No, that can't be right. Forced use of photo ID for age verification couldn't possibly lead to leakage of said IDs. The purity police assured us!
this post was submitted on 04 Oct 2025
624 points (99.4% liked)
Technology
75967 readers
3626 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
think of the children!!!!!! :< :< :< :< :<
Coincidentally an alarming lot of people that impose pure bullshit on us seems to think of the children a tad too much.
I know right! Now we got their IDs too! :D
/s
load more comments
(3 replies)
Lol I thought they were supposed to delete the ID images once confirmed
"Haha, and you believed us" -Discord
But the ai training lol
FTA: The IDs leaked were from people appealing age verification.
That's different from the age verification process, which goes through a third party provider.
In short, the leaked IDs were from a standard shitty support platform (Zendesk, Salesforce, etc), not the much-advertised "safe and private" age verification system.
Very first question in FAQ:
Q: Does Discord or k-ID keep my selfie data?
A: Discord only logs the k-ID age verification results used to unlock your account—it doesn’t save your selfie image. For questions about k-ID’s processes, please contact k-ID.
So they are going to blame someone else.
I knew this was gonna happen
Candidly, I did not expect it so soon.
I am honestly surprised it took this long for a company to get hacked(surprised it was discord though).
They're not the first. The first one happened in the same week the digital safety act was put in place
load more comments
(2 replies)
load more comments
(2 replies)
load more comments
(1 replies)
And you didn't tell Discord??
load more comments
(2 replies)
Official statement from Discord: "Oopse woopse we did a fucky wucky. Sue us hahaha you won't"
Do people really have to scan an ID to us Discord?
No. According to an article the IDs were from people who were challenging an age determination. Still bullshit, but you don't need ID to use Discord as a general rule.
The unauthorized party also accessed a “small number” of images of government IDs from “users who had appealed an age determination.”
Small is, of course, a relative term. I would consider a small number to be 2 or 3. They may feel that 10,000 users is a small number. Who can say?
as a very minimum, it would make sense to demand safe-deleting the photo immediately after the verification process, with fucking prison time to someone if it is found they did not comply with that.
but that is clearly not the direction the society is going 🤷♂️
load more comments
(1 replies)
Apparently if they get flagged as underage when they aren't.
Yet another example of how requiring ID is a shit idea.
When I use the linux or web client it asks for a selfie with my ID card when I try to enter a server.
Works fine on Android.
Contacted support, they say my account is not flagged as underage but I have to submit the photo anyway. I told them i won't.
In the United Kingdom yes because of our authoritarian Online Safety Act that came into power earlier this year. If I join a discord channel marked as nsfw I get a prompt for id which I bypass with a VPN in another country.
load more comments
(3 replies)
I wish I could convince my giant discord community to go anywhere else. It's so fucking hard. I've built IRC networks and a matrix server. I host every fediverse app imaginable. I hate being attached to this company and my income being reliant on it.
Back in the day when our community was switching from xmpp to discord, our solution was to write a bot on either end that relayed messages from one to the other. The xmpp bot got more and more naggy over time until eventually we put the xmpp side in read-only for everyone except the relay bot. It did a good enough job at building momentum to switch that the final holdouts came over when we went r/o.
You might consider building something similar if you want to make a genuine effort to switch to matrix or IRC. A relay bot solves the problem of the first people being punished by virtue of being first.
load more comments
(1 replies)
load more comments
(2 replies)
Called it.
And the "Tea" app leak happened right before these age-verification rules started popping up everywhere. It's obvious cause and effect, but it was also demonstrated RIGHT before.
Don't put your hand on a hot stove, especially after watching someone burn their hand on that hot stove.
load more comments
(1 replies)
Ah yes, another reason not to give me ID to these tech companies. Anyone that demands my ID online can go fuck themselves while I find a replacement service.
