"age‑verification schemes introduce structural risks that cannot be mitigated merely by assurances from vendors or platform operators. Age checks that demand biometric scans, government ID uploads, or behavioural profiling expands the data surface available for exploitation."
"Biometric data is especially valuable - unlike a password, your face and fingerprints cannot be changed. Once they have been hacked, you cannot get them back."
"With it, attackers could find out how requests are structured, how data flows between services, and how Persona validates identities. This information could be the basis to construct fake verification scripts or bypass safeguards entirely."
Discord paused its age verification rollout after security researchers discovered that third-party vendor Persona's frontend code was exposed on the open internet, potentially allowing attackers to bypass identity safeguards. This incident highlights fundamental privacy risks inherent to age verification systems. Biometric data like facial scans and fingerprints are particularly vulnerable because, unlike passwords, they cannot be changed once compromised. Discord previously experienced a data breach affecting approximately 70,000 users' ID photos. The company now plans alternative verification methods including credit card verification. Privacy advocates emphasize that age verification schemes introduce structural risks that cannot be mitigated through vendor assurances alone, and such systems normalize pervasive digital identity requirements across the internet.
Read at Privacy International
Unable to calculate read time
Collection
[
|
...
]