Tinker ☀️Feb 27

So Duo (the multifactor authentication service that #infosec loves) has integrated with Persona (the privacy destroying, Peter Thiel backed, AI-linked, facial scanning and mapping "identity verification" software)

You know the recent Discord snafu that received such massive pushback and caused so many people to leave Discord that they've dropped their identity verification?

Yeah, that Persona.

Duo integrates it into Duo Premier, Duo Advantage, and even Duo Essentials...

...which means many working class folks will have no option but to be enrolled into and use Persona...

...or be fired.

https://duo.com/docs/identity-verification

#Duo #Persona #Privacy #Discord #AI

Show threadTinker ☀️Feb 27

Inb4 Duo responds and makes the statement:

"These Persona services are opt-in by the client as additional features. We do not integrate them into our core product."

to which the answer to that response is:

"Yeah, the CLIENT opts in, meaning the COMPANY opts in... the employees have no say. The *employees*, all of us, can only opt out by being fired."

(Edit to revert to original post)

#Duo #Persona #Privacy #AI #infosec #Discord

Show threadalien8Feb 27
@tinker i run a DUO MSSP. I can confirm it is disabled by default per instance and is not integrated into the core auth elements. I have just spent valuable time verifying this. why do they do mind numbing things like this - oh, some people have asked for this..
Show threadTinker ☀️Feb 27

@alien8 - Yeah, I figure any statement by Duo will absolutely push the whole "its not enabled by default" and its the client's decision to use it.

Which ignores the core point - the employees (once a client enables it) have no say. By even offering this, they put so many people in the position of "accept this or quit" which is not consent.

Especially in the US where one's job is tied to access to healthcare and where many live paycheck to paycheck and if they quit or get fired, they run the real risk of going hungry or losing their house.

#Duo #Persona #AI #infosec #privacy #discord

Show threadalien8Feb 27
@tinker yes, for US i suspect configuration/setup of this will be done by certain orgs.. I don't see anyone in Europe/UK turning this one...
Show threadTinker ☀️Feb 27
@alien8 - Yeah, indeed. And even if they did, I figure (hope? feel?) that they have more protections to push back on an employer doing this. Not sure, but that's my understanding.
Show threadLisPi
@tinker @alien8 Are there places in the EU with privacy laws such that employees can override the employer on this?
Mar 1 at 4:15amWeb