@paco @BenAveling it is just a stupid electronic device
-
@michael Was it Zendesk? Someone else replied that it was 5CA and sent this link
Holding statement regarding Security Incident
We are aware of a recent security incident. Learn how 5CA is responding and protecting client and community data.
5CA (5ca.com)
The phrase “our vendor used to review age-related appeals” in the discord disclosure made it sound like the vendor did the appeals. So maybe discord did the initial verification, but this vendor was doing more than just storing images.
Then I might have been wrong and there were more leaks. They definitely had one last year, where they hosted pictures of peoples' passports in Zendesk (which is all kinds of insane).
If they used a "proper" age verification service and they leaked, that's an entire new can of worms. (Though I still think Discord in particular having age verification is not a bad thing.) -
@paco
When I logged back into LinkedIn a few a months ago (after years of blissful absence) it asked me to "verify" my identity. So I click "ugh, fine" and got redirected to a 3rd party asking for all of my personal info. lol. that was a quick "Cancel". -
@paco
Sadly: "called it!" -
@paco why does every company say "at [insert company] your privacy is our priority"? are they just taught this?
-
@paco If any Discord server I use starts asking for age-verification, that's the day I leave that server.
It's one thing to be asked to trust Discord (or whatever other company) who you know you're dealing with because that's their name on the website. I can decide if I trust them or not. It's another thing for them to be using some third party who I never heard of and have no idea if I should trust.
-
@paco Yet another reason to not use Discord. It was bad from the start and it hasn't gotten better. I wish companies would stop leaning on it more and more for things like tech support too. We shouldn't have to risk identity theft for tech support.
-
@elaine @paco I don't think everyone sending their id to one of 3 American mega corps is a "win" for anyone.
1. They're all actively supporting the regime
2. Even without the current president, they're under the cloud act so that data is still accessible by US
3. Even if the mega corps were not owned by the US, they don't care about our data, privacy, human rights, they are involved in wars and oppression of various peoples.
4. Centralised services are not safer per se. -
@elaine @paco I don't think everyone sending their id to one of 3 American mega corps is a "win" for anyone.
1. They're all actively supporting the regime
2. Even without the current president, they're under the cloud act so that data is still accessible by US
3. Even if the mega corps were not owned by the US, they don't care about our data, privacy, human rights, they are involved in wars and oppression of various peoples.
4. Centralised services are not safer per se....and I should not have to submit ID to my operating system, or to access my own computer!
-
-
-
@harryadney @paco The government wonks were told too, it's just that this time instead of holding off on deployment (kicking it into the long grass) they charged ahead and damn the consequences. Brexit grade "who needs experts?" idiocy.
-
@paco Yet another reason to not use Discord. It was bad from the start and it hasn't gotten better. I wish companies would stop leaning on it more and more for things like tech support too. We shouldn't have to risk identity theft for tech support.
@xoagray Agreed. Plus, discord is not organized or searchable. What I can’t understand is why the maintainer of a product would want people to pop in and ask basic questions in chat. Advanced questions? Sure. Inter-developer communication on the core team? Sure. We’ve had IRC for that for ages and I can see how discord fills that need. But when we think about the basics, that’s what forums and faq’s and web pages and stuff are for. As a maintainer I’d want easy stuff to be answered by RTFM and only ping a person for unusual stuff.
I get frustrated with projects that have crappy documentation and push everyone to discord. It’s so hard to get basic info out of it.
-
@xoagray Agreed. Plus, discord is not organized or searchable. What I can’t understand is why the maintainer of a product would want people to pop in and ask basic questions in chat. Advanced questions? Sure. Inter-developer communication on the core team? Sure. We’ve had IRC for that for ages and I can see how discord fills that need. But when we think about the basics, that’s what forums and faq’s and web pages and stuff are for. As a maintainer I’d want easy stuff to be answered by RTFM and only ping a person for unusual stuff.
I get frustrated with projects that have crappy documentation and push everyone to discord. It’s so hard to get basic info out of it.
@paco Or even just basic email support. That should be a universal constant and it's just not anymore.
-
@paco the only thing discord is better than a forum: it is not searchable!
When aksing dumb question in the chat, nobady can answer "use search function first, we answered this about 1k times!" because everbody knows even following the own thread is a pain in the ass. Reading the followUps to questions from random dudes is like runnning naked in 6 circle of hell beeing chased by porcupines. -
@alice @ElBeeToots @paco The correct way to safely store sensitive personal data is *not to fucking do it* unless storing that data is necessary to carry out your customer's task and then, and this is the important bit, *delete the god damned data once you're through with it!!!!*
Since I know that nobody is good at storing personal data securely, I'm extremely reticent to give any data to anyone. If you want to verify my age, fine, you can look, and then you've done it and don't need it anymore
-
@paco The small races matter. Thank you for your election service.
-
@alice @ElBeeToots @paco The correct way to safely store sensitive personal data is *not to fucking do it* unless storing that data is necessary to carry out your customer's task and then, and this is the important bit, *delete the god damned data once you're through with it!!!!*
Since I know that nobody is good at storing personal data securely, I'm extremely reticent to give any data to anyone. If you want to verify my age, fine, you can look, and then you've done it and don't need it anymore
@StarkRG @alice @paco Authorities like your national government or financial service providers like banks have to permanently store personal data, some of it sensitive.
But I agree that it's seldom necessary for most commercial parties to store that data beyond the scope of the service that they provide.
-
@alice @ElBeeToots @paco The correct way to safely store sensitive personal data is *not to fucking do it* unless storing that data is necessary to carry out your customer's task and then, and this is the important bit, *delete the god damned data once you're through with it!!!!*
Since I know that nobody is good at storing personal data securely, I'm extremely reticent to give any data to anyone. If you want to verify my age, fine, you can look, and then you've done it and don't need it anymore
@StarkRG I agree. My dermatologist wanted to scan a copy of my ID and I didn’t want them to. I got into a bit of friction at the check-in desk. Ultimately I asked “are you going to refuse to do business with me if I don’t let you scan my ID?” And they relented.
Medical companies are notorious for having bad cyber security. It’s bad enough that these folks have my medical records. But that’s what they do, so they must. No need to give them anything optional to store.
-
@StarkRG @alice @paco Authorities like your national government or financial service providers like banks have to permanently store personal data, some of it sensitive.
But I agree that it's seldom necessary for most commercial parties to store that data beyond the scope of the service that they provide.
@ElBeeToots @alice @paco Sure, if the need to keep the data is ongoing and known, it makes sense to keep it. Most of the time, though, they keep the data just in case they might need it again in the future for some as yet unknown purpose. That should not be allowed.
This is also why I almost never accept store credit for a refund. No, I gave you money for the thing, and now you have the thing so you need to give me back the money.
-
@paco Yet another reason to not use Discord. It was bad from the start and it hasn't gotten better. I wish companies would stop leaning on it more and more for things like tech support too. We shouldn't have to risk identity theft for tech support.
@paco@infosec.exchange @xoagray@tiggi.es Id already be glad when FOSS projects would stop using it.
