Large platforms have been rushing to implement age verification systems. The long warned about security issues are continuing to happen.
As the UK government continues its crack down on websites for refusing to throw their users under the bus by implementing terrible age verification systems, it seems the rush to push these age gates are having the hugely predictable results that we’ve long warned about.
There are a huge list of problems with these age verification systems. For one, they are easily circumvented in more ways than one. For another, these systems are notoriously insecure. Unfortunately, governments in multiple jurisdictions have taken the approach of “damn the consequences” and rushed through this anyway. This with the thinking that if you legislate an envisioned technology, that the techno geeks out there will nerd harder and come up with some magical solution to make it happen. This is what I’ve long classified as an effort to just legislate magical technology into existence.
Even more frustrating is that when these flaws are pointed out, the response is that, in their mind, the technology is “good enough” and promptly ignore the warnings. Some even go so far as to say stupid things like people are too stupid to understand VPNs, so it’s not an issue worth looking at. This despite that history repeatedly shows that users go, in droves, to VPNs when ever something like age verification is being forced on people. Still, for all the problems, government has a tendency to just jam their fingers in their ears and scream “la la la I can’t hear you!!!”
Of course, as I’ve been saying for years, reality doesn’t care about your personal beliefs. It just does what it does. The reality is that this technology is highly ineffective and insecure and just writing in a requirement about the technology being “highly effective” doesn’t change that fact. As a result, we’ve seen ID systems suffer from leaks and even hacks. Just saying “good enough” doesn’t change the fact that the information can get hacked or leaked.
As if to punctuate this point, I recently learned of another ID verification getting hacked. Tea Dating Advice, an app meant to help women with dating, has been hacked. The company released a statement talking about the incident:
At 6:44 AM PST on 7/25, we identified unauthorized access to our systems and immediately launched a full investigation with assistance from external cybersecurity experts to understand the scope and impact of the incident. Here’s what we know at this time:
A legacy data storage system was compromised, resulting in unauthorized access to a dataset from prior to February 2024. This dataset includes approximately 72,000 images, including approximately 13,000 selfies and photo identification submitted by users during account verification and approximately 59,000 images publicly viewable in the app from posts, comments and direct messages.No email addresses or phone numbers were accessed. Only users who signed up before February 2024 were affected.
This information was stored in accordance with law enforcement requirements related to cyber-bullying investigations.
We are working around the clock with internal security teams and third-party experts to secure our systems. We are currently working to determine the full nature and scope of information involved in the incident.
We will continue to share updates as more information becomes available. In the meantime, if you have questions or concerns, please contact our support team at support@teaforwomen.com.
Your data privacy is of the utmost importance to us. We are taking all necessary measures to strengthen our security posture and ensure that no further data is exposed. Thank you for your trust—and for your patience as we address this with the urgency it deserves
People are repeatedly told that when you submit a photo ID to various ID systems, the information gets destroyed shortly after when the company has verified that you are who you say you are. That very clearly didn’t happen here. Instead, that information was stored for later use. I mean, if the purpose was to simply identify yourself for security reasons, why store the photo afterwards for extended periods of time? There’s plenty out there that are rightfully worried that this biometric information could get sold to third parties (ala shady data brokers) for profit afterwards. Those 13,000 photos that were not part of the public facing part of the site clearly didn’t get deleted at all.
Either way, this only further proves my point of just how insecure these systems truly are. If you are circumventing an age verification with something like a VPN, you are invariably getting rewarded with your information not being compromised. If you are honest and wish to just abide by the laws, then you get punished with your information being exposed to blackmailers and fraudsters. It’s that simple.
This is why the rush to implement these systems is such a foolish thing to do. The technology to effectively identify people while also maintaining people’s privacy simply doesn’t exist. All you are doing is mandating the implementation of a broken technology that makes everyone less secure on the wide open internet. As time moves on, we will see this point get proven over and over and over again.
Drew Wilson on Mastodon, Twitter and Facebook.
Discover more from Freezenet.ca
Subscribe to get the latest posts sent to your email.
