Mastodawn

Eric deRuiter Feb 27

So Duo (the multifactor authentication service that #infosec loves) has integrated with Persona (the privacy destroying, Peter Thiel backed, AI-linked, facial scanning and mapping "identity verification" software)

You know the recent Discord snafu that received such massive pushback and caused so many people to leave Discord that they've dropped their identity verification?

Yeah, that Persona.

Duo integrates it into Duo Premier, Duo Advantage, and even Duo Essentials...

...which means many working class folks will have no option but to be enrolled into and use Persona...

...or be fired.

https://duo.com/docs/identity-verification

#Duo #Persona #Privacy #Discord #AI

Tinker ☀️Feb 27

Inb4 Duo responds and makes the statement:

"These Persona services are opt-in by the client as additional features. We do not integrate them into our core product."

to which the answer to that response is:

"Yeah, the CLIENT opts in, meaning the COMPANY opts in... the employees have no say. The *employees*, all of us, can only opt out by being fired."

(Edit to revert to original post)

#Duo #Persona #Privacy #AI #infosec #Discord

@tinker i run a DUO MSSP. I can confirm it is disabled by default per instance and is not integrated into the core auth elements. I have just spent valuable time verifying this. why do they do mind numbing things like this - oh, some people have asked for this..

Tinker ☀️Feb 27

@alien8 - Yeah, I figure any statement by Duo will absolutely push the whole "its not enabled by default" and its the client's decision to use it.

Which ignores the core point - the employees (once a client enables it) have no say. By even offering this, they put so many people in the position of "accept this or quit" which is not consent.

Especially in the US where one's job is tied to access to healthcare and where many live paycheck to paycheck and if they quit or get fired, they run the real risk of going hungry or losing their house.

#Duo #Persona #AI #infosec #privacy #discord

@tinker yes, for US i suspect configuration/setup of this will be done by certain orgs.. I don't see anyone in Europe/UK turning this one...

Tinker ☀️Feb 27

@alien8 - Yeah, indeed. And even if they did, I figure (hope? feel?) that they have more protections to push back on an employer doing this. Not sure, but that's my understanding.

@tinker depending on the State.. maybe... but considering the 'ask' from the customers to commit to this engineering work (it's a bunch of UI changes plus of course all the API hookup work) it must have been a significant revenue requirement and very sizeable accounts.

@tinker @alien8 Are there places in the EU with privacy laws such that employees can override the employer on this?

@tinker @alien8
Hi,
Speaking for France.
Administrations have already started using AI products.Yes, we did have strong conter-powers, but since a previous "socialist" minister passed new regulations in this field, elected workers representatives have only the power to acknowledge employer's moves. Unions are still the right legal form organizations able to block things, but 1) they don't and 2) their representativity have vanished in many fields.
This minister was going by the name Macron 1/2

@tinker @alien8 2/2
I am wprking in a US mainframe software editor, and a few months ago we started a project at a UK customer.
To be let in, we had to choose btw registering and giving some data and doing it online with phitos and all.
The EU part of the team did the inscription, but since it didn't move fast enough, they said taking pictures was needed.
So we all went through this.
It's like in a chain : the weakest link first, and the rest will follow gracefully.

Jim Zhou Feb 27

@tinker This sounds A LOT like the justification DHS put out to approve their own (totally illegally in like, multiple ways) not-a-rule-but-absolutely-a-rule to collect social media handles to.. root out... terrorists attempting to enter the country... when the whole system only affects those legally in the country. "Immigration benefits are optional."

Except the biggest chunk of people affected are literally not applying for an immigration benefit. Naturalization is explicitly carved out in the Constitution. All the other stuff is pulled out of someone's ass to keep out first the Chinese and then all non-northern-Europeans 100 years later.

And sure, if you have already finished the I-485 process it's entirely optional to apply for the non-benefit in question, but the other applicants are applying because DHS have insisted on illegally detaining them if they fail to do so with a huge lead time. It would be optional if their liberty interest is optional. Enforcing illegal EOs is also optional. Working for DHS is optional. Except agents had an actual choice that they made to be fascist thugs who repeat the utter nonsense coming out of the White House which accidentally defined foreign terrorist in a way that only Donald Trump seems to fit the entire set of definitions to a tee (thanks to the UK's nationality laws technically making him not someone who can move there but via his mother, the equivalent of what we call being a national). Can't make this stuff up.

