Mastodawn

DNAvinci May 25

official_verified

First, they'll ask for your official IDs to confirm your age and identity.

This will create a large treasure trove
of sensitive data, which will attract criminals, and will inevitably leak from either negligence or malice, sooner than later.

Then, they'll claim your official ID is
unreliable, because it was stolen so many times, and demand you share your biometric data.

They will collect your face scan,
your palm scan, and even your iris scan (no exaggeration, these are all already being collected by some companies for identification). They will claim it's super safe.

This will create a large treasure trove
of sensitive biometric data, which will attract criminals, and will inevitably leak from either negligence or malice, sooner than later.

Then what? Rinse and escalate.

You will have lost control of not just your corporate social media accounts by participating to this, but to any data capable of validating your identity, to your privacy rights, to the protections you could use online to stay safe.

We don't have to wait that it escalates.

We can, and must, push back and say No now. Start to say No now.

#Privacy #Biometrics #DataMinimization #AgeVerification

Mx Verda May 25

@Em0nM4stodon Oh hey! That's what the UK has been doing my whole miserable immigrant adulthood!

official_verified

@MxVerda Indeed, and I'm very sorry 😔 This isn't okay at all.

CatSalad🐈🥗 (D.Burch)

@Em0nM4stodon Agree to use DNA sequence for "security" purposes?

Yes

1.3%

Ask me later

98.7%

Poll ended at May 28 at 1:14am.

official_verified

@catsalad Exactly

CatSalad🐈🥗 (D.Burch)

@Em0nM4stodon Big Tech has a serious consent problem, and I do not consent.

official_verified

@catsalad Me neither! Nope nope nope! 🙅‍♀️

Their friend, Svavar May 25

An industry led by those who think people should just do what they're told was always going to have a consent problem.

@catsalad @Em0nM4stodon

That first spark 🏳️‍⚧️🥷🏴🔥May 25

@catsalad @Em0nM4stodon yes, but only if you promise to keep it safe, and really really mean it.

NathanALV May 26

@catsalad *deletes account and deletes alias email*

Sérgio Machado 6d ago

@catsalad @Em0nM4stodon the poll is exploding my iOS mastodon app :( 4.4.1 bug?

vandorb12 May 25

@Em0nM4stodon I'm pissed that I had to do a palm scan to get my ISC2 cert. I trawled through thier legaleze to see if I could weasle my way out of it, but couldn't find anything except having a major physical disability of having no hands.
Pearson now has a part of my biometric data, and I have some nasty beef with Pearson.

official_verified

@vandorb12 It is appalling that testing centers have started to required palm scans.

I'm glad you did, and very sorry it didn't help for you 😔, but everyone should look at their local legislation for this because it is illegal indeed some jurisdictions.

I myself encountered this situation for a certification, and finally, after investigation, the testing authorities did told me this was *not* mandatory, and I could ask to skip it.

But how many people will ask first? People caught off guard all stressed out on their testing day will likely just do it. Even if it's illegal.

Our governments should be protecting us against these predatory practices.

@vandorb12 @Em0nM4stodon I needed to do a palm scan on a service run by Amazon to get a medical test

I should be clear that ... I wasn't offered any opt out options ... and also I didn't ask about it ... because I needed a medical test

@Em0nM4stodon they were collecting iris scans at a walk-in off the street in SF when we visited the other week.

official_verified

@abetterjulie Indeed. And that is horrifying. And I wrote about it here: https://infosec.exchange/@Em0nM4stodon/114484154495209772

Em :official_verified: (@Em0nM4stodon@infosec.exchange)

Attached: 1 image New Privacy Guides article 👁️⛔️ by me: Last week, OpenAI's CEO Sam Altman announced his ambitious plan for the World project, formerly known as Worldcoin. The company opened 6 stores where people can go to get their biometric data collected from a creepy iris scanner called The Orb. But this isn't just a cryptocurrency grift anymore, this is much more dystopian. In this article, I describe the risk of using such service, the unethical practices the World project has been employing to gather numbers, and how this is a slippery slope towards the normalization of mass surveillance we should all worry about. Say NO to the Orb! Don't scan your eyeballs! 👁️🙅‍♀️ https://www.privacyguides.org/articles/2025/05/10/sam-altman-wants-your-eyeball/ #PrivacyGuides #Privacy #NoAI #AI #Worldcoin #BiometricData #GDPR

Infosec Exchange

aardvark May 25

@abetterjulie @Em0nM4stodon fascist invites you to give up yourself for his enrichment

@abetterjulie @Em0nM4stodon they will bifurcate the internet and require this level of verification to participate in the next one..

It’s no coincidence the generative AI purveyors are allowing the abject destruction of the current web, they want it to be wrecked to force us all into the next one where real identity is required to participate.

