> the thought of requiring others to show their faces never occurred to me at all

I know you meant as a service provider, but as a avid IRC (and an online game that conventionally alt-tabbed into a irc-like chat window) chatter as a young preteen in the 90s and 00s, I made a lot of online friends that I would not discover what they looked like IRL for decades, some never. People I was gaming with in the 90s, for the first time, I would see what they looked like over FB in a group made for the now-almost-dead game in the 10s. It was like "swordfish - man, where are you now? I don't even know your real name to find ya. shardz - you look exactly like I would picture ya!."

Just some musings.

Speaks to the network effect I guess. People did not decide inorganically to make Discord big, and simillarly, its pretty hard to convince people to make an inorganic decision to make it small. Overtime it might happen if there is a valid alternative but expecting people to leave discord because of this thing is naive.

> I really don’t think any platform will be able to counter this.

Do platforms want to counter it?

Seems to me with an unreliable video selfie age verification:

* Reasonable people with common sense don't need to upload scans of their driving licenses and passports

* The platform gets to retain users without too much hassle

* Porn site users are forced to create accounts; this enables tracking, boosting ad revenue and growth numbers.

* Politicians get to announce that they have introduced age controls.

* People who claimed age checks wouldn't invade people's privacy don't get proven wrong

* Teens can sidestep the age checks and retain their access; teens trying to hide their porn from their parents is an age-old tradition.

* Parents don't see their teens accessing porn. They feel reassured without having to have any awkward conversations or figure out any baffling smartphone parental controls.

Everyone wins.

Don't Windows Hello camera devices have some kind of hardware attestation? I'm sure verification schemes like this will eventually go down that path soon.

My guess is that's probably one of the reasons Google tried to push for Play Store only apps, provide a measurable/verifiable software chain for stuff like this.

They already support ID checks as an alternative to face scanning, if the latter proves to be untenable then it's literally a case of flipping a switch to mandate ID instead.

> The cat and mouse game will not last long.

Yes but for completely different reasons: I will not bother to play the game and stop using the platform.

But how many users will do so? 1%? 5%?

Also, they will probably find that out, and the moment people do so, they become suspicious to state actors. I understand the rationale behind the work around you described; I just don't think it will be a huge factor. I see this elsewhere too - for instance, I use ublock origin a lot. But how many people world wide use it? I think never above 30%, most likely significantly fewer (or perhaps all anti-advertisement extensions, I think it most definitely is below 50% and probably below 30% too).

you counter this by using an id verified service like login.gov or okta verify.

That's the endgame and what the EU really wants. No poasting unless they can arrest you for inconvenient memes.

They could do what a bank does and run everyone's ID through chexsystems. It's really hard to defeat this. Fake identities don't exist in the system and stolen ones would get flagged by geographic, time of use and velocity rules.

Alternatively, hand someone $20 and your phone and have them do the verification for you.

There is an easy solution to this - require a government ID, and only permit government IDs that can be verified with the state's government.

There are a lot of countries and US states where such validation is possible.

Given the state is mandating these checks, it only makes sense that the state should be responsible for making it possible to perform these checks.

This is the right question. Who will benefits from blocking young people? Probably not the platform.

you put a flickering light, pwm creating artifacts in the video and have it apologize for it, to hopefully break some watermarks. my led light started acting up since yesterday, i have no other bulb.

I did this with OBS Virtual Camera for a thing in Oregon and it worked.

Death Stranding 2 photo-mode works well for this.

Apple is believed to be adding multispectral imaging to future generations of the iPhone. This and 3d mapping are more than enough to defeat the "point the camera at a high res screen" trick.

The issue is that age verifiers (like Discord) are not really trying.

Actually, there are many ways. For example they change colors on your screen and check in real time how it reflects on your face, eyes, etc. Very hard for a model to be trained to respond this quickly to what's on the screen.

They also have you move your head in multiple directions.

You require a human to identity proof in real life and bind that to a digital identity with a strong authenticator. Anti fraud detection systems can suspend or ban if evasion attempts are detected. Perfect is not the target, it doesn’t have to be.

See: Login.gov (USPS offline proofing) and other national identity systems.