@tinker why do they have to ruin everything ughhh

Christoff, the human Feb 27

@de3ev @tinker it is beyond exhausting, what's a word for being ground down with anxiety and "are you f*cking serious?! really?!" every day?

@christoff @tinker society will collapse because of these idi*ts

Christoff, the human Feb 27

@de3ev @tinker I mean post-apocalyptic stories and novels are one of my favorite genres, but didn't think I'd be getting a front row seat.

But hey, I got a unique seat! Got to see the rise of the Internet and commodity technology to AI to corporations owning everything, including people's lives via their livelihoods and medical care, with no hope of things changing on the horizon. If anything, prepare for it to be much worse :(

It's a lot. I don't get how people are making it cause I'm barely

Tinker ☀️Feb 27

@christoff @de3ev - I loved loved loved cyberpunk.... but yeah, living in a more mundane boring version took its appeal away from me.

Big way I am making it is through solarpunk (for this VERY reason). I need something to hope for and something to build towards. So it's solarpunk literature, art, and in my actual life - building solarpunk apparatus and community.

@tinker @christoff I need to follow all your steps y'all.

Tinker ☀️Feb 27

@de3ev @christoff - I've been building Free Fridges and Food Rescue in town. Lots of folks are building out solar panel microgrids for them and their neighbors. We're doing a lot more community third spaces (community theaters, beefed up libraries). We have repair cafes and monthly meetups where we bring in something to be repaired for free and then help others repair their stuff for free.

We're building a better world and living in it now.

@tinker @christoff Thank you for what you do and for making a difference in this world we live in, Tinker.

Tinker ☀️Feb 27

@de3ev @christoff - We're all just trying to live and doing the best we can. I'm not the only one in my town doing this and many are doing more - but what I'm doing is what I can and that has to be enough.

Christoff, the human Feb 27

@tinker @de3ev amen, i like you're walking and creating a world you want to live in with others... guess that's the point :)

I need to *get involved*

@christoff @tinker Tinker is one of the people who have helped me voice out stuff in Infosec and whenever I need help! especially back on Twitter (RIP Bird app)

Christoff, the human Feb 27

@de3ev @tinker tinker also helped me with my career with a brief intro to social engineering, I took it and ran with it and accidentally became a better person. forever grateful :)

Christoff, the human Feb 27

@tinker @de3ev I should do more. I don't even have a library card here and been in IL for over a year now.

Tinker ☀️Feb 27

@christoff @de3ev - Oooh! That's a fun thing to do!

I get FREE WITH NO ADS movies, series, ebooks, audiobooks, and music through my library's Hoopla and Libby apps.

The Library also has a lot of weekly events that I can go to and participate with for free.

DM me your current town (I remember where you used to be, but not sure where you're at now) and I'll take a look at what you're library offers and send it back.

@tinker I wonder, do those who attend pretend COVID isn't a thing or have you managed to be better?

I'm quite disappointed with what little local community there is here.

Tinker ☀️Mar 1

@lispi314 - Yeah, that parts hard. There are plenty of people that still mask up, but plenty that dont.

If you started (or took charge) of a group, you could require masking at meetings, but when you work with the greater community, you won't have that control.

Rachel Rawlings Mar 2

@tinker @lispi314 I'm the only person who masks at my bimonthly in-person LUG meeting (12-15 people). The other meetings we have are over jitsi.

@tinker @christoff

If we think about it, we are just living in borrowed time. Not to be negative and all that. But, if you stop and realize it, its just a very short time. If these billionaires only realize how short this life is, they'd make this world a better place.

I am not sure if they have moral compass to realize that kind of stuff. But anyway, it sucks

Christoff, the human Feb 27

@de3ev @tinker indeed, folks giving me part of their life time to share in it with me, that's the greatest gift.

of course, the opposite is what fascists love.

still... wtf am I doing in my community? am I even *in* my community, uncomfortable self-confrontation. words and ideals need to match actions, even if I'm beat down hard. it's a way to get back up.

Even if it all goes to crap, at least I tried, eh? I can live with that.

@christoff @tinker Go get out there, it's not too late. You can still make a lot of diff ! :)

Tinker ☀️Feb 27

@de3ev @christoff - "The best time to do it was yesterday. The second best time to do it is today."

You're at a point in life where you not only have recognized the need but you can start meeting that need.