We have to refuse, now, strongly and in great numbers. It goes beyond politics in one country and will impact the entire world from banking to health

official_verified

@abetterjulie @dotsie

Dormouse May 25

@dotsie @abetterjulie @Em0nM4stodon there is no "current web" and "the next one", there is only " the internet" and services running on it.

If new services become malicious, just boycott them.

Oh wait, it has already happened. I no longer use the malicious services 99 % of the internet uses because I refuse to be data cattle.

I guess you're late?

@dormouse759 I used the term web for a reason, the viability of it is being diminished every day with media becoming increasingly unreliable due to GenAI, and it will drive people away.

They will offer an alternative, and society will sleepwalk into something that goes far beyond the simple surveillance capitalism you’re referring to.

I’m not talking about transport layers, I’m talking about a seismic shift in how we use all services, both in the real world and online. What’s coming is dark.

Dormouse May 25

@dotsie and I responded exactly to your point as meant.

This wall of text proved ineffective, human.

Epic Null May 25

@Em0nM4stodon if they REALLY wanted secure ID, they would put an asymetric key in it.

Simple technology, appropriate for the digital age, and hell, we already have standards written out for it.

Pretty much anything else is the wrong way to go.

Cassandrich May 25

@Epic_Null @Em0nM4stodon That does not achieve what they want from ID. At all.

Epic Null May 25

@dalias @Em0nM4stodon Well yeah. Because what they want isn't the stated goal of identity verification.

Dormouse May 25

@Em0nM4stodon for validation purposes, I can provide you with my public PGP key.

If you need anything else, kindly FUCK OFF.

official_verified

@dormouse759 Exactly 👍

@Em0nM4stodon it's a brave new world

Space Catitude 🚀May 25

Thing is, I can change a password if it gets compromised.

I can't change my biometrics or DNA.

Dormouse May 25

@TerryHancock @Em0nM4stodon with security± subscription, we will help you reshuffle your genetic code whenever you are afraid it got leaked.

BoloMKXXVIII 6d ago

@dormouse759 @TerryHancock @Em0nM4stodon My genetic code gets leaked every time I take one.

WhoDisturbsMySlumber May 25

@TerryHancock @Em0nM4stodon I'll never get orbed hell no

pawkypaul May 25

@Em0nM4stodon
PayPal is on this route and it has really pissed me off. Opened an account which was immediately locked until I upload my passport + photo of me with my passport.

I explained due to illness I can't comply (no passport for years), so please delete the account. They refuse point blank. I have to upload the i.d. even to close the account: "It's secure and no-one else has access to it". Instead of engaging any further they mark my request as closed.

How is this legal?!

@paulb3017 @Em0nM4stodon holy shit! Are older paypal accounts that were granted without those snooping requirements forever exempt or will they just send out a couple of megabytes of "we are changing our terms of service" which will be ignored but turn out to explain why you will eventually find your account locked?

pawkypaul May 25

@ottomate @Em0nM4stodon
I think it's restricted to newer accounts (for now at least)

Casse bonbon, le tonton relou May 25

Nothing will change without a strong incentive.

Corporations, States, We ( because we are all responsible ) do collect data not because we need it, but because we can.

When I was young, train ticket was sold as a one time token. Now, the train company wants to know my name, birth-date and gender. It is not doing it because it needs it, but because it is not horribly expensive, not prohibited by law and technically possible.

This is the true meaning of law and regulation : to set a limit on what decency is.

We can put a fine on company that leak data ( I'm not in favor : it would be too late and be an incentive to hide data leaks ).
We can put a tax on personal data : each database should pay a fee for each personal data stored ( name, address, IP, ... ). Small fee. ( this has another advantage : it will give a legal base to prosecute spammers, hacker ... )

Any other idea is welcome !

official_verified

@cassebonbon I absolutely love this idea. Taxing data collection. Make it cheaper not to collect anything.

Jose J. Fernández May 25

@cassebonbon @Em0nM4stodon I love this idea. Some bits are easy to know that are being collected, such as the name or the email, so lack of compliance is easy to detect.

There are many other things that are going to be difficult to track without the collector reporting it - imagine "social login buttons", "share buttons", or the like, that are displayed in many sited and loaded directly from the Big Social Site. They are tracking your browsing history, which in my view would be hell expensive if taxed, but why report it when it is impossible to determine they are doing it?

Anyway let's not allow that to diminish the potential of what's a great idea 🙂

@josejfernandez @cassebonbon @Em0nM4stodon
And this has been the problem with internet tech since day 1. The morons in IT are so enamored with their creations that they lie about how safe they are so they can see them in practice. There has NEVER been anything safe about storing sensitive data on systems accessible by the internet. Never.

Casse bonbon, le tonton relou May 25

@josejfernandez @Em0nM4stodon

thank you, very good feed-back. I need time to think on it.