(digital identity is a component of my work)

Proving that something is possible doesn't mean encouraging it. This was a beautiful work of reverse engineering, that shows how hard it can be to verify personal data without invading privacy. I prefer this awareness to blind trust.

The code was released, therefore it is not arbitrary (problem #3). Should companies react with more invasive techniques (problem #2), users can always move to other platforms (problem #1).

Persona is the same company oftentimes used for the "show your ID to get in the bar and also we'll data harvest you... and share your data with various people if asked". Go ahead and google search on them for more insight.

https://x.com/xyz3va/status/2021734252505604108

Hopefully your comment gets pushed to the top. Would like the security guys from the blog to see it.

> Discord seems to have intentionally softened its age-verification steps so it can tell regulators, “we’re doing something to protect children,” while still leaving enough wiggle room that technically savvy users can work around it.

...source?

I sincerely doubt that Discord's lawyers advocated for age verification that was hackable by tech savvy users.

It seems more likely that they are trying to balance two things:

1. Age verification requirements

2. Not storing or sending photos of people's (children's) faces

Both of these are very important, legally, to protect the company. It is highly unlikely that anyone in Discord's leadership, let alone compliance, is advocating for backdoors (at least for us.)

Why bother supporting Safari when they aren't interested in supporting the modern web? They're five years behind.

Worked for me as well. Hopefully my account of 11+ years isn't penalized because of this. Not like it matters because I'll quit anyways if forced to send my face or ID.

This isn't as fun as using the g-man from half life to verify

i changed the password later just to be sure.

> the mild effort to find an alternative solution?

Calling it a "mild effort" assumes skills that older generations took for granted but many young people seem to have been actively trained out of. We're past the era where I take for granted that aspiring programmers need to have the basics of a terminal or shell explained to them, into one where they might need an explanation for the basics of a file system and paths. I wouldn't be surprised to hear that hardly any of them could touch-type, either. (I wonder what the speed record is for cell phone text input...)

Yes, they can query a search engine (kind of) or, I guess nowadays, ask ChatGPT. But there's going to be more to setting up an alternative than that. And they need to have the idea that an alternative might exist. (After all, they're asking ChatGPT, not some alternative offering from a company that provides alternatives to Google services....)

> I don't understand why (mostly) young people put so much effort into remaining customers of a service that is actively hostile against them

The Network Effect.

That's it. Their friends are there so they're there.

You’re ignoring the obvious reason, aside from the network effect: there are no alternative solutions. Some people are building Discord alternatives but they are far from production-ready, often lacking critical features (e.g. Matrix not being able to delete rooms, or still having trouble with decrypting messages). It is simply the case at this point in time that Discord is factually the least bad option for many many use cases.

I don't control most of the discord communities I'm in. Some have been going a long time, and every platform migration sheds and shreds members. The 'mild effort' to move an old community to a new platform more often than not killed the community

Why do middle aged people still use Facebook marketplace rather than another platform? Because even if you put in the effort to use something different, you’ll be the only one there.

The effort to coordinate everyone to move at the same time is bordering on impossible.

Most people don’t really care that their privacy is violated, at least not any more than a superficial “oh well it’s obvious they’re doing that, but what can you do about it!”, no point switching platform if there’s no one there to talk to.

The network effect as seen in the other comments plays a big part, but also discord offers a useful service that really nobody else does well. there's a lot wrong with it but you can still create a community in a few clicks and you have text messages, photos, videos, gifs, voice chats, screenshare, a comprehensive permission/role system, tons of bots.. all for free and without needing to be too tech savvy, that's pretty damn cool.

No other chat platform has as many seamless features and such a big userbase. The friction of verifying the identity for a random person that doesn't care about privacy is not really a big deal compared to the downgrade that migrating to another platform would be.

When I was a kid, we'd host the pics we want to post on forums on geocities and rename the file extensions to .txt to get past its "no hotlinking images" policy. So it's not like much has changed.

There are a lot of barriers between kids and better solutions, one of which is that anything needs a domain and a server, and that means a credit card.

I think for a lot of people (me included) Discord isn't just a chat service like WhatsApp but more of a "home base" where you can hang out with all your friends, make new friends, share media, chat, play games together, stream games to each other, etc.

