@paco @BenAveling it is just a stupid electronic device
-
@kerfuffle Is it worth highlighting? I mean, admitting that it happened is surely the lowest possible expectation. Do we pat them on the back and give them a participation trophy? In some jurisdictions, this disclosure is mandated by law (which is why these laws are good). Is it worth mentioning that they chose to do what the law said they must?
-
No they didn’t. They did their own age verification and stored images of passports in Zendesk (iirc, or some other support desk software). Discord acted completely irresponsibly and discord NEEDS age verification due to their young target audience and child enthusiast problem. I agree with your point, but your representation of what happened at Discord is entirely wrong.
@michael Was it Zendesk? Someone else replied that it was 5CA and sent this link
https://5ca.com/blog/holding-statement-security-incident/
The phrase “our vendor used to review age-related appeals” in the discord disclosure made it sound like the vendor did the appeals. So maybe discord did the initial verification, but this vendor was doing more than just storing images.
-
@paco inevitable.
Too good a target of course this happened and will keep happening. Waiting for the big one that makes photo ID worthless. -
@michael Was it Zendesk? Someone else replied that it was 5CA and sent this link
https://5ca.com/blog/holding-statement-security-incident/
The phrase “our vendor used to review age-related appeals” in the discord disclosure made it sound like the vendor did the appeals. So maybe discord did the initial verification, but this vendor was doing more than just storing images.
Then I might have been wrong and there were more leaks. They definitely had one last year, where they hosted pictures of peoples' passports in Zendesk (which is all kinds of insane).
If they used a "proper" age verification service and they leaked, that's an entire new can of worms. (Though I still think Discord in particular having age verification is not a bad thing.) -
@paco
When I logged back into LinkedIn a few a months ago (after years of blissful absence) it asked me to "verify" my identity. So I click "ugh, fine" and got redirected to a 3rd party asking for all of my personal info. lol. that was a quick "Cancel". -
@paco
Sadly: "called it!" -
@paco why does every company say "at [insert company] your privacy is our priority"? are they just taught this?
-
@paco If any Discord server I use starts asking for age-verification, that's the day I leave that server.
It's one thing to be asked to trust Discord (or whatever other company) who you know you're dealing with because that's their name on the website. I can decide if I trust them or not. It's another thing for them to be using some third party who I never heard of and have no idea if I should trust.
-
@paco Yet another reason to not use Discord. It was bad from the start and it hasn't gotten better. I wish companies would stop leaning on it more and more for things like tech support too. We shouldn't have to risk identity theft for tech support.
-
@elaine @paco I don't think everyone sending their id to one of 3 American mega corps is a "win" for anyone.
1. They're all actively supporting the regime
2. Even without the current president, they're under the cloud act so that data is still accessible by US
3. Even if the mega corps were not owned by the US, they don't care about our data, privacy, human rights, they are involved in wars and oppression of various peoples.
4. Centralised services are not safer per se. -
@elaine @paco I don't think everyone sending their id to one of 3 American mega corps is a "win" for anyone.
1. They're all actively supporting the regime
2. Even without the current president, they're under the cloud act so that data is still accessible by US
3. Even if the mega corps were not owned by the US, they don't care about our data, privacy, human rights, they are involved in wars and oppression of various peoples.
4. Centralised services are not safer per se....and I should not have to submit ID to my operating system, or to access my own computer!
-
-
-
@harryadney @paco The government wonks were told too, it's just that this time instead of holding off on deployment (kicking it into the long grass) they charged ahead and damn the consequences. Brexit grade "who needs experts?" idiocy.
-
@paco Yet another reason to not use Discord. It was bad from the start and it hasn't gotten better. I wish companies would stop leaning on it more and more for things like tech support too. We shouldn't have to risk identity theft for tech support.
@xoagray Agreed. Plus, discord is not organized or searchable. What I can’t understand is why the maintainer of a product would want people to pop in and ask basic questions in chat. Advanced questions? Sure. Inter-developer communication on the core team? Sure. We’ve had IRC for that for ages and I can see how discord fills that need. But when we think about the basics, that’s what forums and faq’s and web pages and stuff are for. As a maintainer I’d want easy stuff to be answered by RTFM and only ping a person for unusual stuff.
I get frustrated with projects that have crappy documentation and push everyone to discord. It’s so hard to get basic info out of it.
-
@xoagray Agreed. Plus, discord is not organized or searchable. What I can’t understand is why the maintainer of a product would want people to pop in and ask basic questions in chat. Advanced questions? Sure. Inter-developer communication on the core team? Sure. We’ve had IRC for that for ages and I can see how discord fills that need. But when we think about the basics, that’s what forums and faq’s and web pages and stuff are for. As a maintainer I’d want easy stuff to be answered by RTFM and only ping a person for unusual stuff.
I get frustrated with projects that have crappy documentation and push everyone to discord. It’s so hard to get basic info out of it.
@paco Or even just basic email support. That should be a universal constant and it's just not anymore.
-
@paco the only thing discord is better than a forum: it is not searchable!
When aksing dumb question in the chat, nobady can answer "use search function first, we answered this about 1k times!" because everbody knows even following the own thread is a pain in the ass. Reading the followUps to questions from random dudes is like runnning naked in 6 circle of hell beeing chased by porcupines. -
@alice @ElBeeToots @paco The correct way to safely store sensitive personal data is *not to fucking do it* unless storing that data is necessary to carry out your customer's task and then, and this is the important bit, *delete the god damned data once you're through with it!!!!*
Since I know that nobody is good at storing personal data securely, I'm extremely reticent to give any data to anyone. If you want to verify my age, fine, you can look, and then you've done it and don't need it anymore
-
@paco The small races matter. Thank you for your election service.
-
@alice @ElBeeToots @paco The correct way to safely store sensitive personal data is *not to fucking do it* unless storing that data is necessary to carry out your customer's task and then, and this is the important bit, *delete the god damned data once you're through with it!!!!*
Since I know that nobody is good at storing personal data securely, I'm extremely reticent to give any data to anyone. If you want to verify my age, fine, you can look, and then you've done it and don't need it anymore
@StarkRG @alice @paco Authorities like your national government or financial service providers like banks have to permanently store personal data, some of it sensitive.
But I agree that it's seldom necessary for most commercial parties to store that data beyond the scope of the service that they provide.
