I've been telling people for years now not to engage with systems such as these. Some say I'm just being paranoid. But a growing number concerningly reply with either "So? What are they gonna do with it?" or "They already have it, it doesn't matter." Normal people either don't know the dangers present or they don't understand that stopping the flow hurts the machine. And they want neither to know or understand. Apathy or the desire for convenience cannot adequately explain why.
What can people do? Systems like these are mandated by companies that provide services that people need, and they are hard to avoid. In-person verification is sometimes an option but not always.
All this biometric data is setting people up for identity theft attacks. These types of attacks are going to grow enormously over the coming years as biometric data is gathered and leaked on a massive scale. Anything put on the internet has been leaked already, almost every company with a web presence has lost data. Biometrics unlike passwords, phone numbers and credit cards can not be changed.
And that assumes a relatively stable environment; but politics can change drastically for the worse. We have examples from relatively recent history of governments turning evil, rounding up unfavored groups, and shipping them off in rail cars to an early demise. God forbid it happens again with all the information available to sort, categorize, and identify people.
I've been telling people for years now not to engage with systems such as these. Some say I'm just being paranoid. But a growing number concerningly reply with either "So? What are they gonna do with it?" or "They already have it, it doesn't matter." Normal people either don't know the dangers present or they don't understand that stopping the flow hurts the machine. And they want neither to know or understand. Apathy or the desire for convenience cannot adequately explain why.
Since those people don't care about privacy and anonymity, perhaps they are also willing to trade by verifying for someone who does care?
What can people do? Systems like these are mandated by companies that provide services that people need, and they are hard to avoid. In-person verification is sometimes an option but not always.
All this biometric data is setting people up for identity theft attacks. These types of attacks are going to grow enormously over the coming years as biometric data is gathered and leaked on a massive scale. Anything put on the internet has been leaked already, almost every company with a web presence has lost data. Biometrics unlike passwords, phone numbers and credit cards can not be changed.
And that assumes a relatively stable environment; but politics can change drastically for the worse. We have examples from relatively recent history of governments turning evil, rounding up unfavored groups, and shipping them off in rail cars to an early demise. God forbid it happens again with all the information available to sort, categorize, and identify people.
What I'm afraid of is that this is all a ticking bomb that is going to explode VERY hard on the most technologically vulnerable.
There isn't enough noise about this kinda news.
People need to learn to distrust such systems and exposing failings such as this one is a good way to do it.
We aren't going to be free of this stuff until the average Joe's mom hear of "forced age verification" and associate it to "unsafe".
>TABLE 2. USER AGENT METADATA FIELDS (“CLIENT HINTS”) SENT AS PART OF YOTI’S AGE ESTIMATION METHOD
As far as device fingerprinting goes, this is pretty tame, compared to what something like chatgpt does: https://www.buchodi.com/chatgpt-wont-let-you-type-until-clou...
The far more concerning part are your pictures/document scans getting sent to them.
The paper is https://mikespecter.com/assets/pdf/AgeVerification.pdf (good on them for linking it)
The rest of the IEEE Symposium on Security and Privacy papers are listed at https://sp2026.ieee-security.org/accepted-papers.html
Yeah, well, I mean, ahah, you don't say :)
Every app shares all data with third parties. The concept of privacy labeling has completely failed and it's time to try a new approach.