Don't beat yourself up.

Be happy that you've arrived at this conclusion and desire and start doing it, easily, and with relaxation, comfort, and celebrating your victory.

Christoff, the human Feb 27

@tinker @de3ev appreciate you man

clonedhuman Feb 27

@de3ev @tinker @christoff I can think of a few productive ways to help them realize how short this life is.

@de3ev @tinker @christoff > If these billionaires only realize how short this life is, they'd make this world a better place.

It actually makes even less sense to make things worse if one assumes they'll live forever, because then one actually has to deal with the consequences of it.

Christoff, the human Feb 27

@tinker @de3ev that's true brosif, remember you introducing it to me and it was a spark of hope. I need that again. I introduced it to my girlfriend anyway, mainly when bitching about cement jungles they drape plants down, like they're making a difference in a real way :(

Had to explain the culture and overall mindset of it all.

Tinker ☀️Feb 27

@christoff @de3ev - Yeah absolutely. But. Focus on the positive things as much as you can. Having hope and surviving is a form of rebellion.

Cliff'sEsportCorner Feb 28

@christoff @de3ev @tinker "existential dread" is one phrase I use :/

Christoff, the human Feb 28

@CliffsEsport @de3ev @tinker oh I just get that with self awareness, which seems to amplify as I am aging, but also at peace with it all :) the rest is extra! But eventually a profile pic will be my last and obituary image.

I just hope I can melt into some overall energy of the universe again after being its sensory organs for a bit, eh?

Until then, stoked I got the full neck chord permutations down on my guitar now :)

@de3ev @tinker @christoff this keeps repeating 🤦‍♂️

Christoff, the human Mar 4

@obrientg @de3ev @tinker yuuuuup

@tinker Oh for fuck's sake. Who do I recommend now? I have to change my remediation template language for 'lacking MFA'. Shit. Why does everything have to suck?

RootWyrm 🇺🇦

@tinker and it is a statement of fact that Persona is deeply integrated with Palantir, and both are very actively using the data to assemble lists of "politically exposed" and "undesirables" which are being actively provided to the Nazi regime.

jaKa Močnik Feb 27

@tinker iirc, discord dropped persona a while ago. they use k-id in this round of age-gating.

Tinker ☀️Feb 27

@jkmcnk - The recent backlash was tied to their use of Persona as well:

https://arstechnica.com/tech-policy/2026/02/discord-and-persona-end-partnership-after-shady-uk-age-test-sparks-outcry/

Fury over Discord’s age checks explodes after shady Persona test in UK

Persona confirmed all age-check data from Discord's UK test was deleted.

Ars Technica

Victoria Walberg Feb 27

@tinker Ohhhh. Thank you for the explainer on Persona - I saw a job ad from them earlier today, and it read like it would not be a culture fit, but this helps clarify why it read the way it did.

@tinker wow... I have some folks to yell at.

Rob Vincent 🎙️Feb 27

@tinker Discord delayed their age verification in the face of user outcry, they didn't drop it. They'll sneak it back in once the heat dies down.

https://discuss.online/post/36057750

Discord delays global age verification rollout after backlash - Dexerto - Discuss Online

Lemmy

Tinker ☀️Feb 27

@Rob_T_Firefly - Yeah that's trash. They did drop Persona though because of backlash specific to it:

https://arstechnica.com/tech-policy/2026/02/discord-and-persona-end-partnership-after-shady-uk-age-test-sparks-outcry/

Fury over Discord’s age checks explodes after shady Persona test in UK

Persona confirmed all age-check data from Discord's UK test was deleted.

Ars Technica

@tinker
And in my case, students. My university depends on this.

Tinker ☀️Feb 27

@Vrimj - Very good point and I hadn't considered that. The knock-on effects are widespread.

@tinker Fuck. Right. Off.
(@ Duo and Persona and Thiel and... the whole fascist posse)

ietiesAai Feb 27

@tinker this kind of “high assurance of user identity” 🤔? https://youtu.be/2Dh4SfT5wSc?si=HhjBBGIebAJVp0XO

Roblox Age Verification Be Like 💀 I did this for fun #roblox #ageverification #funny

YouTube

Till Kleisli Feb 27

@tinker I just left a one-star-review on google play. Just because we can't do much abut it, that doesn't mean we can't do nothing.

@tinker I'm guessing bitching to my Cisco rep won't get me far either...