Tinker ☀️Feb 27

So Duo (the multifactor authentication service that #infosec loves) has integrated with Persona (the privacy destroying, Peter Thiel backed, AI-linked, facial scanning and mapping "identity verification" software)

You know the recent Discord snafu that received such massive pushback and caused so many people to leave Discord that they've dropped their identity verification?

Yeah, that Persona.

Duo integrates it into Duo Premier, Duo Advantage, and even Duo Essentials...

...which means many working class folks will have no option but to be enrolled into and use Persona...

...or be fired.

https://duo.com/docs/identity-verification

#Duo #Persona #Privacy #Discord #AI

Show threadTinker ☀️Feb 27

Inb4 Duo responds and makes the statement:

"These Persona services are opt-in by the client as additional features. We do not integrate them into our core product."

to which the answer to that response is:

"Yeah, the CLIENT opts in, meaning the COMPANY opts in... the employees have no say. The *employees*, all of us, can only opt out by being fired."

(Edit to revert to original post)

#Duo #Persona #Privacy #AI #infosec #Discord

Show threadalien8
@tinker i run a DUO MSSP. I can confirm it is disabled by default per instance and is not integrated into the core auth elements. I have just spent valuable time verifying this. why do they do mind numbing things like this - oh, some people have asked for this..
Feb 27 at 3:37pmWeb
Show threadTinker ☀️Feb 27

@alien8 - Yeah, I figure any statement by Duo will absolutely push the whole "its not enabled by default" and its the client's decision to use it.

Which ignores the core point - the employees (once a client enables it) have no say. By even offering this, they put so many people in the position of "accept this or quit" which is not consent.

Especially in the US where one's job is tied to access to healthcare and where many live paycheck to paycheck and if they quit or get fired, they run the real risk of going hungry or losing their house.

#Duo #Persona #AI #infosec #privacy #discord

Show threadalien8Feb 27
@tinker yes, for US i suspect configuration/setup of this will be done by certain orgs.. I don't see anyone in Europe/UK turning this one...
Show threadTinker ☀️Feb 27
@alien8 - Yeah, indeed. And even if they did, I figure (hope? feel?) that they have more protections to push back on an employer doing this. Not sure, but that's my understanding.
Show threadalien8Feb 27
@tinker depending on the State.. maybe... but considering the 'ask' from the customers to commit to this engineering work (it's a bunch of UI changes plus of course all the API hookup work) it must have been a significant revenue requirement and very sizeable accounts.
Show threadLisPiMar 1
@tinker @alien8 Are there places in the EU with privacy laws such that employees can override the employer on this?
Show threadJdb_envMar 1
@tinker @alien8
Hi,
Speaking for France.
Administrations have already started using AI products.Yes, we did have strong conter-powers, but since a previous "socialist" minister passed new regulations in this field, elected workers representatives have only the power to acknowledge employer's moves. Unions are still the right legal form organizations able to block things, but 1) they don't and 2) their representativity have vanished in many fields.
This minister was going by the name Macron 1/2
Show threadJdb_envMar 1
@tinker @alien8 2/2
I am wprking in a US mainframe software editor, and a few months ago we started a project at a UK customer.
To be let in, we had to choose btw registering and giving some data and doing it online with phitos and all.
The EU part of the team did the inscription, but since it didn't move fast enough, they said taking pictures was needed.
So we all went through this.
It's like in a chain : the weakest link first, and the rest will follow gracefully.