> On-device processing: Video selfies for facial age estimation never leave a user’s device.
If true, there's little problem with just this from a privacy perspective, but that also makes it useless. Someone is going to make a browser extension to bypass/feed it a fake webcam feed.
> Identity documents submitted to our vendor partners are deleted quickly— in most cases, immediately after age confirmation.
However if they ask me to submit my ID to any third party, I'd sooner ditch discord. My default assumption is that this will get leaked, tying everyone's discord account to their real identity publicly. Discord seems to have halfway decent opsec, but I don't trust their "vendor partners" at all. I'll try submitting a fake ID, but if I get banned for it, then so be it.
This would, most likely, go hand in hand with “Discord is no longer allowed on rooted devices” and “Discord desktop is disallowed from client-side effort”, given the necessity of attestation to make it viable on mobile and the near-total absence of third parties taking advantage of the necessary protections on desktop.
I doubt it'd work here though. You know you can just print out a fake ID and show it to the camera. I doubt the app will be able to tell. Attestation doesn't really change this.
If it truly never leaves your device, you'd also be able to use the same fake ID for your entire friend group.
The cynical and best-case take is they don't actually care, and it's just a gesture to show to authorities to prevent further regulation. In which case they wouldn't try especially hard, which is a good thing.
The authorities would need to provide the framework for more intensive regulation, which would end up being expensive and also duplicating the work of the post office’s ID verification service, at which point you’re verging on “federal identity verification service”. Which, yes, really ought to exist — we defer that to banks and cell companies today?! — but I somehow doubt it likely to occur under the current structure.
Perfect enforcement is not required for authoritarians. All they need is to have a threat of punishment, and a questionable process of uploading your ID is more than sufficient for that purpose. Most people will comply in advance.
More groups than authoritarians support online age checks of various sorts, and any for-profit enterprise would far rather externalize the heavy lifting of profitless identity verification to a government agency or contract. Coincidentally, I noticed Discord doesn’t seem to accept ID.me; how curious! If anyone has a larger database of verified ages with online proofs, I’m not sure who it would be.
Yes, this shitty world where we can't control our devices we need to have (as they need to work against us) seems to be inevitable.
But I'm actually happy that these "protections" don't yet exist on desktop (albeit DRM already does).
If something really needs to work against my interest (for greater good), be it a smartcard, not my smartphone and definitely not my PC.
If true, there's little problem with just this from a privacy perspective, but that also makes it useless. Someone is going to make a browser extension to bypass/feed it a fake webcam feed.
> Identity documents submitted to our vendor partners are deleted quickly— in most cases, immediately after age confirmation.
However if they ask me to submit my ID to any third party, I'd sooner ditch discord. My default assumption is that this will get leaked, tying everyone's discord account to their real identity publicly. Discord seems to have halfway decent opsec, but I don't trust their "vendor partners" at all. I'll try submitting a fake ID, but if I get banned for it, then so be it.