In the gaming sphere it's so universally used that all the friends you've ever made while gaming are on it, as well as all your chat history, and the entire history of whatever server you met them on. And if you want to make new friends, say to play a particular game, it's incredibly easy to find the official game server and start talking to people and forming lobbies with them.

My main friend group in particular has a server that we've had running since we were teenagers (all in our mid-20s now) which is a central place for all of the conversations we've ever had, all of the pictures we've ever sent each other, all the videos we've ever shared, and so on. That's something I search back through frequently looking for stuff we talked about years ago.

So I'm not saying it's impossible to move, but understand that it would require:

- Intentionally separating from the entire gaming sphere, making it so, so much harder to make new friends or talk to people. - Getting every single one of your friends that you play games with to agree to downloading and signing up for this new service (in my case that would be approx. a dozen people) - Accepting that this huge repository of history will be wiped out when moving to the new service (I suppose you could always log back in and scroll through it, but it's at least _harder_ to access, and is separated from all your new history)

On top of this, every time I've looked for capable alternatives to Discord I've come up empty-handed. Nothing else, as far as I can tell supports free servers, the ability to be in multiple servers, text chat divided into separate channels, optional threaded communication, voice chat joinable at any time with customizable audio setup (voice gate, push-to-talk, etc), game streaming from the voice chat at any time, and some "friend" system so that DMs and private calls can be made with each other. And even if I found one, then again I can't express enough that in the gaming sphere effectively _zero_ people use it or even know what it is.

Anyways, I'm not saying that nothing could make me abandon Discord, I'm just saying that doing so is a tremendous effort, and the result at the end will be a significantly worse online social life. So not a mild inconvienence.

Because they are used to follow limitations since the day they were born, and have all the time in the world

> remaining customers of a service that is actively hostile against them and that they do not like

And yet here we all are, still in an uproar every time GitHub goes down. Change is slow, we can't all leave GitHub in a day. Same with Discord users.

>remaining customers of a service that is actively hostile against them

because that's not how they view it. For most Gen Z users and younger their digital identity already is their identity and they have no problem verifying it because the idea of being anonymous on a social network defeats the purpose of being there in the first place.

I'm more than ready to leave if push really comes to shove. Wouldn't be the first time.

From experience, I know if I leave that few of my friends will follow. So I understand the resistance.

I mean, it's called a social network

I am sure that is part of the appeal to the developing mind, the adversarial nature.

I got this, but then refreshing that page made it work for me

The text with the code shows another step.

There is a way to do this, where nearly everyone is fine.[0]

However, the orgs don’t get to capture verified adult user identity to pad the value of their user data profiles…

[0] https://blog.google/company-news/inside-google/around-the-gl...

It was never going to be perfect. I suspect the goal with things like these is to add additional friction to the process, to make it much harder for the general population to bypass them.

It's slightly different to access your bank account vs chatting with your friends.

The governments making laws which mandate it feel otherwise.

It's still pretty common in the demoscene.

What's less common, but still seen occasionally, is their opposite: "fuckings".

Came here to say the same, has been a long time since I've seen one of those in the wild!

You're assuming discord or twitch actually care. I doubt they actually do. It's there to preempt the regulatory hammer, and the presence of clunky workarounds like this doesn't affect it if it doesn't reach the mainstream. If it does, they can just patch it.

If only most people leave them and it affects their bottom line.

Except you don't get to choose where other people host their communities.

Sounds like it may already have been[1].

Edit: might only be a minor API call issue[2]

[1] https://github.com/xyzeva/k-id-age-verifier/issues/7

[2] https://github.com/xyzeva/k-id-age-verifier/pull/6

It looks like only k-id's session token is transmitted back to the site, which can't be used to authenticate to Discord.

You can also self-host the backend from https://github.com/xyzeva/k-id-age-verifier.

if you don't actively use discord, then this is probably the best solution, I agree

The identity provider is on-device and has to run on phones which don't do hardware attestation.

worked here - as soon as i did it i heard a dm ping from the 'official' discord account...

"We determined you're in the adult age group."

Age verification is an excuse for identity checking.

I’ll comply with a police officer because of their threat of violence. I will not comply with online bullshit, because Discord can’t shoot me.