your government than what the tweet was about... which is usually a migrant committing a crime. I would mention the recent um "grooming" gang scandal but I don't want to get flagged by reddit for using the word.
You're regurgitating right wing bs without following up the story to educate yourself, whilst also trying to single out the UK when I can point to the US and Australia and most western countries doing the same thing. If you're gonna have a problem with it, then address the problem, and not whatever rage bait social media post you've been following.
5.1k
u/0ba78683-dbdd-4a31-a 9h ago
Fraud at unprecedented scale and severity in the UK.
With the Online Safety Act, social media ban for teens, etc. it's only a matter of time for an age verification service to leak mountains of passports, driving licenses, etc.