In the United Kingdom yes because of our authoritarian Online Safety Act that came into power earlier this year. If I join a discord channel marked as nsfw I get a prompt for id which I bypass with a VPN in another country.
Normally, no.
And this data breach wasn’t technically to Discord either, it was to a third party company that does some part of customer support for them and the data and IDs leaked were from people who had contacted support because they were flagged underaged, and sent their ID to verify they weren’t.
Which also kinda explains why they weren’t deleted as they should be, they were just attatchements to
support tickets, and not a “proper” verification system.
No. According to an article the IDs were from people who were challenging an age determination. Still bullshit, but you don’t need ID to use Discord as a general rule.
The unauthorized party also accessed a “small number” of images of government IDs from “users who had appealed an age determination.”
Small is, of course, a relative term. I would consider a small number to be 2 or 3. They may feel that 10,000 users is a small number. Who can say?
as a very minimum, it would make sense to demand safe-deleting the photo immediately after the verification process, with fucking prison time to someone if it is found they did not comply with that.
but that is clearly not the direction the society is going 🤷♂️
You are absolutely right. This is a huge violation of user privacy on Discord‘s side which of course is as outrageous as it was to be expected from Discord. Like, Discord is the first company I would suspect to not care about any of this. They probably think lower of consumers than video game companies do.
It’s used by some Discord communities to prevent spam/bots. This would be inconjunction with other measures like how some communities require a verified email or to have a phone number associated with your account.
While those exist, those wouldn’t have been affected by this breach (or if they were it was only incidentally) - those communities are not using Discord’s age verification but are doing it through DMs (or a 3rd party service). Discord communities do not have access to age or ID verification tools, nor do they have the ability to impose restrictions based off age or ID verification (yet, there is rumored to be an age-verification access restriction beta going out, but it apparently doesnt use ID)
Do people really have to scan an ID to us Discord?
In the United Kingdom yes because of our authoritarian Online Safety Act that came into power earlier this year. If I join a discord channel marked as nsfw I get a prompt for id which I bypass with a VPN in another country.
Normally, no.
And this data breach wasn’t technically to Discord either, it was to a third party company that does some part of customer support for them and the data and IDs leaked were from people who had contacted support because they were flagged underaged, and sent their ID to verify they weren’t.
Which also kinda explains why they weren’t deleted as they should be, they were just attatchements to support tickets, and not a “proper” verification system.
When I use the linux or web client it asks for a selfie with my ID card when I try to enter a server.
Works fine on Android.
Contacted support, they say my account is not flagged as underage but I have to submit the photo anyway. I told them i won’t.
No. According to an article the IDs were from people who were challenging an age determination. Still bullshit, but you don’t need ID to use Discord as a general rule.
Small is, of course, a relative term. I would consider a small number to be 2 or 3. They may feel that 10,000 users is a small number. Who can say?
as a very minimum, it would make sense to demand safe-deleting the photo immediately after the verification process, with fucking prison time to someone if it is found they did not comply with that.
but that is clearly not the direction the society is going 🤷♂️
You are absolutely right. This is a huge violation of user privacy on Discord‘s side which of course is as outrageous as it was to be expected from Discord. Like, Discord is the first company I would suspect to not care about any of this. They probably think lower of consumers than video game companies do.
Apparently if they get flagged as underage when they aren’t.
Yet another example of how requiring ID is a shit idea.
It’s used by some Discord communities to prevent spam/bots. This would be inconjunction with other measures like how some communities require a verified email or to have a phone number associated with your account.
While those exist, those wouldn’t have been affected by this breach (or if they were it was only incidentally) - those communities are not using Discord’s age verification but are doing it through DMs (or a 3rd party service). Discord communities do not have access to age or ID verification tools, nor do they have the ability to impose restrictions based off age or ID verification (yet, there is rumored to be an age-verification access restriction beta going out, but it apparently doesnt use ID)