Hard to say if "like" button is a personal data subject to collection fee or if it's something volunteer specific to the social media service. ( I immediately think of a company scanning mastodon posts to identify people with specific political opinion )

verified_blobcat

@cassebonbon @Em0nM4stodon What if they had to carry breach insurance for their data-- with a serious payout attached?

The carriers would say "you want to store 40 petabytes of data not strictly necessary for your business, fine, but it's gonna cost you several tens of millions of dollar-euros per year to cover it for when you inevitably post live API keys to Github"

Casse bonbon, le tonton relou May 25

@hakfoo @Em0nM4stodon

I'm European with roman law mindset.

I would object that when a company leaks my personal data, it is almost impossible to demonstrate an actual prejudice.

Thus company don't pay anything when data leaks.

So insurance fee is almost null....

cuan_knaggs May 25

@cassebonbon @Em0nM4stodon and a needing strict and explicit consent for each bit of data shared with another party

cuan_knaggs May 25

@cassebonbon @Em0nM4stodon i do worry about the tax/fee to collect, that means that small or non-profit orgs are going to have a very had time

Casse bonbon, le tonton relou May 25

@mensrea @Em0nM4stodon

The fee should be small and free bellow some threshold.

Typically if Amazon pay millions, it will not significantly impact its benefit. but limiting data may improve their profit.

Thinking of Amazon use case :

* store most data in browser local storage ( credit card, address, name,.... ), if user ask for it.
* transmit delivery address directly to the delivery company ( browser to shipping company ). if shipping company want to store data, it's at their own expanse.
* amazon may archive invoice data in an offline system that has a manual access with "read access" fee.
* if amazon want to do data mining on customer habits, then it should pay for collecting data

cuan_knaggs May 25

@cassebonbon @Em0nM4stodon the details will be tricky. like here financial legislation has data storage requirements for all transactions. but yes, financial penalties for keeping data without direct cause, and restrictions and barriers for any sharing

@cassebonbon @Em0nM4stodon Re the info extracted upon purchase: it makes things much smoother. Now instead of an officer moving among the cars saying "your papers please" they damn well know who is in the train and have already transmitted it to the interested authorities.

Casse bonbon, le tonton relou May 25

@ottomate @Em0nM4stodon

If you mean collecting personnel id for legal reason, then in most cases, the transportation company should never be aware of data.

There is : customer , company & authorities.

company ask customer to register to authorities with a token.

authorities register customer and gives a token validating the registration token.

customer transmit the validating token to company.

Company never knows the name of consumer and legal obligation is fulfilled.

Philosia May 25

@Em0nM4stodon @shambhux looks like the way upper caste Hindu Indians are destroying digital identity ADHAAR of lower caste Hindu people, Muslims and Christians by getting them procure various Unique ID’s.

Corpomancer May 25

@Em0nM4stodon Oh no, our old memo looks to have leaked online. Anyways, can we interest you in quantum brain identification perhaps?

@Em0nM4stodon people are using their faces to unlock their fucking phone and most don't seem to understand the problem with that. It will get worse because of mostly laziness and stupidity.

@Em0nM4stodon just waiting on the Ident-I-Eeze cards coming out.

[Context](https://www.goodreads.com/quotes/11342510-there-were-so-many-different-ways-in-which-you-were)

Ambulocetus May 25

@Em0nM4stodon I was reading an old novel by Phillip K Dick set in a dystopian future, and frankly that future sounds better than the one that actually happened

Matthew Hall May 25

@Em0nM4stodon does TSA reallllllly immediately delete your picture? 🤔

@Em0nM4stodon but is there any personal info that has not already leaked? There are twice as many pwned email accounts as there are living humans.

LukefromDC May 26

@Em0nM4stodon Which is why I refuse to have an account with ANY complying server.
I do not even release my legal name much less an ID online, and without exception I treat any site demanding them as down.

I am pre-emptively not on FB, not on Google, not on Insta, not on Twitter not on any server complying or likely to comply with this shit.

For instance, ironsnowflake.noblogs.org is hosted outside the US and does not answer to any US laws as it is outside the jurisdiction of US courts especially with so many countries now hostile to Trump. If multiuser Mastodon instances get targetted, the Mastodon protocol supports single-user instances that could be hosted anywhere including outside the U$.

I would sooner move all my online activity to darknet sites only if this goes global. So will millions of others.

Learn to use Tor, you need it today for porn anyway in half the US as porn sites block the ID-required states en masse.

LinkedIn are also doing this, and it seems Square Space are also.
Although the latter outsource their customer support off shore and the level of understanding it very poor so it may well be just poor or no training at the other end

llanciawn May 29

@Em0nM4stodon Follow the money

@Em0nM4stodon This move puts a big giant target on bluesky's back...