>Discord lost thousands of them, despite promising to delete them after age verification occurred (and then not doing so)
This is misleading, yet everyone seems to repeat it. Discord's implementation of ID verification did not retain IDs. Reporting on this was so poor, but what appears to have happened was that people that failed age estimation / ID checks had to raise a support ticket and get manually reviewed. That support platform was pwned and the active support tickets were leaked. Who knows how long these support tickets were set to live for, but up to 70,000 active tickets getting leaked feels like a drop in the bucket. It's also not immediately clear to me what the alternative is (other than not getting hacked), when you require human intervention to review problematic IDs. Even if the ID only lived on their server for 24 hours during manual review, across a userbase of >200 million users, that's a lot of IDs at risk at any given moment, especially during these initial roll outs of age verification.
This is a distinction without a difference. Users were assured their selfies would not be retained and they were. Discord then proceeded to lose those selfies to bad actors, after promising not to retain them. The incident has caused enormous distrust of all age verification systems, which were already starting in the mind of the community from a base level of skepticism. It's already highly invasive to take a photo of yourself, but then the user must trust that the organization on the other end will handle it appropriately. To have that trust so conspicuously broken poisons the well for all other age verification systems and websites that are legally compelled to use it, or face penalties from aggressive organizations like OFCOM.
I disagree! There very much is a distinction and every age verification process will have the same failure mode. If there is something wrong with your account or ID, the user will have to go via the manual support proccess, which necessitates sharing particulars with falliable humans and the fragile support process. The alternative is to offer no support and prevent them from using the service... which is by far the worst outcome.
Were users assured that the selfies they emailed to support would not be retained? I'm loath to defend the multimillion dollar corporation, but let's at least be fair.
Yet the Maccas app in Australia is atrocious for me. Takes >30secs to load the huge ad that pops-up before you can get to the menu. Close the ad and the menu takes another eternity, then inside each sub menu, you wait another eternity for the pictures to all load. Meanwhile, all of this content could just be downloaded in the background and cached for future loads...
And the app continues to get worse each update. The checkout process used to be quick and responsive. They've since made it require additional clicks and take much longer.
Is there anyone who uses the app and orders premium options and uses coupons that don't represent much of a discount... yet, the app STILL takes a long time to load?
Causing delays for unprofitable customers. Any business is going to do it if they can. /tinfoil
I don't want to touch their greasy in-store touch screens that thousands of other people touch. And those "deals" are way cheaper per user than large marketing campaigns, and probably more effective too.
I wonder how slow you can make an app before a significant number of people will just order elsewhere? Give it a few more years of downgrades to the app, and I'll have reached it.
They more effective because they can sell our Big Mac consumption to our health insurance company? That is purely an assumption, by the way. Maybe someone tried to write a law once to prevent that.
That's funny about it being bad enough, it just makes you want to leave.
And to anyone reading- be careful with the McDonald's spyware, by the way. You might have it for lunch. Then by dinner time, see a little icon on your phone and realize they've been tracking your precise location all day.
Cloudflare has a stranglehold on the internet, but its marketshare is much lower than the incumbant email giants. Aprroximately 70-90% of all email goes through Google & Microsoft. You're trading one benevolant toll keeper for another... except those two give you no recourse should you end up on a sh*tlist or don't meet their unspecified and forever changing criteria for being a recognised mail provider.
>transactional emails from various services that you’ve signed up for
These are one of the main culprits of unwanted emails... and a toll system would make them all the more valuable for the even worse actors to take advantage of.
>At least yet, no one can stop their top scientist to move to another country with the knowledge and just pick up their work in the new conutry.
They can and do do this routinely. Many individuals get marked and regularly go through additional screening if their travel plans raise flags. This isn't even unique to the US... most Western nations do the same. If there is a serious brain drain risk, the US government can easily go all out and have the whole company put on the no-fly list.
Good luck finding a modern car that doesn't have a stereo. And continuing the analogy, good luck finding jeans without a zipper. When the only affordable and available options spy on you, it's simple enough to keep them air gapped from the internet... Electing not to own these devices at all is a much tougher sell.
But thats what this law does not allow according to the head of this chain, specifically government ids are not allowed to prove age, even if you delete them unless I read it wrong
Just telling you the options I was presented with, having to go through the process. I'm not sure what the alternative is for false positive identifaction as a minor.
While you're taking your break, exploits gain traction in the wild and one of the value propositions for using a service provider like CloudFlare is catching and mitigating theses exploits as fast as possible. From the OP, this outage was in relation to handling a nasty RCE.
Depending on the host, you may get charged a big bill for traffic. If you're hosting at home, your ISP may blackhole all traffic to your residence (affecting your day job and being a nightmare). When it comes to DDoS, most providers are quick to blackhole, and slow to unfreeze, without getting the run around.
This is misleading, yet everyone seems to repeat it. Discord's implementation of ID verification did not retain IDs. Reporting on this was so poor, but what appears to have happened was that people that failed age estimation / ID checks had to raise a support ticket and get manually reviewed. That support platform was pwned and the active support tickets were leaked. Who knows how long these support tickets were set to live for, but up to 70,000 active tickets getting leaked feels like a drop in the bucket. It's also not immediately clear to me what the alternative is (other than not getting hacked), when you require human intervention to review problematic IDs. Even if the ID only lived on their server for 24 hours during manual review, across a userbase of >200 million users, that's a lot of IDs at risk at any given moment, especially during these initial roll outs of age verification.
reply