Discords age verification system has suffered from a data breach, exposing some of the government IDs provided by users.
I’ve said it before and I’ll say it again: age verification systems are not secure. This aspect of the age verification debate has long been obvious. We’ve had analysis and studies and more studies warning about this. If all of that wasn’t enough, we’ve had leaks, breaches, and hacks to prove the point. On top of that, we’ve also seen AgeGO, an age verification system used by sites like XVideos, get busted tracking people’s online movements despite claims of being a “double blind” service.
Now, I wouldn’t be surprised that there are a few people out there who would argue that this would never happen to any major non-porn services. Those would be highly secure. Well, if that desperate argument was out there, that one just went bye-bye along with the other arguments for age verification. From TechDirt:
Once again, we’re reminded why age verification systems are fundamentally broken when it comes to privacy and security. Discord has disclosed that one of its third-party customer service providers was breached, exposing user data, including government-issued photo IDs, from users who had appealed age determinations.
Data potentially accessed by the hack includes things like names, usernames, emails, and the last four digits of credit card numbers. The unauthorized party also accessed a “small number” of images of government IDs from “users who had appealed an age determination.” Full credit card numbers and passwords were not impacted by the breach, Discord says.
Seems pretty bad.
What makes this breach particularly instructive is that it highlights the perverse incentives created by age verification mandates. Discord wasn’t collecting government IDs because they wanted to—they were responding to age determination appeals, likely driven by legal and regulatory pressures to keep underage users away from certain content. The result? A treasure trove of sensitive identity documents sitting in the systems of a third-party customer service provider that had no business being in the identity verification game.
To “protect the children” we end up putting everyone at risk.
Once again, age verification systems are NOT secure. I’ve already said as much even in video format. This point keeps getting proven over and over and over again. These security incidences will keep cropping up because lawmakers will continue to ignore the evidence and bury their heads in the sand as they push for mandates on implementing a technology that puts everyone at risk.
As long as government continue to ignore the dangerous problems with age verification, then these sorts of things will continue to happen. It’ll be the people who will pay the price for this… over and over again.
speaking of, more committee meetings for s-209 today and tomorrow, with several people coming in from both sides of the opinion on age verification. Today we got people from the free speech coalition, ethical capital partners, Aylo, Victoria Nash, Pierre Trudel, and Yoti. Tomorrow we got James Bethell, and members from the internet society, Canada civil liberties association, national council of women of Canada, arcom, German media authorities, and Canadian centre of child protection.
lets hope the saner voices are louder
I tried looking for a way to make a submission on this hearing, but couldn’t find it. I also tried messaging the Senate about submitting something, but never heard back. Looks like I missed the boat on that one, so I’ll have to wait for it to reach the House of Commons committee for the next opportunity. :\
I hate that we have to wait till its nearly too late to fight it. can only hope it dies way before then but that seems unlikely.
What I find laughable(if it wasn’t sad) is the complete absence of serious penalties—such as going out of business or facing prison time—for those responsible for putting us all in danger: from the hackers, to the companies storing data that should never have been kept, to the government officials who signed off on and promoted these dystopian measures and then “wash their hands” of it.
It’s such an obvious thing to fix for this bill, yet every time people bring these issues to those pushing it, you either get nothing but crickets or get told that asking politely is more than enough. It’s insane.
more meetings in 2 weeks on s-209. meanwhile looks like James Bethell spent his entire interview pushing the OSA and trying to get canada to adopt it too.
It’s things like that that have me sometimes comparing bad bills to infectious disease. You get a country that is basically the first infection and other countries suddenly become at risk of getting infected with it as well. I remember seeing this in action with the Online News Act when we literally had Australian lawmakers who pushed for the Australian version openly lobby the Canadian government to pass similar laws in both the House of Commons and Senate committees. The foreign interference can be that naked. OSA is very similar in nature.