I really wish there was a good competitor to Discord. I have not found one that has the same screen sharing feature. Revolt (now Stoat) gets close but lacks the screen sharing - something me and my friends use a lot. They are adding this soon so hopefully it is good
Now more than ever people will have to choose between privacy and comfort. And not to be a dick, but now more than ever, people choosing comfort are fucking over people who choose privacy.
load more comments
(1 replies)
Matrix or Jitsi with Lemmy or any popular forum software would be my suggestion. More secure and private but require some technical knowledge.
Matrix is an absolutely pale imitation of Discord.
Yes it is very upsetting that the most popular chat platform in the Western world is in league with Sauron, but Matrix as a replacement is a glorified ICQ client that regularly yells at you that your device is untrusted now and there's no hope of fixing it, you loser.
load more comments
(3 replies)
load more comments
(12 replies)
Best part:
The unauthorized party gained access to “information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams”
I am jack's complete lack of surprise
That fast, huh?
So they kept the images illegally, hm?
One of Discord’s third-party customer service providers was compromised by an “unauthorized party,” the company says.
So, not Discord but a 3rd party company that handle Discord's customer service, and if you didn't use their customer service then you're not affected.
So, Discord - by forcing your acceptance of their tos which renders them immune from damages done by "third parties*
By offloading a term of service that Discord requires you to provide.
If they force you to give the info, they are responsible for handling and storing it properly, no matter what some evil lawyer or exec says.
If laws make bad things legal because rich people can use words, then there needs to be some form of redress to return the spirit of the laws to the people.
Maybe we all make usernames with a legally binding personal ToS that is deemed agreed upon by the corporation accepting the username.
This is just a shell game and they are conmen.
load more comments
(3 replies)
Update photos set deleted=1 where id=553468863
Can someone please send this to Keir Starmer with the subject like "Look what you did".
*gasp*
surprisedpikachu.jpeg
This was kind of breach so predictable even surprisedpikachu.txt isn't enough, but it must be done.
⢀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⠀⣠⣤⣶⣶ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⢰⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⣀⣀⣾⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⡏⠉⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿ ⣿⣿⣿⣿⣿⣿⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠛⠉⠁⠀⣿ ⣿⣿⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠙⠿⠿⠿⠻⠿⠿⠟⠿⠛⠉⠀⠀⠀⠀⠀⣸⣿ ⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣴⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⠀⢰⣹⡆⠀⠀⠀⠀⠀⠀⣭⣷⠀⠀⠀⠸⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠈⠉⠀⠀⠤⠄⠀⠀⠀⠉⠁⠀⠀⠀⠀⢿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⢾⣿⣷⠀⠀⠀⠀⡠⠤⢄⠀⠀⠀⠠⣿⣿⣷⠀⢸⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡀⠉⠀⠀⠀⠀⠀⢄⠀⢀⠀⠀⠀⠀⠉⠉⠁⠀⠀⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿
load more comments
(2 replies)
My take on this is a little more fundamental than the whole ID/age thing. We all knew this would happen, and why? Because nobody has addressed the first problem. Security is only as strong as the weakest link, and companies are not transparent with customers.
Companies spell out in their Terms and Privacy statements that they have Affiliates that data gets shared with. And they want you to accept them all blindly, without clarifying who they are and what they do.
Even here, with a reported breach, they are not naming them and just calling them "third party". So they screwed up and many people have their information and IDs out in the wild because if them, but we don't even get to know who they are?
His are we to trust a company of we don't know who they're in bed with? How are we to rate their security and assess our risk of using their service without all the information?
As far as I can tell Discord handled it pretty well as far as breaches go. But maybe if I know they are using a shit company as one of their vendors I might think twice about using them.
Its the same logic as the next article in my feed, where crunchyroll is getting pushback from the subtitle service they are using. And that's not even their own security in mind. People make choices based on what companies do, so be transparent with it all and we will have the warm fuzzies if things match up. If they don't then the company gets customer feedback so they can adjust.
Sigh
view more: next ›