Discord cuts ties with identity verification software, Persona

I am not convinced.

Teter Piel (don't want to use the other name) kind of purchased a LOT of influence power via lobbyists. One lobbyist is Sebastian Lurz (also not going to use the real name here; the letter "l" is an in-country humourous take on Lüssel, Lasser and so forth - ex-politicians). The superrich buy influence and worsen the situation for the rest of us. This has to stop. The USA is currently under direct control of them - this also has to stop. I do not buy into Discord's attempt here though - they 100% knew what they were doing. The only reason they respond in this way is because they alienated and scared their user base with their idea to sniff-invade everyone. It was never about protecting kids in the first place - it was to spy.

The referenced write-up based on the Persona front end code is here:

https://vmfunc.re/blog/persona

I definitely recommend reading this primary source before drawing conclusions about the code as most of the secondary reporting is quite low quality.

Ah man, just tried to submit this with the title "Discord cuts ties with Peter Thiel-backed SaaS once code tied to US spying found" which is slightly better I think, and fits exactly within 80 characters :)

I think the whole "after its code was found tied to U.S. surveillance efforts" part is new and wasn't known before, so feels important to have in the title too. Although most of us probably assumed it was true before too.

Everyday someone cuts ties with Palentier's Peter Thiel (or the rest of the digital mafia), it's a good day for society as a whole.

the damage is already done though. Discord just burned years of goodwill and trust. Im in a few discord communities and while they aren't moving Im not looking to join any more right now because of this whole thing.

Related: I Verified My LinkedIn Identity. Here's What I Handed Over https://news.ycombinator.com/item?id=47098245

For anyone interested, they published the post-mortem of the referenced incident:

https://withpersona.com/blog/post-incident-review-source-map...

So does this mean Discord is scrapping its new face verification requirement for users, or imply they’re no longer using this 3rd party service (Persona) to do it? The article wasn’t too clear on that.

>Nearly 2,500 accessible files were found sitting on a U.S. government-authorized endpoint, researchers pointed out on X. The files showed Persona conducted facial recognition checks against watchlists and screened users against lists of politically exposed persons.

>Persona performs 269 distinct verification checks, including screening for “adverse media”

im sure everyone assumed this, but its good to know it.

>And the information was openly available. “We didn’t even have to write or perform a single exploit, the entire architecture was just on the doorstep,”

it is kind of scary how often these types of situations are only found out because of wild incompetence. you have to imagine that most similar situations dont suffer from the same incompetence (and thus arent known)

>“At Discord, protecting the privacy and security of our users is a top priority.

please, i wish companies would just stop saying this obvious lie. you know that you dont care. we know that you dont care.

>It’s dystopian that we want people to facedox themselves to everyone to be real online.

.... says the ceo of the company that you have to send your face ("facedox", if you will) to

Early 2024 if you had speculated about this about Persona's broader goals you would have been called nuts. It has become increasingly obvious though.

This name is turning radioactive. Not a bad thing.

Does cutting ties with Persona actually take them out of the picture? Whomever they move to can then relay or sell data to Persona. Third party turtles all the way down. inb4 but they pinky promised...

The appropriate solution would be to send an RTA header [1] from the servers and the client must check to see if parental controls are enabled on the device or in the application. Not perfect, but likely sufficient to protect small children assuming the account is a child account and the parent enabled parental controls. Teens will always be able to bypass controls whether local or third party. Teens can share porn, warez, movies and more in rated-G video games with one another and small children. Or over SFTP/FTP/P2P/S3/HTTPS. Or a million other ways. Have fun playing whack-a-mole.

[1] - https://news.ycombinator.com/item?id=46152074

They sacrificed one, but was it to save the rest? Surely Theil didn't act alone or in a vacuum

what is such a shame is, well, two things: first, that these companies even do this kind of thing at all (i.e., age verification); and second, that it takes the kind of backlash this event has generated for them to cut ties with these companies. Apparently, it is too much to ask for any corporation to even give a damn about who runs or backs another corporation that they want to associate themselves with these days.

They should never even started doing businesses with that labeled figure.

Like ring recently, they just try to see it the thing sticks and that pisses me off. They should have that as a starting point.

> According to Discord, only a small number of users were part of this test, in which any information submitted could be stored for up to seven days before it would be deleted.

Ah yes, we only store it for 7 days. During those 7 days, we pass it to Persona, and who knows how long they keep it!

For some reason, discord has never asked more from me than a verified email address. No phone number or anything else. Maybe I'm being monitored and they don't want to spook me off the honeypot? Half joking..

Right, and in June they'll try it again. Small setbafk

This does not cure the face scanning nonsense. I deleted and am not going back.

discord already had 70k government IDs breached through age verification last year. their fix was handing the next batch to a vendor with 2500 files sitting on a government endpoint.

Who IS still using this verification software?

Finally

So what? They'll just outsource it to somewhere else.

Only question is who's going to lose the data first, Discord or the subcontractors?

Matrix works. You don't need Discord.

Do not believe them.

What the hell does Discord need identity verification for in the first place?

Too fucking late, eat shit Discord. We’re all moving to E2E encrypted platforms.

These guys need to spend a few million on helping them be cool because its fucking their money up. Zuck was headed in the right direction for a minute there. Thiel and Altman are still too weird for most people. Karp is probably in the middle to me. Tasteless, sauceless, billionaires.

There were a few popular Discord channels where moderators would regularly suspend or ban me. They were toxic communities that advocated for doxxing for mundane reasons. The idea that Discord moderators (even worse than Reddit mods) could have access to verified identities from Palantir related databases sounds so atrocious. Who exactly in their right minds thought this was a good idea in the first place?

I'm glad to see "Peter Thiel-backed" becoming a widely-recognized epithet.

[dead]

[flagged]

> politically exposed persons

I do not know what this euphemism means. Is this like the modern trend of calling inmates “justice involved individuals”?